1337GPT - Yet another GPT agent for Penetration Testing

1337GPT - Yet another GPT agent for Penetration Testing

1337GPT is my attempt at designing a GPT agent for pentesting. I built it on top of my previous AI Task Manager - a layer designed to be above a langchain agent that can complete complex tasks.

How does it work?

1337GPT starts off with a goal that the user sets. It will come up with a list of tasks that it thinks it will need to complete to achieve this goal. As it iterates through this list of tasks, it will give the task (along with some contextual information) to a langchain agent - equipped with tools. The result of this agent chain will be fed back into the task manager, where it will do a few things:

  • Save information for later tasks

  • Save information for the final result (when the goal is complete)

  • Add any tasks (if it thinks necessary)

And this refinement step is what makes the process so effective. When given a chance to ponder the results of an action 1337GPT has taken, it can better select it's next steps.

Cool features

  • Modify tasks before running, or skip them entirely

  • Persistent sessions - if something goes wrong, you can pick up from where you left (also means you can edit data, as it is stored in JSON format)

  • Some custom tools I wrote to help 1337GPT pentest effectively, listed below

Provided tools

These can be found in tools/, and are written using the langchain library. But you can also write your own custom tools for the job!

  • Execute shell commands (asks for user confirmation before executing for safety)

  • Search Google (uses googlesearch.py to avoid needing an API key)

  • Scrape text from websites (requires API key from extractor)

  • Search Shodan.io using their API (requires API key)

  • Read/write local files

  • Ask the user for input

Usage

See the Usage section in my README.md.

Did you find this article valuable?

Support Marcus Weinberger by becoming a sponsor. Any amount is appreciated!