Tag Archives: whitehat

Isis OpenAI Chatbot for Penetration Testing

It seems that I will be having some more time to work on my personal projects and also working towards my OSCP because I quit my job. I will be looking for a new gig after some needed time off, but in the meantime I’m excited to continue my studies with Penetration Testing as well as doing some coding projects that I’ve been wanting to either finish or start.

I’ve added some code to the Isis OpenAI Chatbot for Penetration Testing. This is more how I envisioned it working as a hands-free way to interact with me. There are still some quirks going on with the OpenAI that I’ve found and I will touch on these.

First, I named this project as I mentioned after the Star Trek series episode Assignment Earth’s Isis character. There was an AI that wa able to work with a character called Gary Seven to save the planet. In that light, I really added a lot of fluff to the AI code. You can tweak it to your liking. I’d also add that some of the code such as the history and training questions can and probably should be tweaked. If you re-inject those with every question, you will probably eat up tokens and money fast. So please be aware of that.

For the next things I want to do, I need to add some ability for Isis to save things like Injections, snipets and code into either files or into my working flow. To be honest when I started this project I was so shocked that Isis actually generated some totally unique reverse shell code for me in php. I had thought maybe it would look it up on the internet and post me something. It actually coded something! Interestingly I could not get the same result using the playground as the public API seems to block ‘dangerous’ code. I’m not sure how concessions would be made for legitimate penetration testers.

Isis OpenAI Chatbot for Penetration Testing is something really cool. As far as I know it was the 1st of it’s kind. This was released and within weeks, I saw other cool apps from others to follow like Github’s Copilot, which to my mind is super cool, and similar to how I envisioned Isis to begin with except I would like the choice to save code/snippets/scripts into places of my choosing.

Anyway, play around with it and see what you think. If you have any suggestions for improvements or wish to contribute, then go for it. You can find the code on my Github here:

https://github.com/c0ri/isis