OpenAI ChatGPT for Cyber Security
OpenAI’s new solutions are being trending all over in the internet and one of it’s most useful Tool is “ChatGPT” .
Chat GPT (Generative Pretrained Transformer) chat-based generative pre-trained transformer models, is a type of artificial intelligence that allows users to interact with a virtual assistant using natural language. This technology is based on the principles of GPT-3, the third generation of the popular generative pre-trained transformer model. You Could Learn more from this Blog Post .
When it comes to Cyber Security, this a very productive tool which can perform various tasks in Red Teaming and Blue Teaming such as writing Custom Code, writing Firewall Rules, Vulnerability Testing, Report Generation and many more
Getting Started
- Visit https://chat.openai.com/chat and Create a New Account
For Red Teaming (Penetration Testing)
Subdomain Enumeration
Here I have generated a Simple Subdomain Enumartion Script form Bash. You can try it by yourself modifying below query
Write a bash code to enumerate subdomains for “google.com”
Here’s another query Chaining Tools
Write a bash code to enumerate subdomains for “google.com” and http probe all the result domains
XSS Payloads
Here I have generated a XSS Payload which Pop an Alert
Generate a XSS Payload which Generates “Alert” Tag
Here’s another XSS payload with image tag and onclick parameters
Generate a XSS Payload on image tag when onclick
Generating RCE Payloads
Generate a XXE Payload
Here’s a XXE payload that can be used to access sensitive information
Generate a XXE payload
Generate a remote OS Command Injection for Windows
Generate a Log4j RCE code
SQL Injections
Here I have generated a SQL Payloads
Generate a set of SQL injection payloads
Finding SQL Injection Vulnerabilities and Providing a Fix to the Code
Find Sql Vulnerabilities in Below Code and provide Fixed Code
Custom Scripts Generated from AI
Create a Directory BruteForcing Tool from Bash
Generate a Directory Brute forcing Script with a word list from Bash
Generate a Buffer Overflow Exploit Scanning Script
Generate a Bash Script to Scan for BufferOverflow Exploits
Server Fingerprinting Script for a list of Servers
Generate Script for Generating Server Fingerprinting for a List of Servers in Bash
BruteForcing Script from Bash
Generate Script from Bash to Brute Force a endpoint and Save the http Results in a CSV file
For Blue Teaming
Create your SIEM PlayBooks (Here it is shown for LogRhythm)
A Python Code to Detect Port Scans in Network as a playbook in LogRhythm
A Python Code to detect AD Username Password Bruteforce and block the user account if it is more than 5 requests as a playbook in LogRhythm
Generate a Code to Get Malicious IPs form SIEM and Block it on my Firewall
Malware Scanning
Generate a PowerShell Code for Malware Scanning on a list of Computers
These are some of the examples that I tried out on ChatGPT but there’s more you can try out and also can educate yourself.
Sometimes these outputs may not be 100% accurate So I recommend you to always double check when trying these scripts because we cannot leave everything to AI to do itself. Get the output, Educate yourself and Develop your skills.
Feel Free to comment your views below and also share your examples I have missed here.
