VulChatGPT is an IDA Pro plugin designed to assist security researchers and CTF players in identifying potential vulnerabilities within binary executables. It leverages the Hex-Rays decompiler and OpenAI's ChatGPT to analyze code and suggest security flaws.

How It Works

The plugin integrates with IDA Pro's Hex-Rays decompiler, allowing users to select code segments and query ChatGPT for vulnerability analysis. It can also rename functions and variables and generate basic exploit code, aiming to streamline the reverse engineering and vulnerability discovery process.

Quick Start & Requirements

• Install by dropping the Python script into the IDA Pro plugin directory.
• Requires IDA Pro with the Hex-Rays decompiler and an OpenAI API key.
• Usage involves right-clicking on decompiled code and selecting "Find possible vulnerability in function."

Highlighted Details

• Integrates ChatGPT for vulnerability analysis within IDA Pro.
• Supports renaming functions and variables.
• Can generate sample Python exploit code.
• Inspired by the Gepetto project.

Maintenance & Community

No specific community channels or contributor information are provided in the README.

Licensing & Compatibility

The README does not specify a license. Compatibility is limited to IDA Pro with the Hex-Rays decompiler.

Limitations & Caveats

The plugin struggles with large functions due to OpenAI's input size restrictions. It may produce false positives, and the quality of generated exploits can vary. Users are advised to perform manual static analysis and assist the AI by renaming variables and functions.