Tags: ipa-lab/hackingBuddyGPT
Tags
merge-request for v0.4.0 Good news everyone! There's a new (and long overdue) new version of hackingBuddyGPT out! To summarize the big changes: - @Neverbolt did extensive work on the configuration and logging system: - Overwork of the configuration system - Added a visual and live web based log viewer, which can be started with `wintermute Viewer` - Updated the configuration system. The new configuration system now allows loading parameters from a .json file as well as choosing which logging backend should be used - @lloydchang with @pardaz-banu, @halifrieri, @toluwalopeoolagbegi and @tushcmd added support for dev containers - @jamfish added support for key-based SSH access (to the target system) - @Qsan1 added a new use-case, focusing on enabling linux priv-esc with small-language models, to quote: - Added an extended linux-privesc usecase. It is based on 'privesc', but extends it with multiple components that can be freely switch on or off: - Analyze: After each iteration the LLM is asked to analyze the output of that round. - Retrieval Augmented Generation (RAG): After each iteration the LLM is prompted and asked to generate a search query for a vector store. The search query is then used to retrieve relevant documents from the vector store and the information is included in the prompt for the Analyze component (Only works if Analyze is enabled). - Chain of thought (CoT): Instead of simply asking the LLM for the next command, we use CoT to generate the next action. - History Compression: Instead of including all commands and their respective output in the prompt, it removes all outputs except the most recent one. - Structure via Prompt: Include an initial set of command recommendations in `query_next_command` I thank all our contributors (and hopefully haven't forgotten too many). Enjoy!