This repository contains the workshop guide, educational tools and scripts for learning how AI can be applied in offensive security.
The AI4EH workshop demonstrates some practical applications of AI in security, including:
- AI Reconnaissance - Generate contextual subdomain wordlists and automate target enumeration
- Intelligent Screenshot Analysis - Use neural networks and multimodal LLMs to classify web apps
- Smart Content Discovery - Create custom fuzzing wordlists based on application context
- Automated Exploit Generation - Explore nuclei AI template generation
- Hackbots - Play with CAI agents for vulnerability discovery
- MCP Integrations - Connect AI assistants to security tools like Burp Suite, Ghidra and more
-
Build the container:
chmod +x build_image.sh ./build_image.sh
-
Run the environment:
chmod +x run_image.sh ./run_image.sh
Or simply use the pre-built image:
docker run --rm -it --env-file env_file ethiack/ai4eh:latestllm_screenshot_classifier.py- Multimodal AI for categorizing web application screenshotsscrape.py- Web scraping with analysisnlp.py- NLP utility for keyword extraction and text analysiscai_custom_xss_tool_with_notify.py- AI agent example with a simple custom tool for notifications
The Docker environment includes popular tools:
- LLM - Access LLMs from the command-line
- Nuclei - Fast, customizable vulnerability scanner
- FFUF - Fast web fuzzer
- FFUFAI - AI-powered ffuf wrapper
- Subfinder - Fast passive subdomain enumeration tool
- HTTPx - Multi-purpose HTTP toolkit
- Notify - Assistance package for sending notifications
- EyeBaller - Convolutional neural network for analyzing pentest screenshots
- PureDNS - Fast domain resolver and subdomain bruteforcing tool
- Docker
- API keys for AI services (Google Gemini, OpenAI, etc.)
- Basic understanding of security concepts
Create an env_file with your API credentials:
OPENAI_API_KEY=your_openai_key_here
GEMINI_API_KEY=your_gemini_key_here
...This content is designed for:
- ✅ Learning AI applications in offensive security
- ✅ Educational vulnerability research
- ✅ Authorized penetration testing
- ✅ CTF experiments
This is an educational project. Feel free to:
- Report issues or bugs
- Suggest improvements to existing tools
- Share educational use cases
Educational use - always respect responsible disclosure and ethical hacking principles.
Disclaimer: This content is intended for educational purposes and authorized security testing only. Users are responsible for ensuring compliance with applicable laws and regulations.