Pentesting AI Project

Welcome to the repository for my Pentesting AI project. This project leverages AutoGen and OpenAI's Language Model (LLM) to create multiple agents with specific tasks, synchronized to achieve the goal of pentesting a webpage. This project aims to streamline the pentesting process, offering flexible modes of user interaction to suit different needs and preferences. The AI generates detailed reports based on its findings and proposes security measures and recommendations. Below, you'll find a detailed description of the project, its components, and how to get started.

Table of Contents

• Overview
• Features
• Components
• Prerequisites
• Setup
• Usage

Overview

This project involves a sophisticated setup of various AI agents designed to collaboratively perform penetration testing on web pages. The agents are configured using AutoGen and OpenAI's LLM, each with a specific role in the pentesting process. The goal is to identify vulnerabilities, exploit them, and generate comprehensive reports.

Features

• Automated Pentesting: Fully automate the penetration testing process.
• Flexible User Interaction: Choose between three interaction modes - ALWAYS, NEVER, and TERMINATE.
  • ALWAYS: User interacts with the AI at every prompt.
  • NEVER: AI works autonomously without user interaction.
  • TERMINATE: User interacts only at the end of the AI's work.
• Report Generation: The AI generates comprehensive reports with findings and recommendations.
• Dockerized: The entire setup runs in a Docker container for enhanced security.

Components

Agents

• Vulnerabilities Searcher

  • Description: A cybersecurity professional specializing in finding vulnerabilities based on scan reports.
  • Task: Research and scan databases such as CVEs and CAPEC for known vulnerabilities.

• Webpage Fetcher

  • Description: Part of the pentesting team specializing in fetching webpage content.
  • Task: Perform requests to the targeted website and fetch the HTML code.

• Report Writer

  • Description: A professional writer who constructs reports summarizing findings.
  • Task: Summarize findings in bullet points and save the reports.

• Code Checker

  • Description: A professional code checker.
  • Task: Verify the correctness of commands or code and suggest improvements.

• Webpage Communicator

  • Description: A professional web communicator.
  • Task: Interact with the webpage based on HTML reports, perform actions like clicking and filling input fields.

• Pentester Exploiter

  • Description: A vulnerabilities expert specializing in exploitation.
  • Task: Create commands to exploit vulnerabilities based on findings.

• Pentester Scanner

  • Description: An info-gathering expert.
  • Task: Create commands for reconnaissance in the early phase of pentesting.

• Code Executor Agent

  • Description: Executes commands locally.
  • Task: Execute provided commands within a specified timeout.

• File Reader Agent

  • Description: Reads file contents.
  • Task: Output the content of files as needed.

• User Proxy Agent

  • Description: A human admin proxy.
  • Task: Manage execution and interaction between different agents.

• Group Chat Manager

  • Description: Manages the pentesting team.
  • Task: Synchronize the team to work in unison without hiccups.

Prerequisites

• Docker
• OpenAI Azure API endpoint and API key

Setup

1. Clone the Repository

   git clone https://github.com/yourusername/pentesting-ai.git
   cd pentesting-ai

2. Configure API Keys

   Set your API key and endpoint, as well as your model name (and your API type if you don't want to use Azure OpenAI), in the config list, at the top of the main.py file.

3. Install Dependencies

   Ensure you have Docker installed, as all dependencies will be handled within the Docker container. However, if you need to review the requirements, they are listed in the requirements.txt file.

4. Build and Run the Docker Container

   docker build -t pentesting-ai .
   docker run -it --name pentesting-ai-container pentesting-ai

Usage

1. Starting the AI

   Once the Docker container is up and running, the AI will start and wait for your input based on the interaction mode you've set.

2. Setting Interaction Mode

   You can set the interaction mode by modifying the interaction_mode variable at the top of the main.py file before running the Docker container.

   Valid options for INTERACTION_MODE are ALWAYS, NEVER, and TERMINATE.

3. Generating Reports

   After the pentesting session, the AI will generate a report with its findings and recommended security measures. The report will be saved in the /groupchat/reports directory within the Docker container. Also any code executed by the ai will have its output saved to the '/groupchat/outputs' directory.