PentestGPT provides advanced AI and integrated tools to help security teams conduct comprehensive penetration tests effortlessly. Scan, exploit, and analyze web applications, networks, and cloud environments with ease and precision, without needing expert skills.
Thank you so much, @fkesheh and @Fx64b, for your amazing work and dedication to this project.
Thank you for being part of the HackerAI family.
The primary purpose of this GitHub repo is to show what’s behind PentestGPT in order to build trust.
You can run PentestGPT locally, but the RAG system, plugins, and more will only work with proper and complex configuration.
Follow these steps to get your own PentestGPT instance running locally.
You can watch the full video tutorial here.
git clone https://github.com/hackerai-tech/PentestGPT.git
Open a terminal in the root directory of your local PentestGPT repository and run:
npm install
Previously, we used local browser storage to store data. However, this was not a good solution for a few reasons:
We now use Supabase because it’s easy to use, it’s open-source, it’s Postgres, and it has a free tier for hosted instances.
We will support other providers in the future to give you more options.
You will need to install Docker to run Supabase locally. You can download it here for free.
MacOS/Linux
brew install supabase/tap/supabase
Windows
scoop bucket add supabase https://github.com/supabase/scoop-bucket.git
scoop install supabase
In your terminal at the root of your local PentestGPT repository, run:
supabase start
In your terminal at the root of your local PentestGPT repository, run:
cp .env.local.example .env.local
Get the required values by running:
supabase status
Note: Use API URL
from supabase status
for NEXT_PUBLIC_SUPABASE_URL
Now go to your .env.local
file and fill in the values.
If the environment variable is set, it will disable the input in the user settings.
In the 1st migration file supabase/migrations/20240108234540_setup.sql
you will need to replace 2 values with the values you got above:
project_url
(line 53): http://supabase_kong_pentestgpt:8000
(default) can remain unchanged if you don’t change your project_id
in the config.toml
fileservice_role_key
(line 54): You got this value from running supabase status
This prevents issues with storage files not being deleted properly.
For more information click here.
This Python script for Linux can analyze Microsoft Windows *.msi Installer files and point out…
Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks…
Discover your application security risks and vulnerabilities in only a few minutes. In this guide…
The idea behind waymore is to find even more links from the Wayback Machine than…
The Pycript extension for Burp Suite is a valuable tool for penetration testing and security…
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and…