当前位置:首页 > 报告详情

构建人工智能渗透测试助手.pdf

上传人: 可*** 编号:991862 2025-12-07 17页 2.20MB

1、Building an AI Pen-testing AssistantTool ObjectivesHave a conversational-guide style(so a chatbot)Have knowledge of CVEs and other vulnerability databasesHave knowledge of common pen-test tools(nmap,Metasploit,etc.)Be able to automatically execute those toolsAngry Beaver is born3Conversational chatb

2、ot4 OpenAI gpt-4o model Shell stdin/stdout Local nodejs programThe CVE Knowledge-base5 containers:cna:affected:product:n/a,vendor:n/a,versions:status:affected,version:n/a ,datePublic:1999-12-19T00:00:00,descriptions:lang:en,value:Groupwise web server GWWEB EXE allows remote attackers to read attackC

3、omplexity:LOWattackVector:NETWORKavailabilityImpact:HIGHbaseScore:7.5baseSeverity:HIGHconfidentialityImpact:HIGHcontent:description:MIME buffer overflow in email c content_type:cvecontent_type_display_name:CVEcveId:CVE-1999-0004datePublished:2000-02-04description:MIME buffer overflow in email client

4、s,e.g.So integrityImpact:HIGHis_ai_generated:trueprivilegesRequired:NONEreferences:https:/ technicalSkills:Nonetools:Tool-calling6User:Do a network scanLLM:Do I have a tool for that?Network scan toolGet local weather toolToolsLLM:Use the network scan toolLLM:Network scan resultsPutting it all togeth

5、er7Putting it all together8Success!9Success?Problems10 Long-running node program was resource-intensive Did not work for interactive commands like metasploit Echoing command results through the LLM wastes context,took longer,and was more expensive Just wasnt working very wellNew UI A local webpage!11New UI A local webpage!12New UI A local webpage!13Check for destructive commands141516Q&A?17

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
客服
商务合作
小程序
服务号
折叠