/phreakbot

Drive a browser with GPT-3 and fuzz requests for common vulns

Primary LanguagePythonMIT LicenseMIT

phreakbot

  • Drive a browser with GPT-3 with natbot
  • Fuzz parameters
  • Recognize vulners
  • Writeup results

Currently demoing against Damn Vulnerable Web App

To demo capabilities.

  1. Have .env file with OPENAI_API_KEY set
  2. Run DVWA with docker run --rm -it -p 80:80 vulnerables/web-dvwa
  3. Run the proxy.py file
  4. Run phreakbot.py

Ideas for improvement:

  • include text of current sitemap into prompt
  • Prompt chaining
  • Make a recorder to collect human feedback and do better few-shot