Skip to content

Commit 78199d0

Browse files
andreashappeandreashappe
authored
Merge pull request #47 from DianaStrauss/main
Added web-api-pentest prototype
2 parents 79dff0b + 72de4a0 commit 78199d0

13 files changed

+973
-7
lines changed

README.md

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ Feel free to connect or talk with us on various platforms:
3838
- Andreas Happe: [github](https://github.com/andreashappe), [linkedin](https://at.linkedin.com/in/andreashappe), [twitter/x](https://twitter.com/andreashappe), [Google Scholar](https://scholar.google.at/citations?user=Xy_UZUUAAAAJ&hl=de)
3939
- Juergen Cito, [github](https://github.com/citostyle), [linkedin](https://at.linkedin.com/in/jcito), [twitter/x](https://twitter.com/citostyle), [Google Scholar](https://scholar.google.ch/citations?user=fj5MiWsAAAAJ&hl=en)
4040
- Manuel Reinsperger, [github](https://github.com/Neverbolt), [linkedin](https://www.linkedin.com/in/manuel-reinsperger-7110b8113/), [twitter/x](https://twitter.com/neverbolt)
41+
- Diana Strauss , [github](https://github.com/DianaStrauss), [linkedin](https://www.linkedin.com/in/diana-s-a853ba20a/)
4142
- we have a [discord server were we talk about all things AI + Offensive Security](https://discord.gg/vr4PhSM8yN)
4243

4344
## Existing Agents/Usecases
@@ -49,12 +50,12 @@ Our initial forays were focused upon evaluating the efficiency of LLMs for [linu
4950
privilege escalation attacks](https://arxiv.org/abs/2310.11409) and we are currently breaching out into evaluation
5051
the use of LLMs for web penetration-testing and web api testing.
5152

52-
| Name | Description | Screenshot |
53-
| -- | -- | -- |
54-
| minimal | A minimal 50 LoC Linux Priv-Esc example. This is the usecase from [Build your own Agent/Usecase](#build-your-own-agentusecase) | ![A very minimal run](docs/usecase_minimal.png) |
55-
| [linux-privesc](docs/linux_privesc.md) | Given a SSH-connection for a low-privilege user, task the LLM to become the root user. This would be a typical Linux privilege escalation attack. We published two academic papers about this: [paper #1](https://arxiv.org/abs/2308.00121) and [paper #2](https://arxiv.org/abs/2310.11409) | ![Example wintermute run](docs/example_run_gpt4.png) |
56-
| [web-pentest (WIP)](docs/web_page.md) | Directly hack a webpage. Currently in heavy development and pre-alpha stage. | ![Test Run for a simple Blog Page](docs/usecase_web_page_run.png) |
57-
| web-api-pentest (WIP) | An Web-API focues usecase | |
53+
| Name | Description | Screenshot |
54+
|--------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
55+
| minimal | A minimal 50 LoC Linux Priv-Esc example. This is the usecase from [Build your own Agent/Usecase](#build-your-own-agentusecase) | ![A very minimal run](docs/usecase_minimal.png) |
56+
| [linux-privesc](docs/linux_privesc.md) | Given a SSH-connection for a low-privilege user, task the LLM to become the root user. This would be a typical Linux privilege escalation attack. We published two academic papers about this: [paper #1](https://arxiv.org/abs/2308.00121) and [paper #2](https://arxiv.org/abs/2310.11409) | ![Example wintermute run](docs/example_run_gpt4.png) |
57+
| [web-pentest (WIP)](docs/web_page.md) | Directly hack a webpage. Currently in heavy development and pre-alpha stage. | ![Test Run for a simple Blog Page](docs/usecase_web_page_run.png) |
58+
| [web-api-pentest (WIP)](docs/web_api_pentest.md) | Directly test a REST API. Currently in heavy development and pre-alpha stage. (Documentation and testing of REST API.) | Documentation:![web_api_documentation.png](docs%2Fold_runs%2Fweb_api_documentation.png) Testing:![web_api_testing.png](docs%2Fold_runs%2Fweb_api_testing.png) |
5859

5960
## Build your own Agent/Usecase
6061

docs/old_runs/web_api_documentation.png

308 KB
Loading

docs/old_runs/web_api_testing.png

320 KB
Loading

docs/openapi_spec/openapi_spec_example1.yaml

Lines changed: 97 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,97 @@
1+
info:
2+
description: Automatically generated description of the API.
3+
title: Generated API Documentation
4+
version: '1.0'
5+
openapi: 3.0.0
6+
paths:
7+
/albums:
8+
get:
9+
responses:
10+
'200':
11+
content:
12+
application/json:
13+
schema:
14+
type: object
15+
description: Successful response
16+
summary: GET operation on /albums
17+
/albums/1:
18+
get:
19+
responses:
20+
'200':
21+
content:
22+
application/json:
23+
schema:
24+
type: object
25+
description: Successful response
26+
summary: GET operation on /albums/1
27+
/comments:
28+
get:
29+
responses:
30+
'200':
31+
content:
32+
application/json:
33+
schema:
34+
type: object
35+
description: Successful response
36+
summary: GET operation on /comments
37+
/comments/1:
38+
get:
39+
responses:
40+
'200':
41+
content:
42+
application/json:
43+
schema:
44+
type: object
45+
description: Successful response
46+
summary: GET operation on /comments/1
47+
put:
48+
responses:
49+
'200':
50+
content:
51+
application/json:
52+
schema:
53+
type: object
54+
description: Successful response
55+
summary: PUT operation on /comments/1
56+
/posts:
57+
get:
58+
responses:
59+
'200':
60+
content:
61+
application/json:
62+
schema:
63+
type: object
64+
description: Successful response
65+
summary: GET operation on /posts
66+
/todos:
67+
get:
68+
responses:
69+
'200':
70+
content:
71+
application/json:
72+
schema:
73+
type: object
74+
description: Successful response
75+
summary: GET operation on /todos
76+
/todos/1:
77+
get:
78+
responses:
79+
'200':
80+
content:
81+
application/json:
82+
schema:
83+
type: object
84+
description: Successful response
85+
summary: GET operation on /todos/1
86+
/users:
87+
get:
88+
responses:
89+
'200':
90+
content:
91+
application/json:
92+
schema:
93+
type: object
94+
description: Successful response
95+
summary: GET operation on /users
96+
servers:
97+
- url: https://jsonplaceholder.typicode.com

docs/openapi_spec/openapi_spec_example2.yaml

Lines changed: 143 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,143 @@
1+
info:
2+
description: Automatically generated description of the API.
3+
title: Generated API Documentation
4+
version: '1.0'
5+
openapi: 3.0.0
6+
paths:
7+
/albums:
8+
get:
9+
responses:
10+
'200':
11+
content:
12+
application/json:
13+
schema:
14+
type: object
15+
description: Successful response
16+
summary: GET operation on /albums
17+
/comments:
18+
get:
19+
responses:
20+
'200':
21+
content:
22+
application/json:
23+
schema:
24+
type: object
25+
description: Successful response
26+
summary: GET operation on /comments
27+
/comments/1:
28+
delete:
29+
responses:
30+
'200':
31+
content:
32+
application/json:
33+
schema:
34+
type: object
35+
description: Successful response
36+
summary: DELETE operation on /comments/1
37+
put:
38+
responses:
39+
'200':
40+
content:
41+
application/json:
42+
schema:
43+
type: object
44+
description: Successful response
45+
summary: PUT operation on /comments/1
46+
/posts:
47+
get:
48+
responses:
49+
'200':
50+
content:
51+
application/json:
52+
schema:
53+
type: object
54+
description: Successful response
55+
summary: GET operation on /posts
56+
/posts/1:
57+
delete:
58+
responses:
59+
'200':
60+
content:
61+
application/json:
62+
schema:
63+
type: object
64+
description: Successful response
65+
summary: DELETE operation on /posts/1
66+
get:
67+
responses:
68+
'200':
69+
content:
70+
application/json:
71+
schema:
72+
type: object
73+
description: Successful response
74+
summary: GET operation on /posts/1
75+
put:
76+
responses:
77+
'200':
78+
content:
79+
application/json:
80+
schema:
81+
type: object
82+
description: Successful response
83+
summary: PUT operation on /posts/1
84+
/todos:
85+
get:
86+
responses:
87+
'200':
88+
content:
89+
application/json:
90+
schema:
91+
type: object
92+
description: Successful response
93+
summary: GET operation on /todos
94+
/todos/1:
95+
delete:
96+
responses:
97+
'200':
98+
content:
99+
application/json:
100+
schema:
101+
type: object
102+
description: Successful response
103+
summary: DELETE operation on /todos/1
104+
put:
105+
responses:
106+
'200':
107+
content:
108+
application/json:
109+
schema:
110+
type: object
111+
description: Successful response
112+
summary: PUT operation on /todos/1
113+
/users:
114+
get:
115+
responses:
116+
'200':
117+
content:
118+
application/json:
119+
schema:
120+
type: object
121+
description: Successful response
122+
summary: GET operation on /users
123+
/users/1:
124+
delete:
125+
responses:
126+
'200':
127+
content:
128+
application/json:
129+
schema:
130+
type: object
131+
description: Successful response
132+
summary: DELETE operation on /users/1
133+
put:
134+
responses:
135+
'200':
136+
content:
137+
application/json:
138+
schema:
139+
type: object
140+
description: Successful response
141+
summary: PUT operation on /users/1
142+
servers:
143+
- url: https://jsonplaceholder.typicode.com

0 commit comments

Comments
 (0)