GPT_Vuln-analyzer uses ChatGPT API and Python-Nmap module to use the GPT3 model to create vulnerability reports based on Nmap scan data.
This is a Proof Of Concept application demonstrating how AI can generate accurate results for vulnerability analysis and allows further utilization of the already super helpful ChatGPT. The tool supports both Windows and Linux.
openai.api_key = "__API__KEY" # Enter your API key
pip3 install -r requirements.txt or pip install -r requirements.txt
To run the code
Profiles:
| Parameter | Return data | Description | Nmap Command |
|---|---|---|---|
p1 | json | Effective Scan | -Pn -sV -T4 -O -F |
p2 | json | Simple Scan | -Pn -T4 -A -v |
p3 | json | Low Power Scan | -Pn -sS -sU -T4 -A -v |
p4 | json | Partial Intense Scan | -Pn -p- -T4 -A -v |
p5 | json | Complete Intense Scan | -Pn -sS -sU -T4 -A -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script=vuln |
The profile is the type of scan that the Nmap subprocess will execute. The Ip or target will be provided via argparse.
At first, the custom Nmap scan is run, which has all the crucial arguments for the scan to continue. Next, the scan data is extracted from the huge pile of data driven by Nmap.
The “scan” object lists sub-data under “tcp” each labeled according to the ports opened. once the data is extracted, the data is sent to the Openai API davenci model via a prompt.
The prompt specifically asks for a JSON output and the data to be used in a certain manner.
The entire structure of requests that must be sent to the openai API is designed in the completion section of the Program.
def profile(ip):
nm.scan('{}'.format(ip), arguments='-Pn -sS -sU -T4 -A -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script=vuln')
json_data = nm.analyse_nmap_xml_scan()
analize = json_data["scan"]
# Prompt about what the quary is all about
prompt = "do a vulnerability analysis of {} and return a vulnerabilty report in json".format(analize)
# A structure for the request
completion = openai.Completion.create(
engine=model_engine,
prompt=prompt,
max_tokens=1024,
n=1,
stop=None,
)
response = completion.choices[0].text
return response Please consider following and supporting us to stay updated with the latest information.
Nginx server blocks let you run more than one website on a single server. Each block…
Tor Browser is a modified version of Firefox that routes all your web traffic through the Tor…
Vagrant is a command-line tool that makes it easy to build and manage virtual machine environments.…
VMware Tools is a set of drivers and services that improves the performance of an Ubuntu…
Java developers use project management tools to automate building their applications. Apache Maven is an open source…
Running programs built for Microsoft's framework on a Linux system is easier than you think. Mono is…