Category Archives: Bots

Isis OpenAI Chatbot for Penetration Testing

It seems that I will be having some more time to work on my personal projects and also working towards my OSCP because I quit my job. I will be looking for a new gig after some needed time off, but in the meantime I’m excited to continue my studies with Penetration Testing as well as doing some coding projects that I’ve been wanting to either finish or start.

I’ve added some code to the Isis OpenAI Chatbot for Penetration Testing. This is more how I envisioned it working as a hands-free way to interact with me. There are still some quirks going on with the OpenAI that I’ve found and I will touch on these.

First, I named this project as I mentioned after the Star Trek series episode Assignment Earth’s Isis character. There was an AI that wa able to work with a character called Gary Seven to save the planet. In that light, I really added a lot of fluff to the AI code. You can tweak it to your liking. I’d also add that some of the code such as the history and training questions can and probably should be tweaked. If you re-inject those with every question, you will probably eat up tokens and money fast. So please be aware of that.

For the next things I want to do, I need to add some ability for Isis to save things like Injections, snipets and code into either files or into my working flow. To be honest when I started this project I was so shocked that Isis actually generated some totally unique reverse shell code for me in php. I had thought maybe it would look it up on the internet and post me something. It actually coded something! Interestingly I could not get the same result using the playground as the public API seems to block ‘dangerous’ code. I’m not sure how concessions would be made for legitimate penetration testers.

Isis OpenAI Chatbot for Penetration Testing is something really cool. As far as I know it was the 1st of it’s kind. This was released and within weeks, I saw other cool apps from others to follow like Github’s Copilot, which to my mind is super cool, and similar to how I envisioned Isis to begin with except I would like the choice to save code/snippets/scripts into places of my choosing.

Anyway, play around with it and see what you think. If you have any suggestions for improvements or wish to contribute, then go for it. You can find the code on my Github here:

https://github.com/c0ri/isis

Isis – AI chatbot to help you with Penetration Testing

I have been super busy lately. Doing graduate studies, and also working hard every day training for my OSCP exam. I have been very productive tho!

I made some new code for penetration testers that will help be a helper to find code inserts, shells, SQL injection and the like for you. AFAIK it’s the first of it’s kind and it uses some pretty decent AI from openAI.

I like to think of ‘her’ as an angel on my shoulder. Imagine you are under a tight deadline. A company gave you only 5 days to test their websites and report your findings. Then imagine talking to Isis while you work and having her pop up suggestions for reverse-shell code, SQL injection etc. WOOOOOoo!

My Initial work is promising, but stlll some kinks to work out. If you wanna contribute to the code that’d be cool too.

If you are interested in the code you can check it out here: https://github.com/c0ri/isis

Love what I do? https://www.buymeacoffee.com/c0ri

When Bots Need to Text You

I’ve been writing some bot code lately to send SMS to groups.  I found the perfect API for this with Cisco’s Tropo Product.

The API is super simple to use. You can make API calls or just post to URL using CURL or Python’s urllib2 library.

The use of the service for DEV is Free, however if you need Production support and service you will want to move to Production for that. For my testing I just signed up for the free Dev service and started coding away.

To save you some time the solution for the service is something like this:

  • Sign up for an account, choosing Dev or Prod -> https://www.tropo.com/
  • Create an Application from their Portal
  • Click to add some code to /var/www/sms.py for both script boxes. You can use the same script.
  • At the bottom you need to attach a phone #. Typically this is the number closest to where you want to send SMS, however I noticed UK or EU based numbers could send more readily worldwide. For cost however, you may want to have your script set the CallerID of whatever numbers you pick based on the Country Code of the Recipients Phone. Go on and attach multiple numbers if you like.
  • Write up a script to post to the API. You can grab your API token from the bottom of your Applications Page in Tropo.

Posting is as simple as constructing a URL to the service like this: ​

https://api.tropo.com/1.0/sessions?action=create&token=TOKEN&numberToDial=11005555555&customerName=Joe+Good&msg=Tesintg+this+thing+out

That’s about it. Pretty Simple! Kudos to Tropo and Cisco for an amazing product!

If you have any questions or need help sending some SMS with your own account, then reach out to me.