This project provides an AI-powered vulnerability analysis tool that integrates network scanning, DNS enumeration, and JWT analysis. It targets security professionals and researchers looking to automate vulnerability reporting and gain insights from network traffic. The tool offers both CLI and GUI interfaces, leveraging multiple AI models for enhanced analysis.

How It Works

The core of the project utilizes Python libraries like python-nmap for network scanning and dnsresolver for DNS reconnaissance. It integrates with OpenAI's API, Google's Bard API, and local/serverless Llama2 deployments. For network scans, it processes Nmap output, feeding it to the selected AI model with specific prompts designed for vulnerability assessment, OS detection, and service identification. PCAP analysis extracts network details, while JWT analysis decodes and assesses token security.

Quick Start & Requirements

• Install: pip install -r requirements.txt (or pip3)
• Prerequisites: Python 3.10+, OpenAI API key, Bard API key (MakerSuite), Runpod serverless endpoint & API key (optional for Llama2), IPGeolocation API key, Wireshark/tshark (added to PATH).
• Usage:
  • CLI: python gpt_vuln.py --target <target> --attack <dns|nmap|jwt|geo|pcap|sub>
  • GUI: python GVA_gui.py
• Docs: README

Highlighted Details

• Supports multiple AI backends: OpenAI, Bard, and Llama2 (local/Runpod).
• Offers 13 distinct Nmap scan profiles for varied network analysis.
• Includes modules for DNS enumeration, subdomain enumeration, JWT analysis, IP geolocation, and PCAP analysis.
• Features a password cracking module.
• Provides both command-line and graphical user interfaces.

Maintenance & Community

The project appears to be a personal proof-of-concept. There are no explicit mentions of maintainers, community channels (like Discord/Slack), or a public roadmap in the README.

Licensing & Compatibility

The README does not explicitly state a license. This lack of clear licensing information may pose compatibility issues for commercial use or integration into closed-source projects.

Limitations & Caveats

The project is described as a "Proof Of Concept." Llama2 integration is noted as being under improvement, with potential accuracy issues due to prompting. The GUI is still in progress. Compatibility with Linux for Llama2 was not tested. API keys must be manually configured in .env files or passed via arguments.