{"id":13644514,"url":"https://github.com/greydgl/pentestgpt","last_synced_at":"2025-05-11T03:51:14.752Z","repository":{"id":153807296,"uuid":"607013954","full_name":"GreyDGL/PentestGPT","owner":"GreyDGL","description":"A GPT-empowered penetration testing tool","archived":false,"fork":false,"pushed_at":"2025-05-01T10:02:42.000Z","size":18619,"stargazers_count":8233,"open_issues_count":37,"forks_count":1035,"subscribers_count":137,"default_branch":"main","last_synced_at":"2025-05-08T17:17:27.566Z","etag":null,"topics":["large-language-models","llm","penetration-testing","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GreyDGL.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-02-27T06:01:53.000Z","updated_at":"2025-05-08T17:00:38.000Z","dependencies_parsed_at":"2024-01-02T15:23:19.506Z","dependency_job_id":"3f0d2f84-4a8a-4997-9292-e21e3a961215","html_url":"https://github.com/GreyDGL/PentestGPT","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GreyDGL%2FPentestGPT","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GreyDGL%2FPentestGPT/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GreyDGL%2FPentestGPT/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GreyDGL%2FPentestGPT/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GreyDGL","download_url":"https://codeload.github.com/GreyDGL/PentestGPT/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253514567,"owners_count":21920334,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["large-language-models","llm","penetration-testing","python"],"created_at":"2024-08-02T01:02:06.384Z","updated_at":"2025-05-11T03:51:14.735Z","avatar_url":"https://github.com/GreyDGL.png","language":"Python","funding_links":[],"categories":["NLP"],"sub_categories":[],"readme":"\u003c!-- Improved compatibility of back to top link: See: https://github.com/othneildrew/Best-README-Template/pull/73 --\u003e\n\u003ca name=\"readme-top\"\u003e\u003c/a\u003e\n\n\u003c!-- PROJECT SHIELDS --\u003e\n\u003c!--\n*** I'm using markdown \"reference style\" links for readability.\n*** Reference links are enclosed in brackets [ ] instead of parentheses ( ).\n*** See the bottom of this document for the declaration of the reference variables\n*** for contributors-url, forks-url, etc. This is an optional, concise syntax you may use.\n*** https://www.markdownguide.org/basic-syntax/#reference-style-links\n--\u003e\n[![Contributors][contributors-shield]][contributors-url]\n[![Forks][forks-shield]][forks-url]\n[![Stargazers][stars-shield]][stars-url]\n[![Issues][issues-shield]][issues-url]\n[![MIT License][license-shield]][license-url]\n[![Discord][discord-shield]][discord-url]\n\n\n\n\u003c!-- PROJECT LOGO --\u003e\n\u003cbr /\u003e\n\u003cdiv align=\"center\"\u003e\n  \u003ca href=\"https://github.com/GreyDGL/PentestGPT\"\u003e\n  \u003c/a\u003e\n\n\u003ch3 align=\"center\"\u003ePentestGPT\u003c/h3\u003e\n\n  \u003cp align=\"center\"\u003e\n    A GPT-empowered penetration testing tool. \n    \u003cbr /\u003e\n    \u003ca href=\"https://github.com/GreyDGL/PentestGPT\"\u003e\u003cstrong\u003eExplore the docs »\u003c/strong\u003e\u003c/a\u003e\n    \u003cbr /\u003e\n    \u003cbr /\u003e\n    \u003ca href=\"https://github.com/GreyDGL/PentestGPT/blob/main/PentestGPT_design.md\"\u003eDesign Details\u003c/a\u003e\n    ·\n    \u003ca href=\"https://www.youtube.com/watch?v=lAjLIj1JT3c\"\u003eView Demo\u003c/a\u003e\n    ·\n    \u003ca href=\"https://github.com/GreyDGL/PentestGPT/issues\"\u003eReport Bug or Request Feature\u003c/a\u003e\n    \u003c/p\u003e\n\u003c/div\u003e\n\n\n\n\n\n\u003c!-- ABOUT THE PROJECT --\u003e\n\u003ca href=\"https://trendshift.io/repositories/3770\" target=\"_blank\"\u003e\u003cimg src=\"https://trendshift.io/api/badge/repositories/3770\" alt=\"GreyDGL%2FPentestGPT | Trendshift\" style=\"width: 250px; height: 55px;\" width=\"250\" height=\"55\"/\u003e\u003c/a\u003e\n## General Updates\n- [Update on 25/10/2024] We're completing the refactoring of PentestGPT and will release v1.0 soon!\n- [Update on 12/08/2024] The research paper on PentestGPT is published at [USENIX Security 2024](https://www.usenix.org/conference/usenixsecurity24/presentation/deng)\n- [Update on 25/03/2024] We're working on the next version of PentestGPT, with online searching, RAGs and more powerful prompting. Stay tuned!\n- [Update on 17/11/2023] GPTs for PentestGPT is out! Check this: https://chat.openai.com/g/g-4MHbTepWO-pentestgpt\n- [Update on 07/11/2023] GPT-4-turbo is out! Update the default API usage to GPT-4-turbo. \n- Available videos:\n  - The latest installation video is [here](https://youtu.be/tGC5z14dE24).\n  - **PentestGPT for OSCP-like machine: [HTB-Jarvis](https://youtu.be/lAjLIj1JT3c)**. This is the first part only, and I'll complete the rest when I have time.\n  - **PentestGPT on [HTB-Lame](https://youtu.be/Vs9DFtAkODM)**. This is an easy machine, but it shows you how PentestGPT skipped the rabbit hole and worked on other potential vulnerabilities.\n- **We're testing PentestGPT on HackTheBox**. You may follow [this link](https://www.hackthebox.com/home/users/profile/1489431). More details will be released soon.\n- Feel free to join the [Discord Channel](https://discord.gg/eC34CEfEkK) for more updates and share your ideas!\n\n\n\u003c!-- Quick Start --\u003e\n## Quick Install \u0026 Setup\n```\n# Install\npip3 install git+https://github.com/GreyDGL/PentestGPT\n\n# Configure API keys (choose your preferred provider)\nexport OPENAI_API_KEY='your_key_here'         # For OpenAI models\nexport GOOGLE_API_KEY='your_key_here'         # For Gemini models\nexport DEEPSEEK_API_KEY='your_key_here'       # For Deepseek models\n\n# Test connection\npentestgpt-connection\n\n# Start PentestGPT with default settings (GPT-4o)\npentestgpt\n```\n\n## Available Models\n\nView available models:\n\n`pentestgpt --models`\n\nCurrent models include \n- OpenAI: gpt-4o (default), o3, o4-mini, gpt4all\n- Gemini: gemini-2.5-flash, gemini-2.5-pro\n- Deepseek: deepseek-r1, deepseek-v3\n\n\n## Usage\n   \n```\npentestgpt [-h] [--logDir LOGDIR] [--baseUrl BASEURL] [--models] \n           [--reasoning MODEL_NAME] [--parsing MODEL_NAME] \n           [--logging] [--useAPI]\n```\n\n### Basic Tool Commands\n\nhelp: Show help message\nnext: Get next step after entering execution results\nmore: Get more detailed explanation of current step\ntodo: Show todo list\ndiscuss: Discuss with PentestGPT\nquit: Exit and save output to log file\n\nUse \u003cSHIFT + right arrow\u003e to end input, and \u003cENTER\u003e for a new line.\n\n### Sub-task Handler Commands\n1. The tool works similar to *msfconsole*. Follow the guidance to perform penetration testing. \n2. In general, PentestGPT intakes commands similar to chatGPT. There are several basic commands.\n   1. The commands are: \n      - `help`: show the help message.\n      - `next`: key in the test execution result and get the next step.\n      - `more`: let **PentestGPT** to explain more details of the current step. Also, a new sub-task solver will be created to guide the tester.\n      - `todo`: show the todo list.\n      - `discuss`: discuss with the **PentestGPT**.\n      - `google`: search on Google. This function is still under development.\n      - `quit`: exit the tool and save the output as log file (see the **reporting** section below).\n   2. You can use \u003cSHIFT + right arrow\u003e to end your input (and \u003cENTER\u003e is for next line).\n   3. You may always use `TAB` to autocomplete the commands.\n   4. When you're given a drop-down selection list, you can use cursor or arrow key to navigate the list. Press `ENTER` to select the item. Similarly, use \u003cSHIFT + right arrow\u003e to confirm selection.\\\n      The user can submit info about:\n        * **tool**: output of the security test tool used\n        * **web**: relevant content of a web page\n        * **default**: whatever you want, the tool will handle it\n        * **user-comments**: user comments about PentestGPT operations\n3. In the sub-task handler initiated by `more`, users can execute more commands to investigate into a specific problem:\n   1. The commands are:\n        - `help`: show the help message.\n        - `brainstorm`: let PentestGPT brainstorm on the local task for all the possible solutions.\n        - `discuss`: discuss with PentestGPT about this local task.\n        - `google`: search on Google. This function is still under development.\n        - `continue`: exit the subtask and continue the main testing session.\n\n\n\n\u003c!-- Common Questions --\u003e\n## Common Questions\n- **Q**: What is PentestGPT?\n  - **A**: PentestGPT is a penetration testing tool empowered by Large Language Models (LLMs). It is designed to automate the penetration testing process. It is built on top of ChatGPT API and operate in an interactive mode to guide penetration testers in both overall progress and specific operations.\n- **Q**: Do I need to pay to use PentestGPT?\n  - **A**: Yes in order to achieve the best performance. In general, you can use any LLMs you want, but you're recommended to use GPT-4 API, for which you have to [link a payment method to OpenAI](https://help.openai.com/en/collections/3943089-billing?q=API). \n- **Q**: Why GPT-4?\n  - **A**: After empirical evaluation, we find that GPT-4 performs better than GPT-3.5 and other LLMs in terms of penetration testing reasoning. In fact, GPT-3.5 leads to failed test in simple tasks.\n- **Q**: Why not just use GPT-4 directly?\n  - **A**: We found that GPT-4 suffers from losses of context as test goes deeper. It is essential to maintain a \"test status awareness\" in this process. You may check the [PentestGPT Arxiv Paper](https://arxiv.org/abs/2308.06782) for details.\n- **Q**: Can I use local GPT models?\n  - **A**: Yes. We support local LLMs with custom parser. Look at examples [here](./pentestgpt/utils/APIs/gpt4all_api.py).\n\n\n## Installation\nPentestGPT is tested under `Python 3.10`. Other Python3 versions should work but are not tested.\n### Install with pip\n**PentestGPT** relies on **OpenAI API** to achieve high-quality reasoning. You may refer to the installation video [here](https://youtu.be/tGC5z14dE24).\n1. Install the latest version with `pip3 install git+https://github.com/GreyDGL/PentestGPT`\n   - You may also clone the project to local environment and install for better customization and development\n     - `git clone https://github.com/GreyDGL/PentestGPT`\n     - `cd PentestGPT`\n     - `pip3 install -e .`\n2. To use OpenAI API\n   - **Ensure that you have link a payment method to your OpenAI account.**\n   - export your API key with `export OPENAI_API_KEY='\u003cyour key here\u003e'`\n   - export API base with `export OPENAI_BASEURL='https://api.xxxx.xxx/v1'`if you need.\n   - Test the connection with `pentestgpt-connection`\n3. To verify that the connection is configured properly, you may run `pentestgpt-connection`. After a while, you should see some sample conversation with ChatGPT.\n   - A sample output is below\n   ```\n   You're testing the connection for PentestGPT v 0.11.0\n   #### Test connection for OpenAI api (GPT-4)\n   1. You're connected with OpenAI API. You have GPT-4 access. To start PentestGPT, please use \u003cpentestgpt --reasoning_model=gpt-4\u003e\n   ```\n   - notice: if you have not linked a payment method to your OpenAI account, you will see error messages.\n4. The ChatGPT cookie solution is deprecated and not recommended. You may still use it by running `pentestgpt --reasoning_model=gpt-4 --useAPI=False`. \n\n\n### Build from Source\n1. Clone the repository to your local environment.\n2. Ensure that `poetry` is installed. If not, please refer to the [poetry installation guide](https://python-poetry.org/docs/).\n\n\u003c!-- USAGE EXAMPLES --\u003e\n\n\n### Report and Logging\n1. [Update] If you would like us to collect the logs to improve the tool, please run `pentestgpt --logging`. We will only collect the LLM usage, without any information related to your OpenAI key.\n2. After finishing the penetration testing, a report will be automatically generated in `logs` folder (if you quit with `quit` command).\n3. The report can be printed in a human-readable format by running `python3 utils/report_generator.py \u003clog file\u003e`. A sample report `sample_pentestGPT_log.txt` is also uploaded.\n\n## Custom Model Endpoints and Local LLMs\nPentestGPT now support local LLMs, but the prompts are only optimized for GPT-4.\n- To use local GPT4ALL model, you may run `pentestgpt --reasoning=gpt4all --parsing=gpt4all`.\n- To select the particular model you want to use with GPT4ALL, you may update the `module_mapping` class in `pentestgpt/utils/APIs/module_import.py`.\n- You can also follow the examples of `module_import.py`, `gpt4all.py` and `chatgpt_api.py` to create API support for your own model.\n\n## Citation\nPlease cite our paper at:\n```\n@inproceedings {299699,\nauthor = {Gelei Deng and Yi Liu and V{\\'\\i}ctor Mayoral-Vilches and Peng Liu and Yuekang Li and Yuan Xu and Tianwei Zhang and Yang Liu and Martin Pinzger and Stefan Rass},\ntitle = {{PentestGPT}: Evaluating and Harnessing Large Language Models for Automated Penetration Testing},\nbooktitle = {33rd USENIX Security Symposium (USENIX Security 24)},\nyear = {2024},\nisbn = {978-1-939133-44-1},\naddress = {Philadelphia, PA},\npages = {847--864},\nurl = {https://www.usenix.org/conference/usenixsecurity24/presentation/deng},\npublisher = {USENIX Association},\nmonth = aug\n}\n```\n\n\u003c!-- LICENSE --\u003e\n## License\n\nDistributed under the MIT License. See `LICENSE.txt` for more information.\nThe tool is for educational purpose only and the author does not condone any illegal use. Use as your own risk.\n\n\n\n\u003c!-- CONTACT --\u003e\n## Contact the Contributors!\n\n- Gelei Deng - [![LinkedIn][linkedin-shield]][linkedin-url] - gelei.deng@ntu.edu.sg\n- Víctor Mayoral Vilches - [![LinkedIn][linkedin-shield]][linkedin-url2] - v.mayoralv@gmail.com\n- Yi Liu - yi009@e.ntu.edu.sg\n- Peng Liu - liu_peng@i2r.a-star.edu.sg\n- Yuekang Li - yuekang.li@unsw.edu.au\n\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\n\n\n\n\u003c!-- MARKDOWN LINKS \u0026 IMAGES --\u003e\n\u003c!-- https://www.markdownguide.org/basic-syntax/#reference-style-links --\u003e\n[contributors-shield]: https://img.shields.io/github/contributors/GreyDGL/PentestGPT.svg?style=for-the-badge\n[contributors-url]: https://github.com/GreyDGL/PentestGPT/graphs/contributors\n[forks-shield]: https://img.shields.io/github/forks/GreyDGL/PentestGPT.svg?style=for-the-badge\n[forks-url]: https://github.com/GreyDGL/PentestGPT/network/members\n[stars-shield]: https://img.shields.io/github/stars/GreyDGL/PentestGPT.svg?style=for-the-badge\n[stars-url]: https://github.com/GreyDGL/PentestGPT/stargazers\n[issues-shield]: https://img.shields.io/github/issues/GreyDGL/PentestGPT.svg?style=for-the-badge\n[issues-url]: https://github.com/GreyDGL/PentestGPT/issues\n[license-shield]: https://img.shields.io/github/license/GreyDGL/PentestGPT.svg?style=for-the-badge\n[license-url]: https://github.com/GreyDGL/PentestGPT/blob/master/LICENSE.txt\n[linkedin-shield]: https://img.shields.io/badge/-LinkedIn-black.svg?style=for-the-badge\u0026logo=linkedin\u0026colorB=555\n[linkedin-url]: https://www.linkedin.com/in/gelei-deng-225a10112/\n[linkedin-url2]: https://www.linkedin.com/in/vmayoral/\n[discord-shield]: https://dcbadge.vercel.app/api/server/eC34CEfEkK\n[discord-url]: https://discord.gg/eC34CEfEkK\n[product-screenshot]: images/screenshot.png\n[Next.js]: https://img.shields.io/badge/next.js-000000?style=for-the-badge\u0026logo=nextdotjs\u0026logoColor=white\n[Next-url]: https://nextjs.org/\n[React.js]: https://img.shields.io/badge/React-20232A?style=for-the-badge\u0026logo=react\u0026logoColor=61DAFB\n[React-url]: https://reactjs.org/\n[Vue.js]: https://img.shields.io/badge/Vue.js-35495E?style=for-the-badge\u0026logo=vuedotjs\u0026logoColor=4FC08D\n[Vue-url]: https://vuejs.org/\n[Angular.io]: https://img.shields.io/badge/Angular-DD0031?style=for-the-badge\u0026logo=angular\u0026logoColor=white\n[Angular-url]: https://angular.io/\n[Svelte.dev]: https://img.shields.io/badge/Svelte-4A4A55?style=for-the-badge\u0026logo=svelte\u0026logoColor=FF3E00\n[Svelte-url]: https://svelte.dev/\n[Laravel.com]: https://img.shields.io/badge/Laravel-FF2D20?style=for-the-badge\u0026logo=laravel\u0026logoColor=white\n[Laravel-url]: https://laravel.com\n[Bootstrap.com]: https://img.shields.io/badge/Bootstrap-563D7C?style=for-the-badge\u0026logo=bootstrap\u0026logoColor=white\n[Bootstrap-url]: https://getbootstrap.com\n[JQuery.com]: https://img.shields.io/badge/jQuery-0769AD?style=for-the-badge\u0026logo=jquery\u0026logoColor=white\n[JQuery-url]: https://jquery.com\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgreydgl%2Fpentestgpt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgreydgl%2Fpentestgpt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgreydgl%2Fpentestgpt/lists"}