greydgl / pentestgpt Goto Github PK

To get a free version , let user chose its own model from the huggingface library and run it on gpu to make it work then use this model instead of openai api

On peut ajouter autres outils à pentestGPT?
et il existe également un nombre limité d'actions comme pentestgpt basé sur "GPT plus" a un nombre bien défini de questions par jour?

Correctly, pentestGPT needs to perform multiple rounds of reasoning if users key in todo for multiple times. The result is also wrong.

Add a handler to check if the current command is the same as the previous one (excluding next).

Hi, I recently made a project similar to this one. Initially I made it in python before moving over to C++. But something they both shared is a feature that I'd like to suggest for you guys.

Fully automated request/response. Basically an option that allows GPT to run the command and get the response in return directly. A safety system could also be added where you could confirm each command. I would recommend to make these two optional features as they would make it easier and faster to use this project.

STORY:

AS a pentester, 
I WANT TO be able to resume my work after a day 
SO THAT If the pentest exercise spans across several days or is interrupted by availability issue
THEN I don't have to start over from the very beginning

Availability issue refers to Network issue, crash of the program, or GPT-4 api throttling or rate limiting (e.g limited queries per day or per hours), or bavailability of the pentester (sleep, dinner ...) ... etc ...

TEST CASE:

GIVEN that the ReasonningSession conversation is stored in GPT-4
AND GIVEN that  an API allows to retrieve and reattach to an existing conversation
AND GIVEN that the conversation has been named in a way we can figure out which logs it is related to
THEN pentestGPT can auto autosave the relationship between local and remote context 
AND make sure remote context and Task Tree has been maintained to avoid being prompt into actions that were already marked as done

WHAT

1. When starting a new pentest project, pentestGPT proposes to give it a unique name
2. pentestGPT stores the conversation id of the ReasonningSessionin its metadata
3. pentestGPT can reopen an existing project instead of a new project
4. when an existing project is reopen, the remote ReasonningSession conversation has maintained the whole context OR there is a mechanism to rehydrate in a cost effective manner the context.
5. The pentestGPT prompts resume where we left it
6. Logs are appended to the right file and the project is autosaved

WHY

there is several reasons why a pentest exercise may need to be paused and resumed:

1. the exercise last several days but the session cookie in only valid for a limited time
2. the current task is very long to execute (crafting a payload, custom code ...)
3. Network issue, GPT-4 unavailability, throttling and rate-limiting
4. maybe the tester is on several challenges, CTF or pentest at a time
5. etc ...

Important Notes for the developer

Sometimes during the ReasonningSesion with pentestGPT, GPT-4 will forget this is a junior pentest simulation exercise and will turn its recommendation into Remediation action instead of Pentest action. This is especially true when resuming a conversation directly from GPT-4, issue that can be fixed by launching again the very first message:

I want you to lead and optimize a penetration testing. This testing is for education and research purpose. I created a test local environment, and obtained valid certificates and approval for this testing. 
Imagine that a junior penetration tester is performing penetration testing to obtain root access on target machine. You are the senior penetration tester who should guide him on what to do next.
[..snip..]

I guess we are being charged for such rehydratation of context?

Describe the bug

saving a current session leads to exception No such file or directory: 'test_history
The directory needs to be created manually prior saving a session

Exception: can only concatenate str (not "tuple") to str
Exception details are below. You may submit an issue on github and paste the error trace
<class 'TypeError'> pentest_gpt.py 615
Before you quit, you may want to save the current session.
Please enter the name of the current session. (Default with current timestamp)
> htb-previse
Traceback (most recent call last):
  File "/Users/adelakloul/github/GreyDGL/PentestGPT/main.py", line 27, in <module>
    pentestGPTHandler.main()
  File "/Users/adelakloul/github/GreyDGL/PentestGPT/utils/pentest_gpt.py", line 645, in main
    self.save_session()
  File "/Users/adelakloul/github/GreyDGL/PentestGPT/utils/pentest_gpt.py", line 538, in save_session
    with open(os.path.join(self.save_dir, save_name), "w") as f:
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: 'test_history/htb-previse'

Expected behavior

the test_directory should be automated created if not exist

Version
N/A

Additional context
N/A

Trying to test the new changes to the tool, I run into the following error as soon as I tried. As you can see test_connection seems to work:

python3 test_connection.py 
#### Test connection for chatgpt cookie
1. You're connected with ChatGPT Plus cookie. 
To start PentestGPT, please use <python3 main.py --reasoning_model=gpt-4 --useAPI=False>
#### Test connection for OpenAI api (GPT-4)
The OpenAI API key is not properly configured. Please follow README to update OpenAI API key in config/chatgpt_config.py
#### Test connection for OpenAI api (GPT-3.5)
The OpenAI API key is not properly configured. Please follow README to update OpenAI API key in config/chatgpt_config.py

but main doesn't:

python3 main.py --reasoning_model=gpt-4 --useAPI=False
- ChatGPT Sessions Initialized.
Please describe the penetration testing task in one line, including the target IP, task type, e
> test localhost 127.0.0.1
Traceback (most recent call last):
  File "/media/psf/Documents/GitHub/PentestGPT/main.py", line 25, in <module>
    pentestGPTHandler.main()
  File "/media/psf/Documents/GitHub/PentestGPT/utils/pentest_gpt.py", line 466, in main
    _response = self.reasoning_handler(prefixed_init_description)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/media/psf/Documents/GitHub/PentestGPT/utils/pentest_gpt.py", line 128, in reasoning_handler
    response = self.chatGPT4Agent.send_message(
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/media/psf/Documents/GitHub/PentestGPT/utils/chatgpt_api.py", line 92, in send_message
    conversation = self.conversation_dict[conversation_id]
                   ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
KeyError: None

Is anyone else having this issue? or am I missing something?

In the installation instructions step number two ⬇️:
"Configure the cookies in config. You may follow a sample by cp config/chatgpt_config_sample.py config/chatgpt_config.py.
If you're using cookie:
Login to ChatGPT session page.
In Inspect - Network, find the connections to the ChatGPT session page.
Find the cookie in the request header in the request to https://chat.openai.com/api/auth/session and paste it into the cookie field of config/chatgpt_config.py. (You may use Inspect->Network, find session and copy the cookie field in request_headers to https://chat.openai.com/api/auth/session)"

It says to use the cookie in the request header, however, the cookie in the request header is made up of multiple different cookies such as:
'__Host-next-auth.csrf-token'
'__cf_bm'
'__Secure-next-auth.callback-url'
'_cfuvid'
'intercom-session-dgkjq2bp'

I've tried using the the one big cookie that is a combination of all of these cookies that shows up as 'Cookie' in the request header, and I've also tried using some of the values for the individual cookies that are contained within. All to no avail, although I haven't tested each of the individual values yet though.

Does anyone know if I should be using one of the particular cookies that I listed, or if I should be using the big cookie where they are all combined. I've been trying to get this right for a few hours now and have had no success so any help would be greatly appreciated!

Spent couple of hours trying to get this tool running but no luck, there are many cookies once you login to chatgpt (browser->dev tools->storage->cookies), it is not clear what values should I pick and in what format as the tools makes http request..

Implement the parser for Metasploit. Sample prompt:

I want you to act as a penetration tester and perform a tutorial session for students. You can use Metasploit as the tool to detect vulnerabilities on a mock website. You should react based on the terminal outputs I give you, and always return me the commands to operate next. You should repeat until a sql vulnerability is identified. Then you should tell the students "vulnerability identified!!!". Do you understand?

In the current version, user chooses the next todo from a option list. This is not good because more options will be supported in the future, making the option list long and messy.
Instead, a msfconsole-like solution is preferred. Users need to type in specific commands. An auto-refill option should be provided.

The current command_execution.py may result in the execution of vulnerable codes in the terminal.
Need to come up with a way to sandbox the command line execution, or at least catch those potentially vulnerable executions.

Any ideas why Im getting this? sorry for being a noob , loves the idea tho

Following your tutorial, you will https://chat.openai.com/api/auth/session The cookie in the request header under the website, paste it into config/chatgpt_ The cookie field of config.py. Run Python 3 test_ Connection.py has been unable to connect properly. I have also tried using co okiehttps://chat.openai.com/backend-api/conversations It doesn't work either. Can you provide a detailed installation tutorial? Thank you very much!

It is necessary to compare GPT-4 API with ChatGPT plus GPT-4.
Also, it is necessary to optimize the prompts for API version (prompt compression, etc.)
GPT-4 is so expensive...

OpenAI Azure is not working with this, quick workaround for people who want to use azure openai now is to adjust chatgpt_api.py (you could do this properly via config)

    openai.api_key = config.openai_key
    openai.api_type = "azure"  
    openai.api_base = "https://{deploymentname}azure.com/"  
    openai.api_version = "2023-03-15-preview"

    self.history_length = 3  # maintain 3 messages in the history. (3 chat memory)
    self.conversation_dict: Dict[str, Conversation] = {}

def chatgpt_completion(self, history: List, model="gpt-3.5-turbo") -> str:
    if self.config.model == "gpt-4":
        model = "gpt-4"
        engine = "{gpt4deployment}"
    else: 
        engine = "{gpt3.5deployment}"

Hello @GreyDGL

Great work.

I have been trying to use the tool, however, I am unable to because I could not login even after supplying the full cookie and other required parameters. I keep getting a 403 response.

In addition to that, may I ask if a paid account is required to use this or a free account should work?

Thanks.

Using ChatGPT interface:

Traceback (most recent call last):
  File "/workspace/main.py", line 19, in <module>
    pentestGPTHandler.main()
  File "/workspace/utils/pentest_gpt.py", line 466, in main
    _response = self.reasoning_handler(prefixed_init_description)
  File "/workspace/utils/pentest_gpt.py", line 128, in reasoning_handler
    response = self.chatGPT4Agent.send_message(
  File "/workspace/utils/chatgpt.py", line 184, in send_message
    message_id = self.get_latest_message_id(conversation_id)
  File "/workspace/utils/chatgpt.py", line 110, in get_latest_message_id
    return r.json()["current_node"]
KeyError: 'current_node'

https://github.com/GreyDGL/PentestGPT/blob/main/utils/chatgpt.py#L106-L110

Bypassing this leads to no recommendations.

Hi, when I try to install, I get an error :

The cookie is not properly configured. Please follow README to update cookie in config/chatgpt_config.py

I use the version published this morning.

I followed the README procedure, accessing the link and copying the "cookie" field from the request and pasting it into the chatgpt_config.py file

I wish I could be more useful here, I tried looking in the loguru logs, but it doesn't show much. This is the only error I had, no traceback.

So I have been trying to test the connection using the appropriate python file, but I consistently get the same error:

Traceback (most recent call last):
File "/Users/gold/Documents/Programs/PentestGPT/test_connection.py", line 13, in
chatgpt = ChatGPT(chatgpt_config)
^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/gold/Documents/Programs/PentestGPT/utils/chatgpt.py", line 78, in init
self.headers["authorization"] = self.get_authorization()
^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/gold/Documents/Programs/PentestGPT/utils/chatgpt.py", line 84, in get_authorization
r = requests.get(url, headers=self.headers)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/lib/python3.11/site-packages/requests/api.py", line 73, in get
return request("get", url, params=params, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/lib/python3.11/site-packages/requests/api.py", line 59, in request
return session.request(method=method, url=url, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/lib/python3.11/site-packages/requests/sessions.py", line 587, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/lib/python3.11/site-packages/requests/sessions.py", line 701, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/lib/python3.11/site-packages/requests/adapters.py", line 489, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "/opt/homebrew/lib/python3.11/site-packages/urllib3/connectionpool.py", line 703, in urlopen
httplib_response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/lib/python3.11/site-packages/urllib3/connectionpool.py", line 398, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/opt/homebrew/lib/python3.11/site-packages/urllib3/connection.py", line 244, in request
super(HTTPConnection, self).request(method, url, body=body, headers=headers)
File "/opt/homebrew/Cellar/[email protected]/3.11.3/Frameworks/Python.framework/Versions/3.11/lib/python3.11/http/client.py", line 1283, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/opt/homebrew/Cellar/[email protected]/3.11.3/Frameworks/Python.framework/Versions/3.11/lib/python3.11/http/client.py", line 1324, in _send_request
self.putheader(hdr, value)
File "/opt/homebrew/lib/python3.11/site-packages/urllib3/connection.py", line 224, in putheader
_HTTPConnection.putheader(self, header, *values)
File "/opt/homebrew/Cellar/[email protected]/3.11.3/Frameworks/Python.framework/Versions/3.11/lib/python3.11/http/client.py", line 1256, in putheader
values[i] = one_value.encode('latin-1')
^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeEncodeError: 'latin-1' codec can't encode character '\u2026' in position 512: ordinal not in range(256)

I am going to inspect, network, filter using the session URL, click headers, and go to request headers. I copied the entire value for cookie and put it as the value for the chatgpt_config.py file and it generates the above error. I wanted to know if this was an issue on my side or if it is a possible error with something that was included?

When using the 'more' option, the program will crash with:

Exception: 'pentestGPT' object has no attribute 'step_reasoning_response'

Full session before crash

C:\home\kali\PentestGPT> python3 main.py --reasoning_model=gpt-4
- ChatGPT Sessions Initialized.
Please describe the penetration testing task in one line, including the target IP, task type, etc.
> HackTheBox single host challenge. Windows machine. 10.10.10.161.
- Task information generated. 

PentestGPT suggests you to do the following: 
Based on the information provided, I'll update the tasks and provide a recommendation for the next task. 

Initial tasks:
1. Information gathering
   1.1 Perform network scanning
   1.2 OS fingerprinting
   1.3 Service enumeration

Next Task: 
1.1 Perform network scanning - Use a tool like Nmap to scan for open ports and running services on the target machine (10.10.10.161).
You may start with:
Sure, here's an example of what the first step could look like:

Task: Perform a port scan on the target IP address to identify open ports.

Command: 

nmap <target_ip>

Description: 
The 'nmap' command is used to perform a port scan on the target IP address. This will help identify which ports are open and what services are running on them. The output will provide important information about the target system's 
architecture, operating system, and potentially vulnerable services. You can use the '-A' option to enable OS detection, version detection, script scanning, and traceroute all in one command. 

Example: 

nmap -A 192.168.1.100

This command will perform a comprehensive scan on the IP address '192.168.1.100'. It will use aggressive scanning techniques to identify open ports, running services, and the operating system. It may also run scripts to detect 
vulnerabilities. The output will be displayed in the terminal window.
>  more
Invalid task, try again.
> more
Exception: 'pentestGPT' object has no attribute 'step_reasoning_response'

Recently I was getting an error (the could not encode error) that was fixed with the latest release of PentestGPT. I am now getting an error that says this when I run it with the command (python3 main.py --reasoning_model=gpt-4 --useAPI=False):

`python3 main.py --reasoning_model=gpt-4 --useAPI=False

• ChatGPT Sessions Initialized.
  Please describe the penetration testing task in one line, including the target IP, task type, etc.

i want to test 10.10.11.189
Traceback (most recent call last):
File "/Users/gold/Documents/Programs/PentestGPT/main.py", line 25, in
pentestGPTHandler.main()
File "/Users/gold/Documents/Programs/PentestGPT/utils/pentest_gpt.py", line 466, in main
_response = self.reasoning_handler(prefixed_init_description)
File "/Users/gold/Documents/Programs/PentestGPT/utils/pentest_gpt.py", line 128, in reasoning_handler
response = self.chatGPT4Agent.send_message(
File "/Users/gold/Documents/Programs/PentestGPT/utils/chatgpt_api.py", line 92, in send_message
conversation = self.conversation_dict[conversation_id]
KeyError: None`

Again, this seems to be an error that may relate to the cookie and the ability for the program to send and receive messages from ChatGPT. I do have a ChatGPT plus so that is not the issue (using the cookie for GPT-4). I will check later if it is working on my Windows device still.

This is the error i get when i run it. Using python3.10 in a conda env.

Traceback (most recent call last):
File "/home/kp/ai/pentestgpt/test_connection.py", line 4, in
from utils.chatgpt import ChatGPT
File "/home/kp/ai/pentestgpt/utils/chatgpt.py", line 14, in
from config.chatgpt_config import ChatGPTConfig
ModuleNotFoundError: No module named 'config.chatgpt_config'

Describe the bug

Using cookie authentication.
Apparently there is no timeout to wait for GPT-4 reasonningSession result,
but for some unknown reason, while GPT-4 completed its task, pentestGPT is still waiting for a response.
pentestGPT shows the message PentestGPT Thinking... and it takes ages before I decide to CTRL-C

possible remediation:

1. pentestGPT timeout should be aligned with GPT-4 timeout
2. in case of timeout without a response returned, we could be proposed to copy-paste GPT-4 response to carry on or quit

To Reproduce
Not sure how to reproduce, it may just happen

Expected behavior
Since I can see GPT-4 answer, I would have expected pentestGPT to see it as well.

Screenshots
N/A

Version
cookies authentication

Additional context
You're recommended to upload the log file for debugging. Add any other context about the problem here.

⠼  PentestGPT Thinking...
⠏  PentestGPT Thinking...
⠙  PentestGPT Thinking...
Traceback (most recent call last):
  File "/Users/pentester01/github/GreyDGL/PentestGPT/main.py", line 27, in <module>
    pentestGPTHandler.main()
  File "/Users/pentester01/github/GreyDGL/PentestGPT/utils/pentest_gpt.py", line 490, in main
    result = self.input_handler()
             ^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/github/GreyDGL/PentestGPT/utils/pentest_gpt.py", line 298, in input_handler
    reasoning_response = self.reasoning_handler(parsed_input)
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/github/GreyDGL/PentestGPT/utils/pentest_gpt.py", line 128, in reasoning_handler
    response = self.chatGPT4Agent.send_message(
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/github/GreyDGL/PentestGPT/utils/chatgpt.py", line 236, in send_message
    result = self._parse_message_raw_output(r)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/github/GreyDGL/PentestGPT/utils/chatgpt.py", line 130, in _parse_message_raw_output
    for line in response.iter_lines():
  File "/Users/pentester01/.pyenv/versions/v3/lib/python3.11/site-packages/requests/models.py", line 865, in iter_lines
    for chunk in self.iter_content(
  File "/Users/pentester01/.pyenv/versions/v3/lib/python3.11/site-packages/requests/models.py", line 816, in generate
    yield from self.raw.stream(chunk_size, decode_content=True)
  File "/Users/pentester01/.pyenv/versions/v3/lib/python3.11/site-packages/urllib3/response.py", line 932, in stream
    yield from self.read_chunked(amt, decode_content=decode_content)
  File "/Users/pentester01/.pyenv/versions/v3/lib/python3.11/site-packages/urllib3/response.py", line 1075, in read_chunked
    chunk = self._handle_chunk(amt)
            ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/v3/lib/python3.11/site-packages/urllib3/response.py", line 1017, in _handle_chunk
    value = self._fp._safe_read(amt)  # type: ignore[union-attr]
            ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/http/client.py", line 631, in _safe_read
    data = self.fp.read(amt)
           ^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/socket.py", line 706, in readinto
    return self._sock.recv_into(b)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/ssl.py", line 1278, in recv_into
    return self.read(nbytes, buffer)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/ssl.py", line 1134, in read
    return self._sslobj.read(len, buffer)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
KeyboardInterrupt

(v3) pentester01@Pentester01s-MBP PentestGPT %    ^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/socket.py", line 706, in readinto
    return self._sock.recv_into(b)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/ssl.py", line 1278, in recv_into
    return self.read(nbytes, buffer)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/ssl.py", line 1134, in read
    return self._sslobj.read(len, buffer)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
KeyboardInterrupt   ^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/socket.py", line 706, in readinto
    return self._sock.recv_into(b)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/ssl.py", line 1278, in recv_into
    return self.read(nbytes, buffer)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/ssl.py", line 1134, in read
    return self._sslobj.read(len, buffer)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
KeyboardInterrupt  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/socket.py", line 706, in readinto
    return self._sock.recv_into(b)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/ssl.py", line 1278, in recv_into
    return self.read(nbytes, buffer)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/ssl.py", line 1134, in read
    return self._sslobj.read(len, buffer)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
KeyboardInterrupt

(v3) pentester01@Pentester01s-MBP PentestGPT %    ^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/socket.py", line 706, in readinto
    return self._sock.recv_into(b)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/ssl.py", line 1278, in recv_into
    return self.read(nbytes, buffer)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/ssl.py", line 1134, in read
    return self._sslobj.read(len, buffer)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
KeyboardInterrupt   ^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/socket.py", line 706, in readinto
    return self._sock.recv_into(b)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/ssl.py", line 1278, in recv_into
    return self.read(nbytes, buffer)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/pentester01/.pyenv/versions/3.11.3/lib/python3.11/ssl.py", line 1134, in read
    return self._sslobj.read(len, buffer)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
KeyboardInterrupt

I can select different options, but I can't accept, or continue in any way. Tried all kinds of commands. Enter, letters, space, escape, arrow keys.

When the output from the terminal is too long, it is not possible for chatGPT to read the full information effectively. We need some parser to effectively filter out the non-useful information generated by the tools (SQLmap, for example).

Proposed changes.

• Remove useless information from the terminal output through some heuristic methods
• Double-confirm if a vulnerability is detected through keyword mapping. This is because that ChatGPT cannot always generate the ideal keyword at vulnerability detection.

The current testing process is inefficient. Add unit tests for each module/session.

I follow every step in README but when I want to test it this Error occurred:

here is

Observation: If you were to Google an HTB box name, your first three results would likely include the solution guide/walkthrough for that box...

Suggestion: Perhaps the demonstration video would reach the level of demonstrating value if the target was not a host that has a known set of vulnerabilities/misconfigurations which are widely published on the internet.

should i use GPTplus or i can use the normal chatgpt ?

In the current implementation, the prompts are hard-coded in the script.

1. Consider to move them into the separate prompts folder.
2. Consider the proper structure to store the prompts for future upgrades.

I'm following the directions in Readme.md

When I enter:
python3 utils/chatgpt.py

I get:
Traceback (most recent call last):
File "/home/user/tools/PentestGPT/utils/chatgpt.py", line 13, in
import config.chatgpt_config
ModuleNotFoundError: No module named 'config'

When i use next command, nothing append. I can move the cursor but cannot continue :
https://1drv.ms/v/s!AmD5YxdEKJhkjvI0AWEk_-esjUZrQQ?e=HiFXby

hello

im getting the following error

C:\Users\Jerem\Downloads\chatgpt\PentestGPT>python3 main.py --reasoning_model=gpt-4 --useAPI

• ChatGPT Sessions Initialized.
  Please describe the penetration testing task in one line, including the target IP, task type, etc.

I want to perform a penetration test on a web application. The target IP is 172.67.220.53
Traceback (most recent call last):
File "C:\Users\Jerem\Downloads\chatgpt\PentestGPT\main.py", line 25, in
pentestGPTHandler.main()
File "C:\Users\Jerem\Downloads\chatgpt\PentestGPT\utils\pentest_gpt.py", line 466, in main
_response = self.reasoning_handler(prefixed_init_description)
File "C:\Users\Jerem\Downloads\chatgpt\PentestGPT\utils\pentest_gpt.py", line 128, in reasoning_handler
response = self.chatGPT4Agent.send_message(
File "C:\Users\Jerem\Downloads\chatgpt\PentestGPT\utils\chatgpt_api.py", line 92, in send_message
conversation = self.conversation_dict[conversation_id]
KeyError: None

im not sure what im doing wrong

i have plus subscription

The main issue now is that the documentations are typically too long to be embedded in one question/response. Consider

1. Repeatedly ask ChatGPT to only reply with the doc.
2. Try other GPT APIs?

Test Discord webhook

There are some problems when using the tool:

1. Sometimes the task is not started with nmap.
2. Use Ctrl-C on the Windows terminal does not load status bar.
3. The test generation session cannot capture the right task. Example: https://chat.openai.com/chat/1a0f5b9f-9e94-4ac8-8db6-d8d1b88951c0

Since the project is using the OpenAI API now, it would be great if we could know the estimated cost for each conversation/session, this feature can be useful for benchmarking or simply give the people wanting to use it an idea of how much it will cost them.

Some implementation idea:

• count tokens using libraries like https://github.com/openai/tiktoken
• calculate the cost of the entire session when it finishes (as the first step)
• provide an option to display the number of tokens in each request and response (including the backend reasoning sessions)

Would it be possible to propose the use of API keys as a method of authentication?

PentestGPT suggests you to do the following:
(None, None)
Traceback (most recent call last):
File "/home/kali/Desktop/PentestGPT/main.py", line 27, in
pentestGPTHandler.main()
File "/home/kali/Desktop/PentestGPT/utils/pentest_gpt.py", line 610, in main
self.initialize(previous_session_ids=loaded_ids)
File "/home/kali/Desktop/PentestGPT/utils/pentest_gpt.py", line 194, in initialize
self._feed_init_prompts()
File "/home/kali/Desktop/PentestGPT/utils/pentest_gpt.py", line 128, in _feed_init_prompts
"PentestGPT", "PentestGPT suggests you to do the following: \n" + _response
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
TypeError: can only concatenate str (not "tuple") to str

I am currently attempting to run PentestGPT in Kali Linux. However, I seem to be encountering issues with the <Shift + Right Arrow> feature, which is used to select an item and move to the next line. I am stuck at the input section below and cannot select anything to enter my input. This is preventing me from proceeding to the next step as the <Shift + Right Arrow> function does not seem to be working.

Small thing, but would be better to get rid of double requests module name under requirements.txt

I tried to get the cookies from chrome session and I also set an API Key but the test_connection.py always give a "not properly configured" output.

What is wrong here ?
Maybe you can give us a list, which cookies are really necessary.
Should they be separated by space or not ?
What is wrong with using API ? I set a new secret, copy+pasted it over and it just got ignored. I used model gtp-4, gpt-3.5 - nothing works.