Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-gpt-security
A curated list of awesome security tools, experimental case or other interesting things with LLM or GPT.
https://github.com/cckuailong/awesome-gpt-security
Last synced: about 10 hours ago
JSON representation
-
Attention
-
Tools
-
Integrated
- SecGPT - SecGPT aims to make further contributions to network security by combining LLM, including penetration testing, red-blue confrontations, CTF competitions, and other aspects.
- AutoAudit - An LLM for Cyber Security
- secgpt - Cyber security LLM(Lora finetuned with baichuan-13B using some material of cyber security)
- HackerGPT-2.0 - HackerGPT is your indispensable digital companion in the world of hacking.
-
Audit
- SourceGPT - prompt manager and source code analyzer built on top of ChatGPT as the oracle
- ChatGPTScanner - A white box code scan powered by ChatGPT
- chatgpt-code-analyzer - ChatGPT Code Analyzer for Visual Studio Code
- audit_gpt - Fine-tuning GPT for Smart Contract Auditing
- vulchatgpt - Use IDA PRO HexRays decompiler with OpenAI(ChatGPT) to find possible vulnerabilities in binaries
- Ret2GPT - Advanced AI-powered binary analysis tool leveraging OpenAI's LangChain technology, revolutionizing CTF Pwners' experience in binary file interpretation and vulnerability detection.
- hacker-ai - An online tool using AI to detect vulnerabilities in source code
- Ret2GPT - Advanced AI-powered binary analysis tool leveraging OpenAI's LangChain technology, revolutionizing CTF Pwners' experience in binary file interpretation and vulnerability detection.
- AuthzAI - An automated tool to test and analyze API endpoints for potential permission model violations using OpenAI structured outputs.
- vulnhuntr - Zero shot vulnerability discovery using LLMs
-
Reconnaissance
- GPT_Vuln-analyzer - Uses ChatGPT API, Python-Nmap, DNS Recon modules and uses the GPT3 model to create vulnerability reports based on Nmap scan data, and DNS scan information. It can also perform subdomain enumeration to a great extent
- SubGPT - SubGPT looks at subdomains you have already discovered for a domain and uses BingGPT to find more.
- Navi - A QA based Reconnaissance Tool with GPT
- ZoomeyeGPT - ZoomEyeGPT browser extension is a GPT-based Chrome browser extension designed to bring AI-assisted search experience to ZoomEye users.
- uncover-turbo - Realize a general-purpose natural language surveying and mapping engine, and open up the last mile from natural language to surveying and mapping grammar.
- DevOpsGPT - AI-Driven Software Development Automation Solution
- CensysGPT Beta - The tool enables users to quickly and easily gain insights into hosts on the internet, streamlining the process and allowing for more proactive threat hunting and exposure management
- Navi - A QA based Reconnaissance Tool with GPT
- ChatCVE - The ChatCVE Lang Chain App is an AI-powered devSecOps application 🔍, for oganizations triaging and aggregating CVE (Common Vulnerabilities and Exposures) information.
-
Offensive
- PentestGPT - A GPT-empowered penetration testing tool
- burpgpt - A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.
- ReconAIzer - A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!
- CodaMOSA - CodaMOSA is the paper code of CodaMOSA: Escaping Coverage Plateaus in Test Generation with Pre-trained Large Language Models. It implements a fuzzer combined with OpenAI API, aiming to alleviate the problem of stagnant coverage in traditional fuzz.
- PassGAN - A Deep Learning Approach for Password Guessing. [HomeSecurityHeroes land a Product](https://www.homesecurityheroes.com/ai-password-cracking/), and you can test how much time an AI would need to crack your password here.
- nuclei-ai-extension - Official by Nuclei Team. Browser Extension for Rapid Nuclei Template Generation.
- nuclei_gpt - Only need to submit the relevant Request and Response and the description of the vulnerability to generate a Nuclei PoC.
- hackGPT - Leverage OpenAI and ChatGPT to do hackerish things
- Nuclei Templates AI Generator - - Create Nuclei templates by textual description (e.g., vulnerability scanners by PoC).
- Nuclei Templates AI Generator - - Create Nuclei templates by textual description (e.g., vulnerability scanners by PoC).
- AutorizePro - AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.
-
Detecting
- cloudgpt - Vulnerability scanner for AWS customer managed policies using ChatGPT
- IATelligence - About
- rebuff - Prompt Injection Detector.
- Callisto - An Intelligent Automated Binary Vulnerability Analysis Tool.
- LLMFuzzer - LLMFuzzer is the first open-source fuzzing framework specifically designed for Large Language Models (LLMs), especially for their integrations in applications via LLM APIs.
- Vigil - Prompt injection detection and LLM prompt security scanner
- k8sgpt - a tool for scanning your Kubernetes clusters, diagnosing, and triaging issues in simple English.
-
Social Engineering
- ChatGPT-Web-Setting-Funny-Abuse - Play with ChatGPT-Web and found the HTML rendering in description settings.
-
Reverse Engineering
- LLM4Decompile - Reverse Engineering: Decompiling Binary Code with Large Language Models
- Gepetto - About
- gpt-wpre - Whole-Program Reverse Engineering with GPT-3
- G-3PO - A Script that Solicits GPT-3 for Comments on Decompiled Code
-
Investigation
- beelzebub - Go-Based Low-Code Honeypot Framework with Enhanced Security, Leveraging GPT-3 for System Virtualization
-
Fix
- wolverine - Auto fix the bugs in your Python Script/Code
-
Assessment
- falco-gpt - AI-generated remediations for Falco audit events
- selefra - an open-source policy-as-code software that provides analytics for multi-cloud and SaaS.
- openai-cti-summarizer - openai-cti-summarizer is a tool for generating threat intelligence summary reports based on OpenAI's GPT-3.5 and GPT-4 API
-
-
Cases
-
Experimental
- Experimenting with GPT-3 for Detecting Security Vulnerabilities in Code
- Chat4GPT Experiments for Security
- GPT-3 use cases for Cybersecurity
- Lost in ChatGPT's memories: escaping ChatGPT-3.5 memory issues to write CVE PoCs
- I built a Zero Day virus with undetectable exfiltration using only ChatGPT prompts
- A Practical, AI-Generated Phishing PoC With ChatGPT
- Capturing the Flag with GPT-4
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- Using ChatGPT to generate encoder and supporting WebShell
- Using OpenAI Chat to Generate Phishing Campaigns - - Include Phishing Platform
- AI-Powered Fuzzing: Breaking the Bug Hunting Barrier
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- We put GPT-4 in Semgrep to point out false positives & fix code
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- Using ChatGPT to generate encoder and supporting WebShell
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
- I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase
-
Academic
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- GPT-4 Technical Report - - OpenAI's own security assessment and mitigation of the model
- Ignore Previous Prompt: Attack Techniques For Language Models - - Pioneering work of Prompt Injection
- More than you've asked for: A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models
- RealToxicityPrompts: Evaluating Neural Toxic Degeneration in Language Models
- Exploiting Programmatic Behavior of LLMs: Dual-Use Through Standard Security Attacks
- Red Teaming Language Models to Reduce Harms: Methods, Scaling Behaviors, and Lessons Learned
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
- Can We Generate Shellcodes via Natural Language? An Empirical Study
-
Fun
- ai-goat - Learn AI security through a series of vulnerable LLM CTF challenges.
- shortest prompt that will enable GPT to protect the secret key
- a CTF-like game that teaches how to bypass LLM using language hacks
-
Blogs
- Dissecting redis CVE-2023-28425 with chatGPT as assistant
- Security Code Review With ChatGPT
- ChatGPT happy to write ransomware, just really bad at it
- Create ATT&CK Groups Knowledge Base
- Model Confusion - Weaponizing ML models for red teams and bounty hunters
- Using LLMs to reverse JavaScript variable name minification
- ChatGPT happy to write ransomware, just really bad at it
-
-
GPT Security
-
Standard
- agentic_security - Agentic LLM Vulnerability Scanner
- garak - LLM vulnerability scanner
- inspect_ai - Inspect: A framework for large language model evaluations
- ATT&CK for LLM Apps
- The OWASP Top 10 for Large Language Model Applications project
- Google AI Red Team
- garak - LLM vulnerability scanner
- PurpleLlama - Empowering developers, advancing safety, and building an open ecosystem
- modelscan - Protection against Model Serialization Attacks
-
Bypass Security Policy
- ChatGPT Prompts for Bug Bounty & Pentesting
- promptmap - automatically tests prompt injection attacks on ChatGPT instances
- promptbench - A robustness evaluation framework for large language models on adversarial prompts
- Chat GPT "DAN" (and other "Jailbreaks")
- Use "Typoglycemia" to Bypass the LLM's Security Policy
- Universal and Transferable Adversarial Attacks on Aligned Language Models
- Use "Typoglycemia" to Bypass the LLM's Security Policy
- Use "Typoglycemia" to Bypass the LLM's Security Policy
- Use "Typoglycemia" to Bypass the LLM's Security Policy
- Use "Typoglycemia" to Bypass the LLM's Security Policy
- jailbreak_llms - A dataset consists of 15,140 ChatGPT prompts from Reddit, Discord, websites, and open-source datasets (including 1,405 jailbreak prompts).
- Use "Typoglycemia" to Bypass the LLM's Security Policy
-
Crack
-
Bug Bounty
- Building A Virtual Machine inside ChatGPT - deprecated but interesting
- LangChain vulnerable to code injection -- CVE-2023-29374
- ai-exploits - A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities
-
Plugin Security
-
Programming Languages
Categories
Sub Categories
Keywords
openai
12
ai
11
llm
11
chatgpt
11
python
8
security
7
llm-security
5
openai-api
5
reverse-engineering
4
large-language-models
4
chatbot
4
machine-learning
4
gpt
4
cybersecurity
4
gpt-3
3
prompt-engineering
3
prompt-injection
3
chatbots
3
burpsuite
3
burp-extensions
3
kubernetes
3
golang
3
chatgpt-api
3
devops
2
langchain
2
python3
2
hacktoberfest2022
2
automation
2
llms
2
vulnerability-detection
2
pentesting
2
bugbounty
2
gpt-4
2
openai-chatgpt
2
cloud
2
exploit
2
chatgpt4
2
security-tools
2
adversarial-attacks
2
llmops
2
ctf
2
prompt
2
bard-api
1
deep-learning
1
gan
1
password
1
password-cracking
1
password-strength
1
bard-ai
1
ai-vulnerability-analysis
1