GPT Vulnerability Analyzer is a Proof Of Concept application that demonstrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT.
Requirements for GTP Vulnerability Analyzer
- Python 3.10
- All the packages mentioned in the requirements.txt file
- Open AI API
Usage
- First Change the “API__KEY” part of the code with Open AI API key
openai.api_key = "__API__KEY" # Enter your API key
- second install the packages
pip3 install -r requirements.txt
or
pip install -r requirements.txt
- run the code python3 gpt_vuln.py <> or if windows run python gpt_vuln.py <>
Supported in both windows and Linux
Understanding the code
Profiles:
Parameter | Return data | Description | Nmap Command |
---|---|---|---|
p1 | json | Effective Scan | -Pn -sV -T4 -O -F |
p2 | json | Simple Scan | -Pn -T4 -A -v |
p3 | json | Low Power Scan | -Pn -sS -sU -T4 -A -v |
p4 | json | Partial Intense Scan | -Pn -p- -T4 -A -v |
p5 | json | Complete Intense Scan | -Pn -sS -sU -T4 -A -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script=vuln |
The profile is the type of scan that will be executed by the Nmap subprocess. The Ip or target will be provided via argparse. At first the custom Nmap scan is run which has all the crucial arguments for the scan to continue. neatly the scan data is extracted from the huge pile of data which has been driven by Nmap. the “scan” object has a list of sub data under “TCP” each labeled according to the ports opened. once the data is extracted the data is sent to Open AI API DaVinci model via a prompt. the prompt specifically asks for an JSON output and the data also to be used in a certain manner.
The entire structure of request that has to be sent to the Open AI API is designed in the completion section of the Program.
def profile(IP):
nm.scan('{}'.format(IP), arguments='-Pn -sS -sU -T4 -A -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script=vuln')
json_data = nm.analyse_nmap_xml_scan()
analize = json_data["scan"]
# Prompt about what the quarry is all about
prompt = "do a vulnerability analysis of {} and return a vulnerability report in JSON".format(analyze)
# A structure for the request
completion = openai.Completion.create(
engine=model_engine,
prompt=prompt,
max_tokens=1024,
n=1,
stop=None,
)
response = completion.choices[0].text
return response
Advantages
- Can be used in developing a more advanced systems completely made of the API and scanner combination
- Can increase the effectiveness of the final system
- Highly productive when working with models such as GPT3
Download GTP Vulnerability Analyzer
For more Vulnerability Tools click HERE