This project is a proof of concept for a Hackbot, an AI-driven system that autonomously finds vulnerabilities in web applications. It takes a raw HTTP request as input and attempts to identify and exploit potential security vulnerabilities. It's probably not the best way to build a hackbot, but you can view it as inspiration.
WARNING: THIS POC IS LIKELY NOT SAFE TO USE IF YOURE HACKING ANYTHING WITH PROMPT INJECTION PAYLOADS POTENTIALLY IN THE REQUESTS AS IT CALLS EXEC() MEANING PROMPT INJECTION COULD LEAD TO RCE ON YOUR MACHINE.
- Python 3.8 or later
openaiPython packagerequestsPython package
- Clone the repository:
git clone https://github.com/jthack/hero.git
- Navigate to the project directory:
cd hero - Install the required dependencies:
pip install -r requirements.txt
To use the Hackbot POC, you need to provide a raw HTTP request as input. The system will then generate ideas for potential vulnerabilities, modify the requests to test these ideas, and validate the results.
- Prepare a file containing a raw HTTP request (e.g.,
request.txt). - Run the Hackbot script, passing the request file as input:
cat request.txt | python hackbot.py
The output will include details of the ideas generated, the modified requests, and the validation results.