v0.5.0

Big Changes

• big update for @DianaStrauss's web api testing work
• new tmux-based local command execution capability

What's Changed

• Updated README.md by @Qsan1 in #117
• bump dependencies and add Qsan1's documentation by @andreashappe in #118
• Display query in the URL on failed request by @emmanuel-ferdman in #119
• updated README.md with correct image by @Qsan1 in #120
• Merge web api testing development by @DianaStrauss in #114
• Adapt prompt engineer by @DianaStrauss in #122
• Create dependency-review.yml by @andreashappe in #124
• REMOTE SHELL integration using tmux to interact without ssh creds by @ShreyasMahajann in #127
• Merge Development into Main Branch by @andreashappe in #128
• Bump version from 0.4.0 to 0.5.0 by @andreashappe in #129

New Contributors

• @emmanuel-ferdman made their first contribution in #119
• @ShreyasMahajann made their first contribution in #127

Full Changelog: v0.4.0...v0.5.0

v0.4.0

Overview

Good news everyone! There's a new (and long overdue) new version of hackingBuddyGPT out!

The big changes for this release are @Neverbolt's rework of the logging/configuration system and @Qsan1's new prototype that enables small LLMs to perform linux priv-esc attacks. The next use-case is already being prepared and will be in the next release.. stay tuned.

To summarize the big changes:

• @Neverbolt did extensive work on the configuration and logging system:

  • Overwork of the configuration system
  • Added a visual and live web based log viewer, which can be started with wintermute Viewer
  • Updated the configuration system. The new configuration system now allows loading parameters from a .json file as well as choosing which logging backend should be used

• @lloydchang with @pardaz-banu, @halifrieri, @toluwalopeoolagbegi and @tushcmd added support for dev containers

• @jamfish added support for key-based SSH access (to the target system)

• @Qsan1 added a new use-case, focusing on enabling linux priv-esc with small-language models, to quote:

  • Added an extended linux-privesc usecase. It is based on 'privesc', but extends it with multiple components that can be freely switch on or off:
    - Analyze: After each iteration the LLM is asked to analyze the output of that round.
    - Retrieval Augmented Generation (RAG): After each iteration the LLM is prompted and asked to generate a search query for a vector store. The search query is then used to retrieve relevant documents from the vector store and the information is included in the prompt for the Analyze component (Only works if Analyze is enabled).
    - Chain of thought (CoT): Instead of simply asking the LLM for the next command, we use CoT to generate the next action.
    - History Compression: Instead of including all commands and their respective output in the prompt, it removes all outputs except the most recent one.
    - Structure via Prompt: Include an initial set of command recommendations in query_next_command

I thank all our contributors (and hopefully haven't forgotten too many). Enjoy!

What's Changed

• docs: fix CLI errors, use PascalCase args by @lloydchang in #85
• feat: add gpt-4o, gpt-4o-mini, o1-preview, o1-mini by @lloydchang in #89
• feat: add GitHub Codespaces support by @lloydchang in #88
• docs(README.md): fix typo by @lloydchang in #91
• fix(.gitignore): ignore temporary codespaces ansible files by @lloydchang in #92
• Mac target localhost container via gemini openai proxy by @lloydchang in #94
• docs(README.md): add Mac use case by @lloydchang in #95
• fix: reorganize scripts by @lloydchang in #96
• docs: move Codespaces docs to CODESPACES.md, add gemini by @lloydchang in #98
• Semantic logging #75 by @Neverbolt in #79
• update development branch with changes in main by @andreashappe in #99
• Update README.md with anti scam message by @Neverbolt in #103
• Add SSH Key Auth [Follow-up] by @jamfish in #108
• Merge RAG usecase into HackerBuddy by @Qsan1 in #111
• New Argument Parsing by @Neverbolt in #113
• Development by @andreashappe in #115

New Contributors

• @lloydchang made their first contribution in #85
• @jamfish made their first contribution in #108
• @Qsan1 made their first contribution in #111

Full Changelog: v0.3.1...v0.4.0

v0.3.0

HackingBuddyGPT 0.3.0

European Summer'24 Heatwave edition

Version 0.3 contains a massive refactoring and rewrite of our code-base (by @Neverbolt and @andreashappe), laying the groundwork for future features. Meanwhile, @DianaStrauss was improving the Web API testing agent.

Also see our latest hacking benchmark results for multiple models.

Notable user-visible changes:

• GitHub Models are now supported as LLM backend
• the hackingBuddyGPT CLI is installed (alias to the wintermute CLI) to provide consistency
• massively improved web api testing agent:
  • new response analyzer to create a report from the testing findings
  • prompt engineering: improved prompt creation, now categorized into task and state planning prompts
  • Streamlined the OpenAPI documentation generation (reconnaissance) process
• restructured introductory usecases and agents
  • moved them into src/hackingbuddygpt/usecases/examples
  • their names (used by the CLI) start with Ex
• bump minimal python version to python 3.10

Notable developer-visible changes:

• allow for streaming responses from LLMs
• The class hierarchy has been refactored. UseCases showcase the different hacking behaviors provided hackingBuddyGPT. They offer developers flexibility how they implement their hacking techniques. To streamline development, we introduce the Agent base-class. Agents perform hacking in steps/rounds. Developers can automatically wrap an Agent within a usecases to integrate new agents with minimal development overhead into hackingBuddyGPT. For more information, see our documentation.
• massively increased test coverage

What's Changed

• Update README.md by @eltociear in #66
• some type hint fixes and a first integration test by @andreashappe in #67
• Create python-app.yml by @andreashappe in #69
• Update python-app.yml by @andreashappe in #70
• add more test-cases (also test github integration) by @andreashappe in #68
• Improve API and make streaming responses possible by @Neverbolt in #71
• Explorative refactoring by @andreashappe in #73
• merge diana's changes (and fixes) into development by @andreashappe in #74
• Development without spacy by @DianaStrauss in #76
• Development without spacy by @DianaStrauss in #80
• merge the current development branch into master by @andreashappe in #81
• Improved WebAPITesting by @DianaStrauss in #82
• add more web-api-testing changes, fix unittest by @andreashappe in #83

Full Changelog: v0.2.1...v0.3.0

v0.2.1

What's Changed

• update main branch by @andreashappe in #1
• V3 by @andreashappe in #2
• V4 by @andreashappe in #3
• Update README.md by @andreashappe in #4
• V5 by @andreashappe in #5
• Update README.md by @andreashappe in #6
• V6 by @andreashappe in #8
• V7 by @andreashappe in #9
• Fix typo in README.md by @eltociear in #10
• Create jekyll-gh-pages.yml by @andreashappe in #11
• fix link to old runs by @andreashappe in #12
• update README by @andreashappe in #13
• Update README.md by @andreashappe in #14
• Implements first version of modular capability system by @Neverbolt in #15
• Adds the possibility to define help text for parameters by @Neverbolt in #16
• Bump idna from 3.6 to 3.7 by @dependabot in #17
• Adds documentation for use cases and configurable by @Neverbolt in #18
• Simplify use-case infrastructure by providing common base-class by @andreashappe in #19
• Create FUNDING.yml by @andreashappe in #20
• update documentation by @andreashappe in #21
• Create CONTRIBUTING.md by @andreashappe in #23
• Create SECURITY.md by @andreashappe in #25
• update minimal example by @andreashappe in #27
• Update minimal example description by @andreashappe in #28
• Unify by @andreashappe in #29
• allow running hackingbuddygpt with llama-style models again by @andreashappe in #30
• Update README.md by @andreashappe in #31
• Update README.md by @andreashappe in #32
• Create linux_privesc.md by @andreashappe in #33
• Update README.md by @andreashappe in #34
• Update README.md by @andreashappe in #35
• Update README.md by @andreashappe in #37
• Update documentation by @andreashappe in #38
• Adds an initial web testing use-case by @Neverbolt in #39
• Update README.md by @andreashappe in #40
• Update linux_privesc.md by @andreashappe in #41
• Update README.md by @andreashappe in #42
• I have no idea what's going on with the github online markdown editor.. by @andreashappe in #43
• Update README.md for more contributer info by @Neverbolt in #44
• Decision making by @andreashappe in #45
• Update README.md by @andreashappe in #46
• Added web-api-pentest prototype by @DianaStrauss in #47
• fix web-api-pentest link by @andreashappe in #49
• refactor a bit and add agents by @andreashappe in #50
• Update README.md by @andreashappe in #51
• Update README.md by @andreashappe in #52
• update links to point to the documentation site by @andreashappe in #53
• Bump requests from 2.31.0 to 2.32.0 in the pip group across 1 directory by @dependabot in #54
• Fix docs by @andreashappe in #55
• Update README.md by @andreashappe in #56
• Editorial changes to README.md by @citostyle in #57
• Adds support for generic text parsing of capabilities by @Neverbolt in #58
• Update README.md by @andreashappe in #59
• Fixes by @andreashappe in #61
• Agent with worldview by @andreashappe in #62
• Restructure by @andreashappe in #64
• Update README.md by @andreashappe in #65

New Contributors

• @dependabot made their first contribution in #17
• @citostyle made their first contribution in #57

Full Changelog: v0.1.0...v0.2.1

v0.1.0-fse23ivr

• this was the code submitted to FSE23 IVR

Full Changelog: https://github.com/ipa-lab/hackingBuddyGPT/commits/v0.1.0