Kali Linux

GPT_Vuln-analyzer : Uses ChatGPT API To Create Vulnerability Reports Based On Nmap Scan

GPT_Vuln-analyzer uses ChatGPT API and Python-Nmap module to use the GPT3 model to create vulnerability reports based on Nmap scan data.

This is a Proof Of Concept application demonstrating how AI can generate accurate results for vulnerability analysis and allows further utilization of the already super helpful ChatGPT. The tool supports both Windows and Linux.

Requirements

  • Python 3.10
  • All the packages mentioned in the requirements.txt file
  • OpenAi api

Usage

  • First, Change the “API__KEY” part of the code with the OpenAI API key
openai.api_key = "__API__KEY" # Enter your API key
  • Second, install the packages
pip3 install -r requirements.txt
or
pip install -r requirements.txt

To run the code

python3 gpt_vuln.py

Understanding the code

Profiles:

ParameterReturn dataDescriptionNmap Command
p1jsonEffective Scan-Pn -sV -T4 -O -F
p2jsonSimple Scan-Pn -T4 -A -v
p3jsonLow Power Scan-Pn -sS -sU -T4 -A -v
p4jsonPartial Intense Scan-Pn -p- -T4 -A -v
p5jsonComplete Intense Scan-Pn -sS -sU -T4 -A -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script=vuln

The profile is the type of scan that the Nmap subprocess will execute. The Ip or target will be provided via argparse.

At first, the custom Nmap scan is run, which has all the crucial arguments for the scan to continue. Next, the scan data is extracted from the huge pile of data driven by Nmap.

The “scan” object lists sub-data under “tcp” each labeled according to the ports opened. once the data is extracted, the data is sent to the Openai API davenci model via a prompt.

The prompt specifically asks for a JSON output and the data to be used in a certain manner.

The entire structure of requests that must be sent to the openai API is designed in the completion section of the Program.

def profile(ip):
    nm.scan('{}'.format(ip), arguments='-Pn -sS -sU -T4 -A -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script=vuln')
    json_data = nm.analyse_nmap_xml_scan()
    analize = json_data["scan"]
    # Prompt about what the quary is all about
    prompt = "do a vulnerability analysis of {} and return a vulnerabilty report in json".format(analize)
    # A structure for the request
    completion = openai.Completion.create(
        engine=model_engine,
        prompt=prompt,
        max_tokens=1024,
        n=1,
        stop=None,
    )
    response = completion.choices[0].text
    return response

Advantages

  • It can be used in developing more advanced systems wholly made of the API and scanner combination.
  • Can increase the effectiveness of the final system
  • Highly productive when working with models such as GPT3.

Please consider following and supporting us to stay updated with the latest information.

R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago