PentestGPT icon indicating copy to clipboard operation
PentestGPT copied to clipboard

Published 20 hours ago verified publisher icon GreyDGL

Make PentestGPT a Python module and easily installable

Open vmayoral opened this issue 1 year ago • 5 comments

These changes introduce significant modifications in the repo to formalize it as a Python 3 module and be able to pip-install it (and/or facilitate pushing it to PyPi, eventually).

Changes facilitate usability by packing Python-logic into CLI-tools that automatically install with it. The following is deployed in the current version:

  • pentestgpt: main logic
  • pentestgpt-cookie: extract cookie from Chrome browser
  • pentestgpt-connection: test connection

To install it (once this PR is merged, until then, you can test-install it with pip3 install git+https://github.com/vmayoral/PentestGPT):

# 0. Get the latest version
pip3 install git+https://github.com/GreyDGL/PentestGPT

# 1. Fetch cookie
pentestgpt-cookie
Run the following command to set the cookie:

export CHATGPT_COOKIE='<big-string-you-shall-get-from-the-previous-command>'

# 2. Copy the previous command and run it in your terminal
#  NOTE: do copy the content in your CLI, not the one in this README.md.
#  should be something like this:
#
# export CHATGPT_COOKIE='<big-string-you-shall-get-from-the-previous-command>'

# 3. Test the connection
pentestgpt-connection

# 4. Run the tool
pentestgpt

Matching updates in the README are packed also as part of this contribution.

vmayoral avatar May 28 '23 19:05 vmayoral

Perfect! Will do some local testing first.

GreyDGL avatar May 29 '23 04:05 GreyDGL

Cannot complete the installation process on both MacOS and Ubuntu. I'm not really familiar with debugging this. Can @vmayoral you help to check if I'm missing anything in the installation process?

So I basically tried both pip3 install git+https://github.com/vmayoral/PentestGPT and clonining the project to local env and pip3 install ./. Both are successful. But When I run pentestgpt-cookie, here's the output:

$ pentestgpt-cookie
Traceback (most recent call last):
  File "/opt/homebrew/bin/pentestgpt-cookie", line 5, in <module>
    from pentestgpt.extract_cookie import main
ModuleNotFoundError: No module named 'pentestgpt'

GreyDGL avatar May 29 '23 05:05 GreyDGL

For this error, I think it is due to a missing __init__.py under pentestgpt directory. However, I face another issue after adding this file:

pentestgpt-cookie
Unable to connect to cookie_file at: /home/peng/.config/google-chrome/Profile 2/Cookies

Traceback (most recent call last):
  File "/home/peng/PentestGPT/env/bin/pentestgpt-cookie", line 11, in <module>
    load_entry_point('pentestgpt==0.8.0', 'console_scripts', 'pentestgpt-cookie')()
  File "/home/peng/PentestGPT/env/lib/python3.8/site-packages/pentestgpt/extract_cookie.py", line 22, in main
    cookies = chrome_cookies(url, cookie_file=cookie_file)
  File "/home/peng/PentestGPT/env/lib/python3.8/site-packages/pycookiecheat/pycookiecheat.py", line 283, in chrome_cookies
    conn = sqlite3.connect("file:{}?mode=ro".format(cookie_file), uri=True)
sqlite3.OperationalError: unable to open database file

I guess this is due to the fact that I use WSL and the Chrome cookie db doesn't exist.

dealbreaker973 avatar May 29 '23 06:05 dealbreaker973

Thanks all for the input. Addressed it all, I believe.

asciicast

@GreyDGL, please have another look. To reproduce:

docker run -it ubuntu:22.04
apt-get update && apt-get install -y python3 python3-pip git
pip3 install git+https://github.com/vmayoral/PentestGPT

pentestgpt

vmayoral avatar May 29 '23 08:05 vmayoral

The usage of '~' for home directory in cookie extraction is not working as expected (with MacOS, virtualenv). Suggested fix:

from pathlib import Path
home = str(Path.home())
...
cookie_file = Path(home, "Library/Application Support/Google/Chrome/Profile 2/Cookies")

Other than that the solution works perfectly.

GreyDGL avatar May 30 '23 06:05 GreyDGL

The usage of '~' for home directory in cookie extraction is not working as expected (with MacOS, virtualenv). Suggested fix:

Implemented at https://github.com/GreyDGL/PentestGPT/pull/100/commits/58e80fa92dea24da3d4899aa625b7683100720da.

NOTE that the default behavior can be dynamically rewritten (without having to modify the source code) using the BROWSER_COOKIE_DB environmental variable.

Tested it with:

  • OS X (native, non-venv) ✅
  • Ubuntu 22.04 (docker container) ✅

vmayoral avatar May 30 '23 06:05 vmayoral

I would quickly prepare an updated README file first and then merge it.

GreyDGL avatar May 30 '23 07:05 GreyDGL

Sure thing. I took the liberty of proposing some changes at https://github.com/GreyDGL/PentestGPT/pull/100/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5.

Feel free to complement those here if that helps.

vmayoral avatar May 30 '23 07:05 vmayoral

There are still other compatibility issues for this PR. I'll create a separate issue page for them.

GreyDGL avatar May 30 '23 08:05 GreyDGL