PentestGPT – A Comprehensive Guide To Local And Hosted Deployment

PentestGPT provides advanced AI and integrated tools to help security teams conduct comprehensive penetration tests effortlessly. Scan, exploit, and analyze web applications, networks, and cloud environments with ease and precision, without needing expert skills.

A Special Note Of Thanks

Thank you so much, @fkesheh and @Fx64b, for your amazing work and dedication to this project.

Thank you for being part of the HackerAI family.

Important Note About Running PentestGPT Locally

The primary purpose of this GitHub repo is to show what’s behind PentestGPT in order to build trust.

You can run PentestGPT locally, but the RAG system, plugins, and more will only work with proper and complex configuration.

Local Quickstart

Follow these steps to get your own PentestGPT instance running locally.

You can watch the full video tutorial here.

1. Clone The Repo

git clone https://github.com/hackerai-tech/PentestGPT.git

2. Install Dependencies

Open a terminal in the root directory of your local PentestGPT repository and run:

npm install

3. Install Supabase & Run Locally

Why Supabase?

Previously, we used local browser storage to store data. However, this was not a good solution for a few reasons:

Security issues
Limited storage
Limits multi-modal use cases

We now use Supabase because it’s easy to use, it’s open-source, it’s Postgres, and it has a free tier for hosted instances.

We will support other providers in the future to give you more options.

1. Install Docker

You will need to install Docker to run Supabase locally. You can download it here for free.

2. Install Supabase CLI

MacOS/Linux

brew install supabase/tap/supabase

Windows

scoop bucket add supabase https://github.com/supabase/scoop-bucket.git
scoop install supabase

3. Start Supabase

In your terminal at the root of your local PentestGPT repository, run:

supabase start

4. Fill In Secrets

1. Environment Variables

In your terminal at the root of your local PentestGPT repository, run:

cp .env.local.example .env.local

Get the required values by running:

supabase status

Note: Use API URL from supabase status for NEXT_PUBLIC_SUPABASE_URL

Now go to your .env.local file and fill in the values.

If the environment variable is set, it will disable the input in the user settings.

2. SQL Setup

In the 1st migration file supabase/migrations/20240108234540_setup.sql you will need to replace 2 values with the values you got above:

project_url (line 53): http://supabase_kong_pentestgpt:8000 (default) can remain unchanged if you don’t change your project_id in the config.toml file
service_role_key (line 54): You got this value from running supabase status

This prevents issues with storage files not being deleted properly.

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.