hackingBuddyGPT
by
ipa-lab

Description: Helping Ethical Hackers use LLMs in 50 Lines of Code or less..

View on GitHub ↗

Summary Information

Updated 2 hours ago
Added to GitGenius on May 7th, 2025
Created on August 2nd, 2023
Open Issues & Pull Requests: 15 (+0)
Number of forks: 201
Total Stargazers: 1,166 (+0)
Total Subscribers: 21 (+0)

Issue Activity (beta)

Open issues: 12
New in 7 days: 0
Closed in 7 days: 0
Avg open age: 455 days
Stale 30+ days: 12
Stale 90+ days: 10

Recent activity

Opened in 7 days: 0
Closed in 7 days: 0
Comments in 7 days: 0
Events in 7 days: 0

Top labels

  • enhancement (6)
  • documentation (2)
  • bug (1)
  • good first issue (1)
  • help wanted (1)

Most active issues this week

No issue events were indexed in the last 7 days.

Repository Insights (GitGenius)

Median issue/PR response: 0.1 hours
Mean response time: 5.0 days
90th percentile: 46.8 hours
Tracked items: 21

Most active contributors

Detailed Description

HackingBuddyGPT is a Python-based framework designed to help ethical hackers and security researchers leverage large language models for penetration testing and vulnerability discovery, with the explicit goal of accomplishing security tasks in 50 lines of code or less. The project originated from a question posed by Andreas Happe during a weekend: whether LLMs could be used to hack systems. Initial results proved promising enough to formalize the effort into a collaborative project at TU Wien's IPA-Lab, bringing together academics and professional penetration testers.

The framework aims to become the go-to solution for security researchers and pen-testers interested in using LLMs or LLM-based autonomous agents for security testing. To support this mission, the project maintains reusable Linux privilege escalation benchmarks and publishes findings as open-access reports. The project has gained significant recognition, being featured in the GitHub Accelerator 2024 cohort and presented at major conferences including FSE'23 in San Francisco and the European Symposium on Security and Artificial Intelligence in 2024. The research underlying the framework has been documented in peer-reviewed papers, including "Getting pwn'd by AI: Penetration Testing with Large Language Models" available on arXiv.

The repository supports multiple use cases structured to allow ethical hackers to quickly write new agents. The primary use case focuses on Linux privilege escalation attacks, where an LLM is tasked with escalating from a low-privilege user to root access over SSH or local shell connections. Additional use cases in development include web penetration testing and REST API testing, both currently in pre-alpha stages. An extended Linux privilege escalation use case incorporates advanced techniques like retrieval augmented generation and chain-of-thought reasoning. A minimal 50-line example demonstrates the framework's accessibility for new users.

The framework explicitly supports both SSH connections to remote targets and local shell execution, enabling flexible testing and development scenarios. However, the project includes clear warnings that the software executes commands on live environments, potentially causing data loss or system modifications, and recommends using isolated environments or virtual machines for testing.

GitGenius activity data reveals that the project maintains responsive issue and pull request handling, with a median response latency of 0.1 hours across 21 tracked items, though the mean of 120.3 hours indicates some longer-running discussions. Enhancement requests represent the most active issue category with 6 items, followed by documentation with 2 items. Andreas Happe emerges as the primary contributor with 49 tracked events, followed by lloydchang with 14 events and Neverbolt with 8 events. The project's contributor network overlaps with major repositories including Microsoft's VSCode and TypeScript implementations, as well as the Rust language repository.

The project maintains an active community presence through a Discord server dedicated to discussions about AI and offensive security. The README includes a prominent warning against cryptocurrency scams falsely associated with the project, clarifying that neither IPA-Lab nor HackingBuddyGPT are involved in any crypto coin schemes. The framework's design philosophy emphasizes accessibility and experimentation, providing helper and base classes that handle tedious infrastructure tasks like LLM connections, logging, and database management, allowing developers to focus on implementing the core security testing logic through a perform_round method.

hackingBuddyGPT
by
ipa-labipa-lab/hackingBuddyGPT

Repository Details

Fetching additional details & charts...