A penetration tester faces a number of hardships with each project. Beyond the technical challenges of the evolving-by-the-minute threat landscape and the growing complexity of both offensive and defensive tools, to time constraints and tight deadlines. With that being said, no one can deny how stressful being a penetration tester can be sometimes. It is a job for a special type of cybersecurity professional and requires some nerves to tread lightly through vulnerabilities, data sources and servers.
On the other hand, artificial intelligence has been gaining a lot of traction with cybersecurity professionals recently. We’ve seen a team using ChatGPT to generate a malware, and MHE offers a range of AI-driven products like SonicWall’s SentinelOne-driven Capture Client that correlates vast amounts of inputs and triggers to analyze user behavior and protect your system accordingly. It is, just like a lot of other things, a dance between good and evil. Same technology utilized both offensively and defensively. One side attacks, while the other defends, and it is hence the dance that yields the finest technologies and practices for the use of all mankind sooner or later, directly or indirectly.
PentestGPT is free on GitHub:
You can find the free release of PentestGPT on GitHub, however, you will need a ChatGPT Plus account to be able to use the AI-driven pentesting tool. The reason for that is mainly quality control (ChatGPT Plus operates with newer datasets after 2021, availing more recent information) along with GPT4-API that is only available with a Plus membership until now. GreyDGL, the GitHub operator who published PentestGPT said “It is designed to automate the penetration testing process. It is built on top of ChatGPT and operate in an interactive mode to guide penetration testers in both overall progress and specific operations”.
PentestGPT is capable of solving simple puzzles:
PentestGPT, the brainchild of GreyDGL -a PhD. student from Nanyang Technological University, Singapore- was tested against simple pentesting puzzles like HackTheBox and other Capture-The-Flag puzzles and was able to beat straight-forward, templated challenges. You can see a sample testing process here, targeting a VulnHub machine (Hackable II)
You can also find the Installation guide in Gelei Deng’s YouTube Video
PentestGPT Function:
The handler is the main entry point of the penetration testing tool. It allows pentesters to perform the following operations:
- Initialize itself with some pre-designed prompts.
- Start a new penetration testing session by providing the target information.
- Ask for todo-list, and acquire the next step to perform.
- After completing the operation, pass the information to PentestGPT.
- Pass a tool output.
- Pass a webpage content.
- Pass a human description.
There are 3 modules added with PentestGPT.
- Test generation module – generates the exact penetration testing commands or operations for the users to execute.
- Test reasoning module – conducts the reasoning of the test, guiding the penetration testers on what to do next.
- Parsing module – parses the output of the penetration tools and the contents on the webUI.
Sources:
PentestGPT – ChatGPT Powered Automated Pentesting Tool (gbhackers.com)