Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Lstalet04/Pentesting-AI

Multi agent penetration testing AI
https://github.com/Lstalet04/Pentesting-AI

Last synced: 3 days ago
JSON representation

Multi agent penetration testing AI

Awesome Lists containing this project

README 

        
# Pentesting AI Project



Welcome to the repository for my Pentesting AI project. This project leverages AutoGen and OpenAI's Language Model (LLM) to create multiple agents with specific tasks, synchronized to achieve the goal of pentesting a webpage. This project aims to streamline the pentesting process, offering flexible modes of user interaction to suit different needs and preferences. The AI generates detailed reports based on its findings and proposes security measures and recommendations. Below, you'll find a detailed description of the project, its components, and how to get started.



## Table of Contents



- [Overview](#overview)

- [Features](#features)

- [Components](#components)

- [Prerequisites](#prerequisites)

- [Setup](#setup)

- [Usage](#usage)



## Overview



This project involves a sophisticated setup of various AI agents designed to collaboratively perform penetration testing on web pages. The agents are configured using AutoGen and OpenAI's LLM, each with a specific role in the pentesting process. The goal is to identify vulnerabilities, exploit them, and generate comprehensive reports.



## Features



- **Automated Pentesting**: Fully automate the penetration testing process.

- **Flexible User Interaction**: Choose between three interaction modes - `ALWAYS`, `NEVER`, and `TERMINATE`.

  - `ALWAYS`: User interacts with the AI at every prompt.

  - `NEVER`: AI works autonomously without user interaction.

  - `TERMINATE`: User interacts only at the end of the AI's work.

- **Report Generation**: The AI generates comprehensive reports with findings and recommendations.

- **Dockerized**: The entire setup runs in a Docker container for enhanced security.



## Components



### Agents



- **Vulnerabilities Searcher**

  - **Description:** A cybersecurity professional specializing in finding vulnerabilities based on scan reports.

  - **Task:** Research and scan databases such as CVEs and CAPEC for known vulnerabilities.



- **Webpage Fetcher**

  - **Description:** Part of the pentesting team specializing in fetching webpage content.

  - **Task:** Perform requests to the targeted website and fetch the HTML code.



- **Report Writer**

  - **Description:** A professional writer who constructs reports summarizing findings.

  - **Task:** Summarize findings in bullet points and save the reports.



- **Code Checker**

  - **Description:** A professional code checker.

  - **Task:** Verify the correctness of commands or code and suggest improvements.



- **Webpage Communicator**

  - **Description:** A professional web communicator.

  - **Task:** Interact with the webpage based on HTML reports, perform actions like clicking and filling input fields.



- **Pentester Exploiter**

  - **Description:** A vulnerabilities expert specializing in exploitation.

  - **Task:** Create commands to exploit vulnerabilities based on findings.



- **Pentester Scanner**

  - **Description:** An info-gathering expert.

  - **Task:** Create commands for reconnaissance in the early phase of pentesting.



- **Code Executor Agent**

  - **Description:** Executes commands locally.

  - **Task:** Execute provided commands within a specified timeout.



- **File Reader Agent**

  - **Description:** Reads file contents.

  - **Task:** Output the content of files as needed.



- **User Proxy Agent**

  - **Description:** A human admin proxy.

  - **Task:** Manage execution and interaction between different agents.



- **Group Chat Manager**

  - **Description:** Manages the pentesting team.

  - **Task:** Synchronize the team to work in unison without hiccups.



## Prerequisites



- Docker

- OpenAI Azure API endpoint and API key



## Setup



1. **Clone the Repository**



    ```bash

    git clone https://github.com/yourusername/pentesting-ai.git

    cd pentesting-ai

    ```



2. **Configure API Keys**



    Set your API key and endpoint, as well as your model name (and your API type if you don't want to use Azure OpenAI), in the config list, at the top of the main.py file.



3. **Install Dependencies**



    Ensure you have Docker installed, as all dependencies will be handled within the Docker container. However, if you need to review the requirements, they are listed in the `requirements.txt` file.



4. **Build and Run the Docker Container**



    ```bash

    docker build -t pentesting-ai .

    docker run -it --name pentesting-ai-container pentesting-ai

    ```



## Usage



1. **Starting the AI**



    Once the Docker container is up and running, the AI will start and wait for your input based on the interaction mode you've set.



2. **Setting Interaction Mode**



    You can set the interaction mode by modifying the interaction_mode variable at the top of the main.py file before running the Docker container.



    Valid options for `INTERACTION_MODE` are `ALWAYS`, `NEVER`, and `TERMINATE`.



3. **Generating Reports**



    After the pentesting session, the AI will generate a report with its findings and recommended security measures. The report will be saved in the `/groupchat/reports` directory within the Docker container. Also any code executed by the ai will have its output saved to the '/groupchat/outputs' directory.