v0.4.0
Overview
Good news everyone! There's a new (and long overdue) new version of hackingBuddyGPT out!
The big changes for this release are @Neverbolt's rework of the logging/configuration system and @Qsan1's new prototype that enables small LLMs to perform linux priv-esc attacks. The next use-case is already being prepared and will be in the next release.. stay tuned.
To summarize the big changes:
-
@neverbolt did extensive work on the configuration and logging system:
- Overwork of the configuration system
- Added a visual and live web based log viewer, which can be started with
wintermute Viewer - Updated the configuration system. The new configuration system now allows loading parameters from a .json file as well as choosing which logging backend should be used
-
@lloydchang with @pardaz-banu, @halifrieri, @toluwalopeoolagbegi and @tushcmd added support for dev containers
-
@jamfish added support for key-based SSH access (to the target system)
-
@Qsan1 added a new use-case, focusing on enabling linux priv-esc with small-language models, to quote:
- Added an extended linux-privesc usecase. It is based on 'privesc', but extends it with multiple components that can be freely switch on or off:
- Analyze: After each iteration the LLM is asked to analyze the output of that round.
- Retrieval Augmented Generation (RAG): After each iteration the LLM is prompted and asked to generate a search query for a vector store. The search query is then used to retrieve relevant documents from the vector store and the information is included in the prompt for the Analyze component (Only works if Analyze is enabled). - Chain of thought (CoT): Instead of simply asking the LLM for the next command, we use CoT to generate the next action. - History Compression: Instead of including all commands and their respective output in the prompt, it removes all outputs except the most recent one. - Structure via Prompt: Include an initial set of command recommendations inquery_next_command
- Added an extended linux-privesc usecase. It is based on 'privesc', but extends it with multiple components that can be freely switch on or off:
- Analyze: After each iteration the LLM is asked to analyze the output of that round.
I thank all our contributors (and hopefully haven't forgotten too many). Enjoy!
What's Changed
- docs: fix CLI errors, use PascalCase args by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/85
- feat: add gpt-4o, gpt-4o-mini, o1-preview, o1-mini by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/89
- feat: add GitHub Codespaces support by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/88
- docs(README.md): fix typo by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/91
- fix(.gitignore): ignore temporary codespaces ansible files by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/92
- Mac target localhost container via gemini openai proxy by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/94
- docs(README.md): add Mac use case by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/95
- fix: reorganize scripts by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/96
- docs: move Codespaces docs to CODESPACES.md, add gemini by @lloydchang in https://github.com/ipa-lab/hackingBuddyGPT/pull/98
- Semantic logging #75 by @Neverbolt in https://github.com/ipa-lab/hackingBuddyGPT/pull/79
- update development branch with changes in main by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/99
- Update README.md with anti scam message by @Neverbolt in https://github.com/ipa-lab/hackingBuddyGPT/pull/103
- Add SSH Key Auth [Follow-up] by @jamfish in https://github.com/ipa-lab/hackingBuddyGPT/pull/108
- Merge RAG usecase into HackerBuddy by @Qsan1 in https://github.com/ipa-lab/hackingBuddyGPT/pull/111
- New Argument Parsing by @Neverbolt in https://github.com/ipa-lab/hackingBuddyGPT/pull/113
- Development by @andreashappe in https://github.com/ipa-lab/hackingBuddyGPT/pull/115
New Contributors
- @lloydchang made their first contribution in https://github.com/ipa-lab/hackingBuddyGPT/pull/85
- @jamfish made their first contribution in https://github.com/ipa-lab/hackingBuddyGPT/pull/108
- @Qsan1 made their first contribution in https://github.com/ipa-lab/hackingBuddyGPT/pull/111
Full Changelog: https://github.com/ipa-lab/hackingBuddyGPT/compare/v0.3.1...v0.4.0