Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
The new AI tool promises to be a smart assistant for the pentester.
A user named GreyDGL, a graduate student at Nanyang Technological University in Singapore, published on GitHub the PentestGPT tool for automating penetration tests based on ChatGPT.
PentestGPT is built on the basis of ChatGPT and works interactively, helping pentesters with general and specific tasks. To use PentestGPT, a ChatGPT Plus subscription is required, as the tool is based on the GPT-4 model. There is no public API for GPT-4 yet. A wrapper for ChatGPT sessions has been added to support PentestGPT.
Demonstration of PentestGPT using the HTB Jarvis machine as an example
PentestGPT is able to pass HackTheBox machines of light and medium difficulty, as well as other CTF puzzles. The PentestGPT functions include:
3 modules added to PentestGPT:
PentestGPT represents a significant breakthrough in the field of pentesting, combining the capabilities of artificial intelligence represented by the GPT-4 model with the practical needs of cybersecurity professionals. The tool not only simplifies and automates the penetration testing process, but also provides a more efficient and interactive way for pentesters to manage their operations, from the initial testing phase to detailed analysis of results.
A user named GreyDGL, a graduate student at Nanyang Technological University in Singapore, published on GitHub the PentestGPT tool for automating penetration tests based on ChatGPT.
PentestGPT is built on the basis of ChatGPT and works interactively, helping pentesters with general and specific tasks. To use PentestGPT, a ChatGPT Plus subscription is required, as the tool is based on the GPT-4 model. There is no public API for GPT-4 yet. A wrapper for ChatGPT sessions has been added to support PentestGPT.
PentestGPT is able to pass HackTheBox machines of light and medium difficulty, as well as other CTF puzzles. The PentestGPT functions include:
- Starting a new penetration testing session with providing information about the target;
- Creating a task list and getting the next step to complete;
- Transmitting information about the completed operation to PentestGPT (tool output, web page content, specialist description).
3 modules added to PentestGPT:
- Test Generation Module - Generates precise pentest commands or operations that users can perform;
- Test Justification Module - explains the penetration test process, telling the pentester what to do next;
- Parsing module - analyzes the output of penetration tools and the content of the web interface.
PentestGPT represents a significant breakthrough in the field of pentesting, combining the capabilities of artificial intelligence represented by the GPT-4 model with the practical needs of cybersecurity professionals. The tool not only simplifies and automates the penetration testing process, but also provides a more efficient and interactive way for pentesters to manage their operations, from the initial testing phase to detailed analysis of results.
