# 1337GPT - Yet another GPT agent for Penetration Testing

[**1337GPT**](https://github.com/AgeOfMarcus/1337GPT) is my attempt at designing a GPT agent for pentesting. I built it on top of my previous [AI Task Manager](https://blog.marcusj.tech/task-management-system-for-langchain) \- a layer designed to be above a [langchain](https://python.langchain.com/en/latest/) agent that can complete complex tasks.

## How does it work?

**1337GPT** starts off with a goal that the user sets. It will come up with a list of tasks that it thinks it will need to complete to achieve this goal. As it iterates through this list of tasks, it will give the task (along with some contextual information) to a langchain agent - equipped with tools. The result of this agent chain will be fed back into the task manager, where it will do a few things:

* Save information for later tasks
    
* Save information for the final result (when the goal is complete)
    
* Add any tasks (if it thinks necessary)
    

And this **refinement** step is what makes the process so effective. When given a chance to ponder the results of an action **1337GPT** has taken, it can better select it's next steps.

# Cool features

* Modify tasks before running, or skip them entirely
    
* Persistent sessions - if something goes wrong, you can pick up from where you left *(also means you can edit data, as it is stored in JSON format)*
    
* Some **custom tools** I wrote to help **1337GPT** pentest effectively, listed below
    

### Provided tools

These can be found in `tools/`, and are written using the [langchain](https://python.langchain.com/en/latest/modules/agents/tools/custom_tools.html) library. But you can also write your own custom tools for the job!

* Execute shell commands (**asks for user confirmation before executing for safety**)
    
* Search Google (uses `googlesearch.py` to avoid needing an API key)
    
* Scrape text from websites (**requires API key from** `extractor`)
    
* Search [Shodan.io](https://shodan.io) using their API (**requires API key)**
    
* Read/write local files
    
* Ask the user for input
    

# Usage

[See the Usage section in my `README.md`.](https://github.com/AgeOfMarcus/1337GPT#usage)
