From c8d9be29b6c62e15fbfffcbbcd5777f98a01e83a Mon Sep 17 00:00:00 2001 From: Grey_D Date: Sat, 22 Apr 2023 17:07:50 +0800 Subject: [PATCH 1/2] fix login --- utils/chatgpt.py | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/chatgpt.py b/utils/chatgpt.py index 4472390..8c8e44a 100644 --- a/utils/chatgpt.py +++ b/utils/chatgpt.py @@ -132,6 +132,7 @@ def send_new_message(self, message, model=None): r = requests.post( url, headers=self.headers, json=data, proxies=self.proxies, stream=True ) + if r.status_code != 200: # wait for 20s logger.error(r.text) From 7ee005c73977aa528bdbc80d7e9045e4e405b295 Mon Sep 17 00:00:00 2001 From: Grey_D Date: Sat, 22 Apr 2023 17:43:14 +0800 Subject: [PATCH 2/2] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20add=20logging=20feat?= =?UTF-8?q?ure=20for=20report=20generation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 3 ++- README.md | 6 ++++- logs/sample_pentestGPT_log.txt | 1 + utils/pentest_gpt.py | 8 +++++-- utils/report_generator.py | 42 ++++++++++++++++++++++++++++++++++ 5 files changed, 56 insertions(+), 4 deletions(-) create mode 100644 logs/sample_pentestGPT_log.txt create mode 100644 utils/report_generator.py diff --git a/.gitignore b/.gitignore index a6e30b3..02c8d63 100644 --- a/.gitignore +++ b/.gitignore @@ -6,7 +6,8 @@ __pycache__/ config/chatgpt_config.py outputs/ .idea -log/ +logs/ +utils/logs/ archive/ # C extensions diff --git a/README.md b/README.md index ec54e31..9176fde 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # PentestGPT -**We're testing PentestGPT on HackTheBox**. Follow +**We're testing PentestGPT on HackTheBox**. More details will be released soon. ## Introduction **PentestGPT** is a penetration testing tool empowered by **ChatGPT**. It is designed to automate the penetration testing process. It is built on top of ChatGPT and operate in an interactive mode to guide penetration testers in both overall progress and specific operations. @@ -43,6 +43,10 @@ https://user-images.githubusercontent.com/78410652/232327920-7318a0c4-bee0-4cb4- 3. You may always use `TAB` to autocomplete the commands. 4. When you're given a drop-down selection list, you can use cursor or arrow key to navigate the list. Press `ENTER` to select the item. Similarly, use to confirm selection. +## Report +1. After finishing the penetration testing, a report will be automatically generated in `logs` folder (if you quit with `quit` command). +2. The report can be printed in a human-readable format by running `python3 utils/report_generator.py `. A sample report `sample_pentestGPT_log.txt` is also uploaded. + ## Design Documentation The current design is mainly for web penetration testing diff --git a/logs/sample_pentestGPT_log.txt b/logs/sample_pentestGPT_log.txt new file mode 100644 index 0000000..0c01b5f --- /dev/null +++ b/logs/sample_pentestGPT_log.txt @@ -0,0 +1 @@ +{"user": [[1682155121.2103748, "I want to pentest 10.0.2.5, which is a machine from VulnHub"], [1682155158.6501088, "next"], [1682155218.291348, "quit"]], "pentestGPT": [[1682155206.655137, "Based on the analysis, the following tasks are recommended:Based on the provided Nmap scan results, I will update the task tree and remove the completed tasks. The updated task tree now looks like this:\n\n1. Reconnaissance\n 1.1. Passive Recon\n 1.1.1. OSINT\n 1.2. Active Recon\n 1.2.2. Service Enumeration\n 1.2.2.1. FTP Enumeration (Score: 3)\n 1.2.2.2. SSH Enumeration (Score: 2)\n 1.2.2.3. HTTP Enumeration (Score: 3)\n 1.2.3. Vulnerability Scanning (Score: 2)\n\n2. Exploitation\n 2.1. Web Exploitation (Score: 3)\n 2.2. Exploiting Services (Score: 2)\n 2.3. Privilege Escalation (Score: 3)\n\n3. Reporting\n 3.1. Document Vulnerabilities\n 3.2. Recommend Fixes\n\nBased on the updated task tree, I recommend the junior penetration tester to perform the following task:\n\n1.2.2.3. Enumerate the HTTP service on port 80 using tools like `nikto` and `gobuster` to identify potential vulnerabilities and gather information about the web application."], [1682155218.2919838, "Thank you for using PentestGPT!"]], "reasoning": [[1682155141.855479, "Based on the provided information, I have created an initial task tree. Here is the task tree:\n\n1. Reconnaissance\n 1.1. Passive Recon\n 1.1.1. OSINT\n 1.2. Active Recon\n 1.2.1. Network Scanning\n 1.2.1.1. Nmap Scan\n 1.2.2. Service Enumeration\n 1.2.3. Vulnerability Scanning\n\n2. Exploitation\n 2.1. Web Exploitation\n 2.2. Exploiting Services\n 2.3. Privilege Escalation\n\n3. Reporting\n 3.1. Document Vulnerabilities\n 3.2. Recommend Fixes\n\nNow, I'll suggest the next task for the junior penetration tester based on the task tree:\n\n1.2.1.1. Perform an Nmap scan on the target IP address (10.0.2.5) to identify open ports and running services."], [1682155206.651016, "Based on the provided Nmap scan results, I will update the task tree and remove the completed tasks. The updated task tree now looks like this:\n\n1. Reconnaissance\n 1.1. Passive Recon\n 1.1.1. OSINT\n 1.2. Active Recon\n 1.2.2. Service Enumeration\n 1.2.2.1. FTP Enumeration (Score: 3)\n 1.2.2.2. SSH Enumeration (Score: 2)\n 1.2.2.3. HTTP Enumeration (Score: 3)\n 1.2.3. Vulnerability Scanning (Score: 2)\n\n2. Exploitation\n 2.1. Web Exploitation (Score: 3)\n 2.2. Exploiting Services (Score: 2)\n 2.3. Privilege Escalation (Score: 3)\n\n3. Reporting\n 3.1. Document Vulnerabilities\n 3.2. Recommend Fixes\n\nBased on the updated task tree, I recommend the junior penetration tester to perform the following task:\n\n1.2.2.3. Enumerate the HTTP service on port 80 using tools like `nikto` and `gobuster` to identify potential vulnerabilities and gather information about the web application."]], "input_parsing": [[1682155179.923199, "I ran an Nmap scan on IP address 10.0.2.5 and found that it is up with a latency of 0.00043 seconds. Out of the 1000 scanned TCP ports, 997 were closed and reset. The following three ports are open: \n\n- Port 21: FTP\n- Port 22: SSH\n- Port 80: HTTP\n\nThe MAC address of the device is 08:00:27:3D:32:45, and the device type is a general-purpose computer running Linux 3.X or 4.X. The OS details indicate that it is running Linux 3.2 - 4.9. The network distance is one hop. \n\nOS detection was performed, and any incorrect results can be reported at https://nmap.org/submit/."]], "generation": [[1682155143.736203, "Sure, I can provide a first step for a penetration tester to take. \n\nThe first thing to do would be to perform a port scan on the target IP address to identify any open ports and services running on the target system. This can be done using the nmap tool with the following command:\n\n`nmap `\n\nFor example, if the target IP address is 192.168.1.10, the command would be:\n\n`nmap 192.168.1.10`\n\nThis will provide information about which ports are open, which can be used to identify potential vulnerabilities or attack vectors."]], "exception": [[1682155143.741246, "PentestGPT suggests you to do the following: \nBased on the provided information, I have created an initial task tree. Here is the task tree:\n\n1. Reconnaissance\n 1.1. Passive Recon\n 1.1.1. OSINT\n 1.2. Active Recon\n 1.2.1. Network Scanning\n 1.2.1.1. Nmap Scan\n 1.2.2. Service Enumeration\n 1.2.3. Vulnerability Scanning\n\n2. Exploitation\n 2.1. Web Exploitation\n 2.2. Exploiting Services\n 2.3. Privilege Escalation\n\n3. Reporting\n 3.1. Document Vulnerabilities\n 3.2. Recommend Fixes\n\nNow, I'll suggest the next task for the junior penetration tester based on the task tree:\n\n1.2.1.1. Perform an Nmap scan on the target IP address (10.0.2.5) to identify open ports and running services."], [1682155143.7431931, "You may start with: \nSure, I can provide a first step for a penetration tester to take. \n\nThe first thing to do would be to perform a port scan on the target IP address to identify any open ports and services running on the target system. This can be done using the nmap tool with the following command:\n\n`nmap `\n\nFor example, if the target IP address is 192.168.1.10, the command would be:\n\n`nmap 192.168.1.10`\n\nThis will provide information about which ports are open, which can be used to identify potential vulnerabilities or attack vectors."], [1682155177.259076, "Source: tool\nI performed nmap. Below is the result\nStarting Nmap 7.93 ( https://nmap.org ) at 2023-04-12 11:11 EDT\n- 3 - Nmap scan report for 10.0.2.5\n- 4 - Host is up (0.00043s latency).\n- 5 - Not shown: 997 closed tcp ports (reset)\n-6 - PORT STATE SERVICE\n- 7 - 21/tcp open ftp\n- 8 - 22/tcp open ssh\n- 9 - 80/tcp open http\n- 10 - MAC Address: 08:00:27:3D:32:45 (Oracle VirtualBox virtual NIC)\n- 11 - Device type: general purpose\n- 12 - Running: Linux 3.X|4.X\n- 13 - OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/ o:linux:linux_kernel:4\n- 14 - OS details: Linux 3.2 - 4.9\n- 15 - Network Distance: 1 hop\n- 16 -\n- 17 - OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n- 18 - Nmap done: 1 IP address (1 host up) scanned in 1.76 seconds"]]} \ No newline at end of file diff --git a/utils/pentest_gpt.py b/utils/pentest_gpt.py index 20b46f4..90b62ff 100644 --- a/utils/pentest_gpt.py +++ b/utils/pentest_gpt.py @@ -43,6 +43,7 @@ class pentestGPT: } def __init__(self): + self.log_dir = "logs" self.chatGPTAgent = ChatGPT(ChatGPTConfig()) self.chatGPT4Agent = ChatGPT(ChatGPTConfig(model="gpt-4")) self.prompts = PentestGPTPrompt @@ -379,8 +380,11 @@ def main(self): # TODO. # log the session. ## save self.history into a txt file based on timestamp - log_name = "pentestGPT_log_" + dt.now().strftime("%Y%m%d_%H%M%S") + ".json" - with open(log_name, "w") as f: + timestamp = time.time() + log_name = "pentestGPT_log_" + str(timestamp) + ".txt" + # save it in the logs folder + log_path = os.path.join(self.log_dir, log_name) + with open(log_path, "w") as f: json.dump(self.history, f) # clear the sessions diff --git a/utils/report_generator.py b/utils/report_generator.py new file mode 100644 index 0000000..42f30f2 --- /dev/null +++ b/utils/report_generator.py @@ -0,0 +1,42 @@ +# a quick report generation script that converts the saved logs file into a pdf. +import json, os, sys +import datetime, time + + +def main(file_name): + # load the file into json + with open(file_name, "r") as f: + logs = json.load(f) + user_inputs = logs["user"] + bot_responses = logs["pentestGPT"] + # merge the two list into one. Sort based on the first element (timestamp in str), and add a flag to show source + merged_list = [] + for user_input in user_inputs: + merged_list.append([user_input[0], user_input[1], "user"]) + for bot_response in bot_responses: + merged_list.append([bot_response[0], bot_response[1], "pentestGPT"]) + merged_list.sort(key=lambda x: x[0]) + + # now print the conversation + output = "" + for element in merged_list: + # convert the timestamp to a human readable format + timestamp = datetime.datetime.fromtimestamp(int(element[0])).strftime( + "%Y-%m-%d %H:%M:%S" + ) + output += f"{timestamp} [{element[2]}]: {element[1]}\n" + # add an additional line break if the element is from bot + if element[2] == "pentestGPT": + output += "----------------------------------------\n\n" + # print the output + print("Conversation log: ") + + print(output) + +if __name__ == "__main__": + # default filename = "../logs/sample_pentestGPT_log.txt" + if len(sys.argv) == 1: + file_name = "logs/sample_pentestGPT_log.txt" + else: + file_name = sys.argv[1] + main(file_name) \ No newline at end of file