BugGPT is an open-source project that automatically generates vulnerable web applications for security practitioners to practice and enhance their web security skills. This project leverages OpenAI's GPT models to create random, engaging, and complex web pages containing various vulnerabilities, providing a challenge for those looking to test their hacking skills. Each 'room' contains the vulnerable web page, and docs explaining the exploit and best practices for developers to mitigate this risk.
- Vulnerability Variety: Each generated web page contains a different vulnerability, ranging from SQL Injection, XSS, SSRF, IDOR, XXE, and more.
- Automated Generation: Web pages are generated automatically every 8 hours, ensuring a continuous flow of new challenges.
- Realistic Scenarios: The web apps created are designed to mimic real-world scenarios, offering a realistic testing environment.
- Randomization: Each vulnerability is selected at random, and the app is designed with a narrative, making it harder to determine the exact flaw.
- Easy Integration: With GitHub Actions in place, BugGPT continuously generates and pushes new vulnerable apps to the repository.
- page_generator.py: The script responsible for generating new vulnerable web pages using OpenAI's API.
- Rooms: Each generated web page is stored as a
Room_x.pyfile in this directory, wherexis the room number.
- Vulnerability Generation: BugGPT uses a predefined list of vulnerabilities and randomly selects one for each new web page.
- OpenAI Integration: The page is generated by sending a prompt to the OpenAI GPT-4 model, instructing it to create a complex web app based on the chosen vulnerability.
- Flask Web App: Each generated web page is a Python Flask app that you can run locally to explore the vulnerabilities.
- Automated Workflow: A GitHub Action is scheduled to run every 8 hours, executing
page_generator.py, which generates a new vulnerable app and commits it to the repository.
-
Clone the Repository:
git clone https://github.com/Trivulzianus/BugGPT.git cd BugGPT -
Install Dependencies: Ensure you have the necessary dependencies installed before running the script:
pip install -r requirements.txt
-
Run Main.py, and select the room number you'd like to hack, or random
python3 main.py X (-> room number) -
View the Vulnerable Web App: After generating a new room, the Flask app will run locally. You can open your browser and visit the app to test your skills.
The project is set up with a GitHub Actions workflow that automatically runs page_generator.py every 8 hours, pushing new vulnerable rooms to the repository. If you want to manually trigger the generation of a new room, you can do so from the GitHub Actions tab in the repository.
Contributions are welcome! If you'd like to contribute to BugGPT, feel free to fork the repository and submit a pull request.
Fork the project.
Create your feature branch (git checkout -b feature/new-feature).
Commit your changes (git commit -m 'Add new feature').
Push to the branch (git push origin feature/new-feature).
Open a pull request.
This project is licensed under the MIT License.
BugGPT is a project designed for educational purposes only. Please use responsibly. Do not deploy or use the generated web apps in any real-world scenario or environment where unauthorized access could occur.