PentestGPT & ReconAIzer

Standalone AI assistants and Burp Suite extensions that leverage GPT models for interactive penetration testing guidance and automated traffic analysis.

PentestGPT

🧠

PentestGPT

github.com/GreyDGL/PentestGPT

An interactive penetration testing assistant powered by GPT-4 that provides real-time guidance through the pentesting process.

Installation

# Clone repository
git clone https://github.com/GreyDGL/PentestGPT.git
cd PentestGPT

# Install dependencies
pip install -r requirements.txt

# Set API key
export OPENAI_API_KEY="your-api-key"

# Run PentestGPT
python main.py

Features

Interactive Sessions

Chat-based interface for real-time pentesting guidance and next-step recommendations.

Context Awareness

Maintains session context to provide relevant suggestions based on previous findings.

Tool Integration

Suggests appropriate tools and provides command syntax for common operations.

Methodology Guidance

Follows structured pentesting methodologies (OWASP, PTES, OSSTMM).

Usage Example

You: I've discovered port 445 is open on 192.168.1.100. What should I do next?

PentestGPT: Port 445 indicates SMB (Server Message Block) service. Here's my recommended approach:

1. **Enumerate SMB shares:**
   ```
   smbclient -L //192.168.1.100 -N
   crackmapexec smb 192.168.1.100 --shares
   ```

2. **Check for null sessions:**
   ```
   enum4linux -a 192.168.1.100
   ```

3. **Scan for vulnerabilities:**
   ```
   nmap -p445 --script smb-vuln* 192.168.1.100
   ```

4. **Check for EternalBlue (MS17-010):**
   ```
   nmap -p445 --script smb-vuln-ms17-010 192.168.1.100
   ```

Would you like me to elaborate on any of these steps?

ReconAIzer

🔍

ReconAIzer

Burp Suite Extension

A Burp Suite extension that uses OpenAI to analyze HTTP traffic and identify potential security issues automatically.

Installation

  1. Download ReconAIzer from BApp Store or GitHub
  2. In Burp Suite, go to Extensions → Add
  3. Select the ReconAIzer JAR file
  4. Configure OpenAI API key in extension settings

Features

Automatic Analysis

Analyzes HTTP requests/responses for vulnerabilities, sensitive data exposure, and security misconfigurations.

Context Menu Integration

Right-click any request to send it to AI for analysis with custom prompts.

Payload Suggestions

Generates attack payloads based on detected parameters and application behavior.

BurpGPT

🔥

BurpGPT

github.com/aress31/burpgpt

Integrates OpenAI's GPT models directly into Burp Suite for passive scanning and traffic analysis with natural language insights.

Key Capabilities

  • Passive vulnerability scanning with AI analysis
  • Custom prompt templates for specific vulnerability types
  • Batch analysis of multiple requests
  • Export findings in various formats
  • Integration with Burp's issue tracker

HackerGPT

💀

HackerGPT

chat.hackerai.co

A specialized security-focused GPT designed for ethical hacking, bug bounty hunting, and penetration testing assistance.

Features

🎯

Bug Bounty Focus

Optimized for vulnerability hunting

📝

Report Writing

Helps draft vulnerability reports

🔧

Tool Guidance

Command syntax and usage

Comparison

Tool Type Best For Cost
PentestGPT CLI Assistant Interactive guidance, learning API costs
ReconAIzer Burp Extension Web app testing, traffic analysis API costs
BurpGPT Burp Extension Passive scanning, batch analysis API costs
HackerGPT Web App Bug bounty, quick questions Free tier available

API Costs

Most AI security tools require OpenAI API access. Monitor your usage to control costs. Consider using GPT-3.5-turbo for less critical tasks to reduce expenses.
← HexStrike AI Next: Autonomous Agents →