Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-gpt-security

A curated list of awesome security tools, experimental case or other interesting things with LLM or GPT.
https://github.com/cckuailong/awesome-gpt-security

Last synced: 5 days ago
JSON representation

Attention
- A nice tool
Tools
- Integrated
  - SecGPT - SecGPT aims to make further contributions to network security by combining LLM, including penetration testing, red-blue confrontations, CTF competitions, and other aspects.
  - AutoAudit - An LLM for Cyber Security
  - secgpt - Cyber security LLM(Lora finetuned with baichuan-13B using some material of cyber security)
- Audit
  - SourceGPT - prompt manager and source code analyzer built on top of ChatGPT as the oracle
  - ChatGPTScanner - A white box code scan powered by ChatGPT
  - chatgpt-code-analyzer - ChatGPT Code Analyzer for Visual Studio Code
  - audit_gpt - Fine-tuning GPT for Smart Contract Auditing
  - vulchatgpt - Use IDA PRO HexRays decompiler with OpenAI(ChatGPT) to find possible vulnerabilities in binaries
  - Ret2GPT - Advanced AI-powered binary analysis tool leveraging OpenAI's LangChain technology, revolutionizing CTF Pwners' experience in binary file interpretation and vulnerability detection.
  - hacker-ai - An online tool using AI to detect vulnerabilities in source code
- Reconnaissance
  - GPT_Vuln-analyzer - Uses ChatGPT API, Python-Nmap, DNS Recon modules and uses the GPT3 model to create vulnerability reports based on Nmap scan data, and DNS scan information. It can also perform subdomain enumeration to a great extent
  - SubGPT - SubGPT looks at subdomains you have already discovered for a domain and uses BingGPT to find more.
  - Navi - A QA based Reconnaissance Tool with GPT
  - ChatCVE - The ChatCVE Lang Chain App is an AI-powered devSecOps application 🔍, for oganizations triaging and aggregating CVE (Common Vulnerabilities and Exposures) information.
  - ZoomeyeGPT - ZoomEyeGPT browser extension is a GPT-based Chrome browser extension designed to bring AI-assisted search experience to ZoomEye users.
  - uncover-turbo - Realize a general-purpose natural language surveying and mapping engine, and open up the last mile from natural language to surveying and mapping grammar.
  - DevOpsGPT - AI-Driven Software Development Automation Solution
  - CensysGPT Beta - The tool enables users to quickly and easily gain insights into hosts on the internet, streamlining the process and allowing for more proactive threat hunting and exposure management
- Offensive
  - PentestGPT - A GPT-empowered penetration testing tool
  - burpgpt - A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.
  - ReconAIzer - A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!
  - CodaMOSA - CodaMOSA is the paper code of CodaMOSA: Escaping Coverage Plateaus in Test Generation with Pre-trained Large Language Models. It implements a fuzzer combined with OpenAI API, aiming to alleviate the problem of stagnant coverage in traditional fuzz.
  - PassGAN - A Deep Learning Approach for Password Guessing. [HomeSecurityHeroes land a Product](https://www.homesecurityheroes.com/ai-password-cracking/), and you can test how much time an AI would need to crack your password here.
  - nuclei-ai-extension - Official by Nuclei Team. Browser Extension for Rapid Nuclei Template Generation.
  - nuclei_gpt - Only need to submit the relevant Request and Response and the description of the vulnerability to generate a Nuclei PoC.
  - hackGPT - Leverage OpenAI and ChatGPT to do hackerish things
  - Nuclei Templates AI Generator - - Create Nuclei templates by textual description (e.g., vulnerability scanners by PoC).
  - Nuclei Templates AI Generator - - Create Nuclei templates by textual description (e.g., vulnerability scanners by PoC).
- Detecting
  - cloudgpt - Vulnerability scanner for AWS customer managed policies using ChatGPT
  - IATelligence - About
  - rebuff - Prompt Injection Detector.
  - Callisto - An Intelligent Automated Binary Vulnerability Analysis Tool.
  - LLMFuzzer - LLMFuzzer is the first open-source fuzzing framework specifically designed for Large Language Models (LLMs), especially for their integrations in applications via LLM APIs.
  - Vigil - Prompt injection detection and LLM prompt security scanner
- Social Engineering
  - ChatGPT-Web-Setting-Funny-Abuse - Play with ChatGPT-Web and found the HTML rendering in description settings.
- Reverse Engineering
  - LLM4Decompile - Reverse Engineering: Decompiling Binary Code with Large Language Models
  - Gepetto - About
  - gpt-wpre - Whole-Program Reverse Engineering with GPT-3
  - G-3PO - A Script that Solicits GPT-3 for Comments on Decompiled Code
- Investigation
  - beelzebub - Go-Based Low-Code Honeypot Framework with Enhanced Security, Leveraging GPT-3 for System Virtualization
- Fix
  - wolverine - Auto fix the bugs in your Python Script/Code
- Assessment
  - falco-gpt - AI-generated remediations for Falco audit events
  - selefra - an open-source policy-as-code software that provides analytics for multi-cloud and SaaS.
  - openai-cti-summarizer - openai-cti-summarizer is a tool for generating threat intelligence summary reports based on OpenAI's GPT-3.5 and GPT-4 API
Cases
GPT Security
- Standard
  - agentic_security - Agentic LLM Vulnerability Scanner
  - garak - LLM vulnerability scanner
  - inspect_ai - Inspect: A framework for large language model evaluations
  - ATT&CK for LLM Apps
  - The OWASP Top 10 for Large Language Model Applications project
  - Google AI Red Team
- Bypass Security Policy
  - ChatGPT Prompts for Bug Bounty & Pentesting
  - promptmap - automatically tests prompt injection attacks on ChatGPT instances
  - promptbench - A robustness evaluation framework for large language models on adversarial prompts
  - Chat GPT "DAN" (and other "Jailbreaks")
  - Use "Typoglycemia" to Bypass the LLM's Security Policy
  - Universal and Transferable Adversarial Attacks on Aligned Language Models
  - Use "Typoglycemia" to Bypass the LLM's Security Policy
  - Use "Typoglycemia" to Bypass the LLM's Security Policy
  - Use "Typoglycemia" to Bypass the LLM's Security Policy
  - Use "Typoglycemia" to Bypass the LLM's Security Policy
- Crack
  - gpt4free - Just API's from some language model sites.
  - EdgeGPT - Reverse engineered API of Microsoft's Bing Chat AI
  - GPTs - leaked prompts of GPTs
- Bug Bounty
  - Building A Virtual Machine inside ChatGPT - deprecated but interesting
  - LangChain vulnerable to code injection -- CVE-2023-29374
- Plugin Security
  - SecureGPT

Programming Languages

Python 33 Go 5 JavaScript 3 HTML 3 Jupyter Notebook 2 PHP 1 TypeScript 1 Java 1 Makefile 1

Categories

Cases 109 Tools 44 GPT Security 22 Attention 1

Sub Categories

Academic 55 Experimental 44 Bypass Security Policy 10 Offensive 10 Reconnaissance 8 Audit 7 Blogs 7 Standard 6 Detecting 6 Reverse Engineering 4 Crack 3 Integrated 3 Fun 3 Assessment 3 Bug Bounty 2 Social Engineering 1 Plugin Security 1 Investigation 1 Fix 1

Keywords

openai 11 chatgpt 10 llm 8 ai 7 python 7 security 6 openai-api 5 cybersecurity 4 large-language-models 4 gpt 4 reverse-engineering 4 chatbot 3 kubernetes 3 golang 3 gpt-3 3 chatgpt-api 3 llm-security 3 prompt-injection 3 prompt-engineering 3 gpt-4 2 openai-chatgpt 2 adversarial-attacks 2 burpsuite 2 burp-extensions 2 llmops 2 cloud 2 exploit 2 machine-learning 2 chatbots 2 devops 2 chatgpt4 2 llms 2 dns-enumeration 1 dns 1 bard-api 1 pentesting 1 security-automation 1 webapp 1 bugbounty 1 bard-ai 1 ai-vulnerability-analysis 1 deep-learning 1 lora 1 gan 1 llama 1 password 1 password-cracking 1 fine-tuning 1 cyber-security 1 alpaca-lora 1