Pentesting Tools

PentestGPT – A Comprehensive Guide To Local And Hosted Deployment

PentestGPT provides advanced AI and integrated tools to help security teams conduct comprehensive penetration tests effortlessly. Scan, exploit, and analyze web applications, networks, and cloud environments with ease and precision, without needing expert skills.

A Special Note Of Thanks

Thank you so much, @fkesheh and @Fx64b, for your amazing work and dedication to this project.

Thank you for being part of the HackerAI family.

Important Note About Running PentestGPT Locally

The primary purpose of this GitHub repo is to show what’s behind PentestGPT in order to build trust.

You can run PentestGPT locally, but the RAG system, plugins, and more will only work with proper and complex configuration.

Local Quickstart

Follow these steps to get your own PentestGPT instance running locally.

You can watch the full video tutorial here.

1. Clone The Repo

git clone https://github.com/hackerai-tech/PentestGPT.git

2. Install Dependencies

Open a terminal in the root directory of your local PentestGPT repository and run:

npm install

3. Install Supabase & Run Locally

Why Supabase?

Previously, we used local browser storage to store data. However, this was not a good solution for a few reasons:

  • Security issues
  • Limited storage
  • Limits multi-modal use cases

We now use Supabase because it’s easy to use, it’s open-source, it’s Postgres, and it has a free tier for hosted instances.

We will support other providers in the future to give you more options.

1. Install Docker

You will need to install Docker to run Supabase locally. You can download it here for free.

2. Install Supabase CLI

MacOS/Linux

brew install supabase/tap/supabase

Windows

scoop bucket add supabase https://github.com/supabase/scoop-bucket.git
scoop install supabase

3. Start Supabase

In your terminal at the root of your local PentestGPT repository, run:

supabase start

4. Fill In Secrets

1. Environment Variables

In your terminal at the root of your local PentestGPT repository, run:

cp .env.local.example .env.local

Get the required values by running:

supabase status

Note: Use API URL from supabase status for NEXT_PUBLIC_SUPABASE_URL

Now go to your .env.local file and fill in the values.

If the environment variable is set, it will disable the input in the user settings.

2. SQL Setup

In the 1st migration file supabase/migrations/20240108234540_setup.sql you will need to replace 2 values with the values you got above:

  • project_url (line 53): http://supabase_kong_pentestgpt:8000 (default) can remain unchanged if you don’t change your project_id in the config.toml file
  • service_role_key (line 54): You got this value from running supabase status

This prevents issues with storage files not being deleted properly.

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

How to Install Docker on Ubuntu (Step-by-Step Guide)

Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…

5 days ago

Uninstall Docker on Ubuntu

Docker is one of the most widely used containerization platforms. But there may come a…

5 days ago

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

6 days ago

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

1 week ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

1 week ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

1 week ago