Skip to content
/ PentestAssistant Public

Automated Web Penetration Testing Assistant Based on Function Calling and Multi Agent.

License

Apache-2.0 license
123 stars 93 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

HustInfSecLabs/PentestAssistant

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
.vscode
.vscode
 
 
agent
agent
 
 
config
config
 
 
log
log
 
 
model
model
 
 
planner
planner
 
 
plugin
plugin
 
 
retrieval
retrieval
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.py
app.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

PentestAssistant

LLM-based Web automatic penetration detector with function call techniques and multi-agent architectures.

Introduction

🤖 PentestAssistant utilizes three main agents (planner, executor, and refiner agents) to perform the workflow of automatic penetration detection. Moreover, it can invoke several penetration detection tools, such as nmap and sqlmap, according to user requests.

Quick Start

First clone the repository source code

$ git clone https://github.com/HUSTInfSecLabs/PentestAssistant.git

We recommend using conda to create a python virtual environment and using python 3.10

$ cd botend
$ conda create -n PentestAssistant python=3.10
$ python --version
Python 3.10.13

Install all dependencies in the virtual environment

$ conda activate PentestAssistant
$ pip install -r requirements.txt

Install plugins and required dependencies

# CMSeek
$ git clone https://github.com/Tuhinshubhra/CMSeeK
$ pip install -r ./CMSeek/requirements.txt
$ mv ./CMSeeK/* ./plugin/CMSeek/CMSeeK/
# Dirsearch
$ git clone --branch v0.4.3 https://github.com/maurosoria/dirsearch.git
$ pip install -r ./dirsearch/requirements.txt
$ mv ./dirsearch/* ./plugin/Dirsearch/Dirsearch/
# Tplmap
$ git clone https://github.com/epinna/tplmap.git
$ pip install -r ./tplmap/requirements.txt
$ mv ./tplmap/* ./plugin/Tplmap/Tplmap/
# XSStrike
$ git clone https://github.com/s0md3v/XSStrike.git
$ pip install -r ./XSStrike/requirements.txt
$ mv ./XSStrike/* ./plugin/XSStrike/XSStrike/

For LLM, we support some popular and commercial LLM, such as ChatGPT, deepseek, and Qwen, we should select one and add the api key to the configuration.

In this project, we use a reranker model to sort all api list to help LLM reduct the selection range, so we should download this reranker model: bge-reranker-large and modify the configuration.

Moreover, we need to install the following penetration testing tools for PenetestAssistant to call: Nmap, Sqlmap, Tqlmap, Xsstrike, Dirsearch, Dnsenum, Hydra, and Dirsearch. For Xsstrike, Tplmap, Dirsearch, and CMSeek, we have included them in our source code, so we do not need to install them again.

Now, we can use PentestAssistant.

$ python app.py

Contact Us

If you are also interested in this project, please contact us at [email protected].

About

Automated Web Penetration Testing Assistant Based on Function Calling and Multi Agent.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

123 stars

Watchers

78 watching

Forks

93 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 10

Languages