Data

Tools

Indexes

Applications

Experiments

Open Source Science

Recent Releases of hackingbuddygpt

hackingbuddygpt - v0.5.0

Big Changes

  • big update for @DianaStrauss's web api testing work
  • new tmux-based local command execution capability

What's Changed

  • Updated README.md by @Qsan1 in https://github.com/ipa-lab/hackingBuddyGPT/pull/117
  • bump dependencies and add Qsan1's documentation by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/118
  • Display query in the URL on failed request by @emmanuel-ferdman in https://github.com/ipa-lab/hackingBuddyGPT/pull/119
  • updated README.md with correct image by @Qsan1 in https://github.com/ipa-lab/hackingBuddyGPT/pull/120
  • Merge web api testing development by @DianaStrauss in https://github.com/ipa-lab/hackingBuddyGPT/pull/114
  • Adapt prompt engineer by @DianaStrauss in https://github.com/ipa-lab/hackingBuddyGPT/pull/122
  • Create dependency-review.yml by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/124
  • REMOTE SHELL integration using tmux to interact without ssh creds by @ShreyasMahajann in https://github.com/ipa-lab/hackingBuddyGPT/pull/127
  • Merge Development into Main Branch by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/128
  • Bump version from 0.4.0 to 0.5.0 by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/129

New Contributors

  • @emmanuel-ferdman made their first contribution in https://github.com/ipa-lab/hackingBuddyGPT/pull/119
  • @ShreyasMahajann made their first contribution in https://github.com/ipa-lab/hackingBuddyGPT/pull/127

Full Changelog: https://github.com/ipa-lab/hackingBuddyGPT/compare/v0.4.0...v0.5.0

- Python
Published by andreashappe 9 months ago

hackingbuddygpt - v0.4.0

Overview

Good news everyone! There's a new (and long overdue) new version of hackingBuddyGPT out!

The big changes for this release are @Neverbolt's rework of the logging/configuration system and @Qsan1's new prototype that enables small LLMs to perform linux priv-esc attacks. The next use-case is already being prepared and will be in the next release.. stay tuned.

To summarize the big changes:

  • @neverbolt did extensive work on the configuration and logging system:

    • Overwork of the configuration system
    • Added a visual and live web based log viewer, which can be started with wintermute Viewer
    • Updated the configuration system. The new configuration system now allows loading parameters from a .json file as well as choosing which logging backend should be used

  • @lloydchang with @pardaz-banu, @halifrieri, @toluwalopeoolagbegi and @tushcmd added support for dev containers

  • @jamfish added support for key-based SSH access (to the target system)

  • @Qsan1 added a new use-case, focusing on enabling linux priv-esc with small-language models, to quote:

    • Added an extended linux-privesc usecase. It is based on 'privesc', but extends it with multiple components that can be freely switch on or off:
      • Analyze: After each iteration the LLM is asked to analyze the output of that round.
      • Retrieval Augmented Generation (RAG): After each iteration the LLM is prompted and asked to generate a search query for a vector store. The search query is then used to retrieve relevant documents from the vector store and the information is included in the prompt for the Analyze component (Only works if Analyze is enabled).
      • Chain of thought (CoT): Instead of simply asking the LLM for the next command, we use CoT to generate the next action.
      • History Compression: Instead of including all commands and their respective output in the prompt, it removes all outputs except the most recent one.
      • Structure via Prompt: Include an initial set of command recommendations in query_next_command

I thank all our contributors (and hopefully haven't forgotten too many). Enjoy!

What's Changed

  • docs: fix CLI errors, use PascalCase args by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/85
  • feat: add gpt-4o, gpt-4o-mini, o1-preview, o1-mini by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/89
  • feat: add GitHub Codespaces support by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/88
  • docs(README.md): fix typo by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/91
  • fix(.gitignore): ignore temporary codespaces ansible files by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/92
  • Mac target localhost container via gemini openai proxy by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/94
  • docs(README.md): add Mac use case by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/95
  • fix: reorganize scripts by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/96
  • docs: move Codespaces docs to CODESPACES.md, add gemini by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/98
  • Semantic logging #75 by @Neverbolt in https://github.com/ipa-lab/hackingBuddyGPT/pull/79
  • update development branch with changes in main by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/99
  • Update README.md with anti scam message by @Neverbolt in https://github.com/ipa-lab/hackingBuddyGPT/pull/103
  • Add SSH Key Auth [Follow-up] by @jamfish in https://github.com/ipa-lab/hackingBuddyGPT/pull/108
  • Merge RAG usecase into HackerBuddy by @Qsan1 in https://github.com/ipa-lab/hackingBuddyGPT/pull/111
  • New Argument Parsing by @Neverbolt in https://github.com/ipa-lab/hackingBuddyGPT/pull/113
  • Development by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/115

New Contributors

  • @lloydchang made their first contribution in https://github.com/ipa-lab/hackingBuddyGPT/pull/85
  • @jamfish made their first contribution in https://github.com/ipa-lab/hackingBuddyGPT/pull/108
  • @Qsan1 made their first contribution in https://github.com/ipa-lab/hackingBuddyGPT/pull/111

Full Changelog: https://github.com/ipa-lab/hackingBuddyGPT/compare/v0.3.1...v0.4.0

- Python
Published by andreashappe about 1 year ago

hackingbuddygpt - v0.3.0

HackingBuddyGPT 0.3.0

European Summer'24 Heatwave edition

Version 0.3 contains a massive refactoring and rewrite of our code-base (by @Neverbolt and @andreashappe), laying the groundwork for future features. Meanwhile, @DianaStrauss was improving the Web API testing agent.

Also see our latest hacking benchmark results for multiple models.

Notable user-visible changes:

  • GitHub Models are now supported as LLM backend
  • the hackingBuddyGPT CLI is installed (alias to the wintermute CLI) to provide consistency
  • massively improved web api testing agent:
    • new response analyzer to create a report from the testing findings
    • prompt engineering: improved prompt creation, now categorized into task and state planning prompts
    • Streamlined the OpenAPI documentation generation (reconnaissance) process
  • restructured introductory usecases and agents
    • moved them into src/hackingbuddygpt/usecases/examples
    • their names (used by the CLI) start with Ex
  • bump minimal python version to python 3.10

Notable developer-visible changes:

  • allow for streaming responses from LLMs
  • The class hierarchy has been refactored. UseCases showcase the different hacking behaviors provided hackingBuddyGPT. They offer developers flexibility how they implement their hacking techniques. To streamline development, we introduce the Agent base-class. Agents perform hacking in steps/rounds. Developers can automatically wrap an Agent within a usecases to integrate new agents with minimal development overhead into hackingBuddyGPT. For more information, see our documentation.
  • massively increased test coverage

What's Changed

  • Update README.md by @eltociear in https://github.com/ipa-lab/hackingBuddyGPT/pull/66
  • some type hint fixes and a first integration test by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/67
  • Create python-app.yml by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/69
  • Update python-app.yml by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/70
  • add more test-cases (also test github integration) by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/68
  • Improve API and make streaming responses possible by @Neverbolt in https://github.com/ipa-lab/hackingBuddyGPT/pull/71
  • Explorative refactoring by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/73
  • merge diana's changes (and fixes) into development by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/74
  • Development without spacy by @DianaStrauss in https://github.com/ipa-lab/hackingBuddyGPT/pull/76
  • Development without spacy by @DianaStrauss in https://github.com/ipa-lab/hackingBuddyGPT/pull/80
  • merge the current development branch into master by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/81
  • Improved WebAPITesting by @DianaStrauss in https://github.com/ipa-lab/hackingBuddyGPT/pull/82
  • add more web-api-testing changes, fix unittest by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/83

Full Changelog: https://github.com/ipa-lab/hackingBuddyGPT/compare/v0.2.1...v0.3.0

- Python
Published by andreashappe almost 2 years ago

hackingbuddygpt - v0.2.1

What's Changed

  • update main branch by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/1
  • V3 by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/2
  • V4 by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/3
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/4
  • V5 by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/5
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/6
  • V6 by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/8
  • V7 by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/9
  • Fix typo in README.md by @eltociear in https://github.com/ipa-lab/hackingBuddyGPT/pull/10
  • Create jekyll-gh-pages.yml by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/11
  • fix link to old runs by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/12
  • update README by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/13
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/14
  • Implements first version of modular capability system by @Neverbolt in https://github.com/ipa-lab/hackingBuddyGPT/pull/15
  • Adds the possibility to define help text for parameters by @Neverbolt in https://github.com/ipa-lab/hackingBuddyGPT/pull/16
  • Bump idna from 3.6 to 3.7 by @dependabot in https://github.com/ipa-lab/hackingBuddyGPT/pull/17
  • Adds documentation for use cases and configurable by @Neverbolt in https://github.com/ipa-lab/hackingBuddyGPT/pull/18
  • Simplify use-case infrastructure by providing common base-class by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/19
  • Create FUNDING.yml by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/20
  • update documentation by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/21
  • Create CONTRIBUTING.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/23
  • Create SECURITY.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/25
  • update minimal example by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/27
  • Update minimal example description by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/28
  • Unify by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/29
  • allow running hackingbuddygpt with llama-style models again by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/30
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/31
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/32
  • Create linux_privesc.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/33
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/34
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/35
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/37
  • Update documentation by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/38
  • Adds an initial web testing use-case by @Neverbolt in https://github.com/ipa-lab/hackingBuddyGPT/pull/39
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/40
  • Update linux_privesc.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/41
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/42
  • I have no idea what's going on with the github online markdown editor.. by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/43
  • Update README.md for more contributer info by @Neverbolt in https://github.com/ipa-lab/hackingBuddyGPT/pull/44
  • Decision making by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/45
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/46
  • Added web-api-pentest prototype by @DianaStrauss in https://github.com/ipa-lab/hackingBuddyGPT/pull/47
  • fix web-api-pentest link by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/49
  • refactor a bit and add agents by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/50
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/51
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/52
  • update links to point to the documentation site by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/53
  • Bump requests from 2.31.0 to 2.32.0 in the pip group across 1 directory by @dependabot in https://github.com/ipa-lab/hackingBuddyGPT/pull/54
  • Fix docs by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/55
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/56
  • Editorial changes to README.md by @citostyle in https://github.com/ipa-lab/hackingBuddyGPT/pull/57
  • Adds support for generic text parsing of capabilities by @Neverbolt in https://github.com/ipa-lab/hackingBuddyGPT/pull/58
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/59
  • Fixes by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/61
  • Agent with worldview by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/62
  • Restructure by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/64
  • Update README.md by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/65

New Contributors

  • @dependabot made their first contribution in https://github.com/ipa-lab/hackingBuddyGPT/pull/17
  • @citostyle made their first contribution in https://github.com/ipa-lab/hackingBuddyGPT/pull/57

Full Changelog: https://github.com/ipa-lab/hackingBuddyGPT/compare/v0.1.0...v0.2.1

- Python
Published by andreashappe almost 2 years ago

hackingbuddygpt - Second Release

submitted to a new conference, tag it so I can reproduce the excact version if needed

- Python
Published by andreashappe over 2 years ago

hackingbuddygpt - v0.1.0-fse23ivr

  • this was the code submitted to FSE23 IVR

- Python
Published by andreashappe almost 3 years ago