Pentesting Tools

PentestGPT – A Comprehensive Guide To Local And Hosted Deployment

PentestGPT provides advanced AI and integrated tools to help security teams conduct comprehensive penetration tests effortlessly. Scan, exploit, and analyze web applications, networks, and cloud environments with ease and precision, without needing expert skills.

A Special Note Of Thanks

Thank you so much, @fkesheh and @Fx64b, for your amazing work and dedication to this project.

Thank you for being part of the HackerAI family.

Important Note About Running PentestGPT Locally

The primary purpose of this GitHub repo is to show what’s behind PentestGPT in order to build trust.

You can run PentestGPT locally, but the RAG system, plugins, and more will only work with proper and complex configuration.

Local Quickstart

Follow these steps to get your own PentestGPT instance running locally.

You can watch the full video tutorial here.

1. Clone The Repo

git clone https://github.com/hackerai-tech/PentestGPT.git

2. Install Dependencies

Open a terminal in the root directory of your local PentestGPT repository and run:

npm install

3. Install Supabase & Run Locally

Why Supabase?

Previously, we used local browser storage to store data. However, this was not a good solution for a few reasons:

  • Security issues
  • Limited storage
  • Limits multi-modal use cases

We now use Supabase because it’s easy to use, it’s open-source, it’s Postgres, and it has a free tier for hosted instances.

We will support other providers in the future to give you more options.

1. Install Docker

You will need to install Docker to run Supabase locally. You can download it here for free.

2. Install Supabase CLI

MacOS/Linux

brew install supabase/tap/supabase

Windows

scoop bucket add supabase https://github.com/supabase/scoop-bucket.git
scoop install supabase

3. Start Supabase

In your terminal at the root of your local PentestGPT repository, run:

supabase start

4. Fill In Secrets

1. Environment Variables

In your terminal at the root of your local PentestGPT repository, run:

cp .env.local.example .env.local

Get the required values by running:

supabase status

Note: Use API URL from supabase status for NEXT_PUBLIC_SUPABASE_URL

Now go to your .env.local file and fill in the values.

If the environment variable is set, it will disable the input in the user settings.

2. SQL Setup

In the 1st migration file supabase/migrations/20240108234540_setup.sql you will need to replace 2 values with the values you got above:

  • project_url (line 53): http://supabase_kong_pentestgpt:8000 (default) can remain unchanged if you don’t change your project_id in the config.toml file
  • service_role_key (line 54): You got this value from running supabase status

This prevents issues with storage files not being deleted properly.

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

5 hours ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

7 hours ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

9 hours ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

9 hours ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

9 hours ago

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

1 day ago