An AI-powered assistant for hackers and security professionals built for Caido
Table of Contents
Chatio is a comprehensive AI-powered security testing assistant that seamlessly integrates with Caido. Designed specifically for penetration testers, security researchers, and cybersecurity professionals, Chatio provides intelligent analysis, vulnerability assessment, and expert guidance across all aspects of security testing.
With support for multiple AI providers and specialized security-focused capabilities, Chatio transforms your Caido workflow into an intelligent security testing environment.
Multi-Provider AI Support
- OpenAI Integration: GPT-4o, GPT-4-turbo, and GPT-3.5 models with vision capabilities
- Anthropic Claude: Claude 3.5 Sonnet, Claude 3 Haiku for advanced code analysis
- Google Gemini: Free tier available with Gemini Pro and Flash models
- DeepSeek: Cost-effective alternative with competitive performance
- Local LLMs: Complete privacy with Ollama integration (llama3.2, mistral, codellama)
- Dynamic Model Switching: Choose the best AI model for each specific task
Advanced File & Image Analysis
- Vision-Powered Analysis: Upload screenshots, network diagrams, and visual evidence
- Code File Processing: Direct analysis of source code files (.py, .js, .php, .java, etc.)
- Multi-Format Support: JSON, XML, HTML, text files, and configuration files
- Drag & Drop Interface: Simple file attachment with visual preview
- Batch Processing: Analyze multiple files simultaneously
- Smart Content Recognition: Automatic handling of different file types
Intelligent Chat System
- Context-Aware Conversations: Maintains testing context across multiple exchanges
- Chat History Management: Persistent conversation storage with search capabilities
- Quick Prompt Templates: Pre-built templates for common security scenarios
- Export Capabilities: Save conversations and findings for reporting
- Multi-Chat Support: Organize different testing sessions separately
- Real-time Status: Live connection status and provider information
Professional Security Features
- Custom System Prompts: Tailor AI behavior for specific testing methodologies
- Tool Integration Guidance: Expert advice on Burp Suite, Metasploit, Nmap usage
- Attack Vector Libraries: Comprehensive payload databases and exploitation techniques
- Reconnaissance & OSINT: Information gathering and target profiling strategies
- Compliance & Reporting: Structured output for professional security assessments
- Automation Scripts: Generate custom testing scripts and workflows
Privacy & Security
- Local Storage: All data stored locally in your local storage
- API Key Security: Encrypted storage of sensitive credentials
- No Data Logging: Conversations remain private and are not transmitted to third parties
- Offline Capability: Full functionality with local LLM providers
- Secure Configuration: Best practices for API key management and usage limits
- Open Caido
- Navigate to Settings > Plugins
- Click the Plugin Store tab
- Search for "Chatio"
- Click Install
-
Configure Your First AI Provider:
- For beginners: Start with Google Gemini (free tier) or Local LLMs
- For professionals: OpenAI GPT-4o or Claude 3.5 Sonnet
- Navigate to Settings tab and add your API key
-
Test Your Connection:
- Click "Test Connection" for your chosen provider
- Verify successful authentication
-
Start Your First Analysis:
- Switch to Chat tab
- Upload a code file or describe your testing scenario
- Ask specific security-related questions
-
Explore Advanced Features:
- Try file uploads for code review
- Upload screenshots for visual analysis
- Use quick prompt templates for common scenarios
| Provider | Setup Steps | Cost | Best For |
|---|---|---|---|
| Google Gemini | Visit aistudio.google.com → API Keys → Create | Free tier available | Beginners, general testing |
| OpenAI | Visit platform.openai.com → API Keys → Create | ~$0.03/1K tokens (GPT-4) | Professional testing, vision |
| Anthropic | Visit console.anthropic.com → API Keys → Create | ~$0.025/1K tokens | Code analysis, complex reasoning |
| Local LLMs | Install Ollama → ollama pull llama3.2 |
Free | Privacy, offline testing |
| DeepSeek | Visit platform.deepseek.com → API Keys → Create | Cost-effective | Budget-conscious professionals |
| Use Case | Recommended Model | Provider |
|---|---|---|
| Code Security Review | Claude 3.5 Sonnet | Anthropic |
| Image Analysis | GPT-4o | OpenAI |
| General Security Questions | Gemini Pro | |
| Complex Exploitation | GPT-4-turbo | OpenAI |
| Privacy-Focused Testing | llama3.2, mistral | Local (Ollama) |
| Rapid Prototyping | GPT-3.5-turbo | OpenAI |
-
Ask Security Questions:
"Explain SQL injection techniques for MySQL databases" "How to bypass WAF protection in XSS attacks" "Generate a phishing email template for IT security testing" -
Upload Code for Review:
- Drag & drop source code files
- Get instant security vulnerability analysis
- Receive specific fix recommendations
-
Visual Evidence Analysis:
- Upload screenshots of applications
- Analyze network topology diagrams
- Get insights from error messages or logs
-
Structured Penetration Testing:
- Use quick prompt templates for different phases
- Maintain context across reconnaissance to post-exploitation
- Generate detailed methodology documentation
-
Multi-File Analysis:
- Upload entire codebases for comprehensive review
- Analyze configuration files for misconfigurations
- Process log files for security incidents
-
Custom Testing Scenarios:
- Set specialized system prompts for specific environments
- Integrate with Caido's intercept and modification features
- Generate custom payloads and test cases
-
Reconnaissance Phase:
- OSINT gathering strategies
- Target profiling techniques
- Attack surface enumeration
-
Vulnerability Assessment:
- Automated scan result analysis
- Manual testing guidance
- False positive filtering
-
Exploitation Development:
- Custom payload creation
- Bypass technique development
- Proof-of-concept scripting
-
Post-Exploitation:
- Lateral movement strategies
- Persistence mechanisms
- Data exfiltration techniques
-
Reporting & Documentation:
- Structured finding reports
- Executive summary generation
- Remediation recommendations
- Intelligent Memory: Maintains conversation context across multiple exchanges
- Session Organization: Separate chats for different testing phases
- Context Optimization: Configurable message history for optimal performance
Example: "You are a penetration testing expert specializing in web applications.
Focus on practical exploitation techniques and provide step-by-step methodologies."
- Supported Formats: Images (PNG, JPG), Code files (.py, .js, .php, etc.), Documents (TXT, JSON, XML)
- Vision Models: Automatic detection and use of image-capable models
- Batch Analysis: Process multiple files simultaneously
- Caido Workflow: Seamless integration with Caido's proxy and testing features
- Export Functions: Save conversations, findings, and methodologies
- Theme Support: Dark/light mode matching Caido's interface
API Key & Authentication Problems
- Invalid API Key: Verify key format and check for extra spaces
- Insufficient Quota: Add payment method in provider dashboard
- Rate Limiting: Switch to different model or wait for reset
- Network Issues: Check firewall/proxy settings, try different networks
File Upload & Image Analysis
- Image Analysis Failing: Ensure vision-capable model is selected
- File Size Limits: Reduce file size or split large files
- Unsupported Formats: Check supported file types in documentation
- Upload Errors: Try copy-paste for text content
Performance Optimization
- Slow Responses: Reduce context messages, use faster models
- High Costs: Monitor usage, set limits, use cheaper models for simple queries
- Connection Issues: Verify internet stability, restart Caido if needed
-
Install Ollama:
# Download from https://ollama.ai ollama serve -
Download Models:
ollama pull llama3.2 # General purpose ollama pull llama3.2-vision # Image analysis ollama pull codellama # Code analysis
-
Configure Chatio:
- Set URL:
http://localhost:11434 - Add models:
llama3.2, llama3.2-vision, codellama
- Set URL:
Complete documentation including:
- Setup Guides: Step-by-step provider configuration
- Security Templates: Pre-built prompts for common scenarios
- Best Practices: Professional testing methodologies
- Troubleshooting: Comprehensive problem-solving guides
Access the full documentation within the plugin under the Help & Docs tab.
Chatio is actively maintained with regular updates including:
- New AI provider integrations
- Enhanced security testing templates
- Performance optimizations
If you encounter any issues or have suggestions for improvements, please:
- Report bugs and feature requests
- Share your security testing workflows
- Contribute to the growing knowledge base
This project is licensed under the MIT License - see the LICENSE file for details.
Made with ❤️ by Amr Elsagaei for the Caido and security community