PentestGPT provides advanced AI and integrated tools to help security teams conduct comprehensive penetration tests effortlessly. Scan, exploit, and analyze web applications, networks, and cloud environments with ease and precision, without needing expert skills.
Thank you so much, @fkesheh and @Fx64b, for your amazing work and dedication to this project.
Thank you for being part of the HackerAI family.
The primary purpose of this GitHub repo is to show what’s behind PentestGPT in order to build trust.
You can run PentestGPT locally, but the RAG system, plugins, and more will only work with proper and complex configuration.
Follow these steps to get your own PentestGPT instance running locally.
You can watch the full video tutorial here.
git clone https://github.com/hackerai-tech/PentestGPT.git
Open a terminal in the root directory of your local PentestGPT repository and run:
npm install
Previously, we used local browser storage to store data. However, this was not a good solution for a few reasons:
We now use Supabase because it’s easy to use, it’s open-source, it’s Postgres, and it has a free tier for hosted instances.
We will support other providers in the future to give you more options.
You will need to install Docker to run Supabase locally. You can download it here for free.
MacOS/Linux
brew install supabase/tap/supabase
Windows
scoop bucket add supabase https://github.com/supabase/scoop-bucket.git
scoop install supabase
In your terminal at the root of your local PentestGPT repository, run:
supabase start
In your terminal at the root of your local PentestGPT repository, run:
cp .env.local.example .env.local
Get the required values by running:
supabase status
Note: Use API URL
from supabase status
for NEXT_PUBLIC_SUPABASE_URL
Now go to your .env.local
file and fill in the values.
If the environment variable is set, it will disable the input in the user settings.
In the 1st migration file supabase/migrations/20240108234540_setup.sql
you will need to replace 2 values with the values you got above:
project_url
(line 53): http://supabase_kong_pentestgpt:8000
(default) can remain unchanged if you don’t change your project_id
in the config.toml
fileservice_role_key
(line 54): You got this value from running supabase status
This prevents issues with storage files not being deleted properly.
For more information click here.
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…