1337GPT - Yet another GPT agent for Penetration Testing
How does it work?
1337GPT starts off with a goal that the user sets. It will come up with a list of tasks that it thinks it will need to complete to achieve this goal. As it iterates through this list of tasks, it will give the task (along with some contextual information) to a langchain agent - equipped with tools. The result of this agent chain will be fed back into the task manager, where it will do a few things:
Save information for later tasks
Save information for the final result (when the goal is complete)
Add any tasks (if it thinks necessary)
And this refinement step is what makes the process so effective. When given a chance to ponder the results of an action 1337GPT has taken, it can better select it's next steps.
Modify tasks before running, or skip them entirely
Persistent sessions - if something goes wrong, you can pick up from where you left (also means you can edit data, as it is stored in JSON format)
Some custom tools I wrote to help 1337GPT pentest effectively, listed below
These can be found in
tools/, and are written using the langchain library. But you can also write your own custom tools for the job!
Execute shell commands (asks for user confirmation before executing for safety)
Search Google (uses
googlesearch.pyto avoid needing an API key)
Scrape text from websites (requires API key from
Search Shodan.io using their API (requires API key)
Read/write local files
Ask the user for input