Pentest Muse

Building an AI agent that can automate parts of pentesting jobs. This application utilizes advanced algorithms and techniques to simulate penetration testing activities, aiming to streamline and enhance the efficiency of security testing processes.

Disclaimer

This tool is intended for legal and ethical use only. It should only be used for authorized security testing and educational purposes. The developers assume no liability and are not responsible for any misuse or damage caused by this program.

Requirements

Python 3.12 or later
Necessary Python packages as listed in requirements.txt

Setup

Standard Setup

Clone the repository:

git clone https://github.com/pentestmuse-ai/PentestMuse
cd PentestMuse

Install the required packages:
```
pip install -r requirements.txt
```
Set up OpenAI API Key:
- Create a .env file in the root directory.
- Add your OpenAI API key to the .env file like this:
```
OPENAI_API_KEY=your_openai_api_key_here
```
- Make sure to replace your_openai_api_key_here with your actual OpenAI API key.

Alternative Setup (Package Installation)

Install Pentest Muse as a Python Package:
```
pip install .
```

Set OpenAI API Key in OS Environment:

export OPENAI_API_KEY=your_openai_api_key_here

Running the Application

Using the Script

Run the application with:

python run_app.py

For chat mode:

python run_app.py chat

Using the Command Line Tool

After package installation, you can also start Pentest Muse directly from the command line:

pmuse

For chat mode:

pmuse chat

Modes of Operation

Pentest Muse offers two primary modes of operation:

Action Mode: This is the default mode. In Action Mode, Pentest Muse performs penetration testing tasks based on user input. It's designed to automate and facilitate various pentesting activities.
Chat Mode: In Chat Mode, Pentest Muse interacts with the user through an interactive chat interface. This mode guides users through pentesting tasks and provides a more conversational experience.

Example Demos

In this section, you can find practical demonstrations of how to use our tool to identify vulnerabilities of the VamPI application running at localhost:5001.

Example 1: SQL Injection

This example demonstrates how our tool identifies a SQL injection attack on the VamPI application. View the entire output.

Example 2: Broken Object Level Authentication

This video shows a broken object level authentication vulnerability being identified and exploited by our tool. View the entire output.

Example 3: Password Bypass

In this demo, you'll see how our tool can identify the password bypass vulnerability. View the entire output.

dvi23 / pentestmuse Goto Github PK

pentestmuse's Introduction