awesome-gpt-security

awesome-gpt-security

A curated list of awesome security tools, experimental case or other interesting things with LLM or GPT.

Stars: 459

Visit
 screenshot

Awesome GPT + Security is a curated list of awesome security tools, experimental case or other interesting things with LLM or GPT. It includes tools for integrated security, auditing, reconnaissance, offensive security, detecting security issues, preventing security breaches, social engineering, reverse engineering, investigating security incidents, fixing security vulnerabilities, assessing security posture, and more. The list also includes experimental cases, academic research, blogs, and fun projects related to GPT security. Additionally, it provides resources on GPT security standards, bypassing security policies, bug bounty programs, cracking GPT APIs, and plugin security.

README:

Awesome GPT + Security Awesome

A curated list of awesome security tools, experimental case or other interesting things with LLM or GPT.

Contents

Attention

Here is A nice tool to Finetune ALL LLMs with ALL Adapeters on ALL Platforms!

Tools

🧰

Integrated

  • SecGPT - SecGPT aims to make further contributions to network security by combining LLM, including penetration testing, red-blue confrontations, CTF competitions, and other aspects.
  • AutoAudit - An LLM for Cyber Security
  • secgpt - Cyber security LLM(Lora finetuned with baichuan-13B using some material of cyber security)
  • HackerGPT-2.0 - HackerGPT is your indispensable digital companion in the world of hacking.

Audit

  • SourceGPT - prompt manager and source code analyzer built on top of ChatGPT as the oracle
  • ChatGPTScanner - A white box code scan powered by ChatGPT
  • chatgpt-code-analyzer - ChatGPT Code Analyzer for Visual Studio Code
  • hacker-ai - An online tool using AI to detect vulnerabilities in source code
  • audit_gpt - Fine-tuning GPT for Smart Contract Auditing
  • vulchatgpt - Use IDA PRO HexRays decompiler with OpenAI(ChatGPT) to find possible vulnerabilities in binaries
  • Ret2GPT - Advanced AI-powered binary analysis tool leveraging OpenAI's LangChain technology, revolutionizing CTF Pwners' experience in binary file interpretation and vulnerability detection.

Reconnaissance

  • CensysGPT Beta - The tool enables users to quickly and easily gain insights into hosts on the internet, streamlining the process and allowing for more proactive threat hunting and exposure management
  • GPT_Vuln-analyzer - Uses ChatGPT API, Python-Nmap, DNS Recon modules and uses the GPT3 model to create vulnerability reports based on Nmap scan data, and DNS scan information. It can also perform subdomain enumeration to a great extent
  • SubGPT - SubGPT looks at subdomains you have already discovered for a domain and uses BingGPT to find more.
  • Navi - A QA based Reconnaissance Tool with GPT
  • ChatCVE - The ChatCVE Lang Chain App is an AI-powered devSecOps application 🔍, for oganizations triaging and aggregating CVE (Common Vulnerabilities and Exposures) information.
  • ZoomeyeGPT - ZoomEyeGPT browser extension is a GPT-based Chrome browser extension designed to bring AI-assisted search experience to ZoomEye users.
  • uncover-turbo - Realize a general-purpose natural language surveying and mapping engine, and open up the last mile from natural language to surveying and mapping grammar.
  • DevOpsGPT - AI-Driven Software Development Automation Solution

Offensive

  • PentestGPT - A GPT-empowered penetration testing tool
  • burpgpt - A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.
  • ReconAIzer - A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!
  • CodaMOSA - CodaMOSA is the paper code of CodaMOSA: Escaping Coverage Plateaus in Test Generation with Pre-trained Large Language Models. It implements a fuzzer combined with OpenAI API, aiming to alleviate the problem of stagnant coverage in traditional fuzz.
  • PassGAN - A Deep Learning Approach for Password Guessing. HomeSecurityHeroes land a Product, and you can test how much time an AI would need to crack your password here.
  • nuclei-ai-extension - Official by Nuclei Team. Browser Extension for Rapid Nuclei Template Generation.
  • nuclei_gpt - Only need to submit the relevant Request and Response and the description of the vulnerability to generate a Nuclei PoC.
  • Nuclei Templates AI Generator -- Create Nuclei templates by textual description (e.g., vulnerability scanners by PoC).
  • hackGPT - Leverage OpenAI and ChatGPT to do hackerish things

Detecting

  • k8sgpt - a tool for scanning your Kubernetes clusters, diagnosing, and triaging issues in simple English.
  • cloudgpt - Vulnerability scanner for AWS customer managed policies using ChatGPT
  • IATelligence - About IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related
  • rebuff - Prompt Injection Detector.
  • Callisto - An Intelligent Automated Binary Vulnerability Analysis Tool.
  • LLMFuzzer - LLMFuzzer is the first open-source fuzzing framework specifically designed for Large Language Models (LLMs), especially for their integrations in applications via LLM APIs.
  • Vigil - Prompt injection detection and LLM prompt security scanner

Preventing

Social Engineering

Reverse Engineering

  • LLM4Decompile - Reverse Engineering: Decompiling Binary Code with Large Language Models
  • Gepetto - About IDA plugin which queries OpenAI's gpt-3.5-turbo language model to speed up reverse-engineering
  • gpt-wpre - Whole-Program Reverse Engineering with GPT-3
  • G-3PO - A Script that Solicits GPT-3 for Comments on Decompiled Code

Investigation

  • beelzebub - Go-Based Low-Code Honeypot Framework with Enhanced Security, Leveraging GPT-3 for System Virtualization

Fix

  • wolverine - Auto fix the bugs in your Python Script/Code

Assessment

  • falco-gpt - AI-generated remediations for Falco audit events
  • selefra - an open-source policy-as-code software that provides analytics for multi-cloud and SaaS.
  • openai-cti-summarizer - openai-cti-summarizer is a tool for generating threat intelligence summary reports based on OpenAI's GPT-3.5 and GPT-4 API

Cases

🌰

Experimental

Academic

Blogs

Fun


GPT Security

🚨

Standard

Bypass Security Policy

Bug Bounty

Crack

  • gpt4free - Just API's from some language model sites.
  • EdgeGPT - Reverse engineered API of Microsoft's Bing Chat AI
  • GPTs - leaked prompts of GPTs

Plugin Security

  • SecureGPT – Dynamically test the security of your ChatGPT Plugins APIs (Free DAST for ChatGPT Plugins).

Contributing

Your contributions are always welcome! Please take a look at the contribution guidelines first.


If you have any question about this opinionated list, do not hesitate to open an issue on GitHub.

Thanks again for your contribution and keeping this community vibrant. ❤️

For Tasks:

Click tags to check more tools for each tasks

For Jobs:

Alternative AI tools for awesome-gpt-security

Similar Open Source Tools

For similar tasks

For similar jobs