GPT_Vuln-analyzer: create vulnerability reports via ChatGPT API, Python-Nmap, DNS Recon modules

create vulnerability reports

GPT_Vuln-analyzer

This is a Proof Of Concept application that demonstrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT made using open-API, python-nmap, dnsresolver python modules and also use customtkinter and tkinter for the GUI version of the code. This project also has a CLI and a GUI interface, It is capable of doing network vulnerability analysis, DNS enumeration, and also subdomain enumeration.

Advantage

  • Can be used in developing more advanced systems completely made of the API and scanner combination
  • Has the capability to analyze DNS information and resolve multiple records in a more better format.
  • Can increase the effectiveness of the final system
  • Can also perform subdomain enumeration
  • Highly productive when working with models such as GPT3

Understanding the code

Profiles:

Parameter Return data Description Nmap Command
p1 json Effective Scan -Pn -sV -T4 -O -F
p2 json Simple Scan -Pn -T4 -A -v
p3 json Low Power Scan -Pn -sS -sU -T4 -A -v
p4 json Partial Intense Scan -Pn -p- -T4 -A -v
p5 json Complete Intense Scan -Pn -sS -sU -T4 -A -PE -PP -PY -g 53 --script=vuln

The profile is the type of scan that will be executed by the nmap subprocess. The Ip or target will be provided via argparse. At first, the custom nmap scan is run which has all the crucial arguments for the scan to continue. Next, the scan data is extracted from the huge pile of data driven by nmap. the “scan” object has a list of sub-data under “tcp” each labeled according to the ports opened. once the data is extracted the data is sent to the openai API davenci model via a prompt. the prompt specifically asks for a JSON output and the data also to be used in a certain manner.

The entire structure of request that has to be sent to the openai API is designed in the completion section of the Program.

Install & Use