forked from Stuub/stuubdev
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathreconnai.html
183 lines (180 loc) · 13.4 KB
/
reconnai.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
<!DOCTYPE html>
<html lang="en">
<link rel="stylesheet" href="scripts/css/reconai.css">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>ReconnAI | stuub.dev</title>
<!-- Standard favicons -->
<link rel="icon" href="img/favicon-16x16.png" type="image/x-icon">
<link rel="icon" href="img/favicon-32x32.png" type="image/x-icon">
<!-- Apple favicons -->
<link rel="apple-touch-icon" href="img/apple-touch-icon.png">
<!-- Android favicons -->
<link rel="manifest" href="img/site.webmanifest">
<link rel="icon" href="img/android-chrome-192x192.png" type="image/png">
<link rel="icon" href="img/android-chrome-512x512.png" type="image/png">
<meta name="description" content="Explore ReconnAI, a Python framework integrating AI with the Reconnaissance phase of Penetration Testing, developed for a University Dissertation on Automated Vulnerability Analysis and Penetration Testing.">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css">
<script src="https://cdn.jsdelivr.net/npm/pace-js@latest/pace.min.js"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/pace-js@latest/pace-theme-default.min.css">
<link rel="stylesheet" href="scripts/css/minimal.css">
</head>
<body class="">
<nav class="navbar navbar-expand-lg navbar-dark fixed-top">
<a class="navbar-brand" href="index.html">stuub.dev</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarNav">
<ul class="navbar-nav">
<li class="nav-item">
<a class="nav-link" href="index.html">Home <span class="sr-only">(current)</span>
</a>
</li>
<li class="nav-item dropdown active">
<a class="nav-link dropdown-toggle active" href="#" id="projectsDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> Projects </a>
<div class="dropdown-menu" aria-labelledby="projectsDropdown" style="background-color: #191924;">
<a class="dropdown-item active" href="#">ReconnAI</a>
<a class="dropdown-item" href="cert.html">Northumbria Certificate Helper</a>
<a class="dropdown-item" href="https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC">Crushed | Exploiting CrushFTP</a>
<a class="dropdown-item" href="https://github.com/Stuub/RCity-CVE-2024-27198"> RCity | Exploiting JetBrains TeamCity</a>
</div>
</li>
<li class="nav-item">
<a class="nav-link" href="contact.html">Contact</a>
</li>
</ul>
<div class="ml-auto">
<button class="btn btn-secondary my-2 my-sm-0 mt-auto" id="darkModeToggle">Dark Mode</button>
</div>
</nav>
<div class="jumbotron jumbotron-fluid">
<div class="container">
<h1 class="display-4">ReconnAI</h1>
<p class="lead">ReconnAI is a python framework that integrates AI with the Reconnaissance phase of Penetration Testing. <br>It was developed for my University Dissertation entitled: <br><br>'Integrating Artificial Intelligence and CyberSecurity: <br> A Comprehensive Exploration of Automated Vulnerability Analysis and Penetration Testing.'</p>
<!-- <img id="splash" src="img/reconai.png" style="min-height: min-content; max-height: 50rem;"> -->
</div>
</div>
<div class="d-flex flex-row">
<!-- Sidebar -->
<nav class="scrolling navbar-light position-sticky scroll-nav" style="top: 0;">
<ul class="nav nav-pills flex-column">
<li class="nav-item">
<a class="nav-link" href="#section1">Welcome to ReconnAI</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#section2">AI Integration</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#section3">Development</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#section4">Interesting Features:</a>
</li>
<li class="nav-item">
<a class="nav-link small-link" href="#row1">Output results to styled HTML page</a>
<a class="nav-link small-link" href="#row2">Q&A Tool</a>
<a class="nav-link small-link" href="#row3">Bring your own binary</a>
<a class="nav-link small-link" href="#row4">Cleanup</a>
</li>
</ul>
</nav>
<div class="container-fluid" id="myScrollspy">
<section id="section1" style="margin-bottom: 2rem;">
<div class="row">
<div class="col-12 text-center seperator" style="background-color: black;">
<h2>Welcome to ReconnAI</h2>
<p1>Use Penetration Testing tools, with AI on your shoulder! Comes out the box with a selection of poplular and useful tools ready to be spun up. NMAP, Masscan, SQLMap, Recon-NG, Nikto - All in the CLI! Flexible enough to reliably run ANY binary from CLI, integration with user supplied binaries</p1>
</div>
</div>
<div class="images col-12 md-6 justify-content-center" style="display: flex">
<img src="img/reconai_splash.png" style="min-height: min-content; max-height: 50rem;">
</div>
</section>
<section id="section2" style="margin-bottom: 2rem;">
<div class="row">
<div class="col-12 text-center seperator" style="background-color: black;">
<h2>AI Integration</h2>
<p1>ReconnAI utilises the OpenAI GPT API. Takes a modular approach to allowing the user to run their scans without interruption, until the scan comes to a close, then the results are piped in to be analysed by GPT, in the aim to present any findings and give relevant details to how to approach an attack. <br><br> The AI generation is obliged to assess: <br> - Host Info <br> - Services <br> - Vulnerabilities <br> - Public exploits / PoC's available <br> - Mitigations of risk</p1>
</div>
</div>
<div class="images col-12 md-6 justify-content-center" style="display: flex;">
<img src="img/reconnai.png" style="min-height: min-content; max-height: 50rem;">
</div>
</section>
<section id="section3" style="margin-bottom: 2rem;">
<div class="row">
<div class="col-12 text-center seperator" style="background-color: black;">
<h2>Development</h2>
<p1>Development of ReconnAI has primarily been Python3 focussed. During development, i realised there were a number of external dependencies that would be required. As a method to automating this for the user, i developed a bash script that will be prompted to run on launch of tool to check existence of dependencies, and install those that aren't met. </p1>
<br><br><p1>During the initial stages of development, the idea was to utilise the pre-defined tools with their respective API's. However, due to a lack of available and useful API's for ALL tools used, i took the path of subprocess calls to execute the binaries directly. Despite this meaning users have to have the tool installed, it allowed me to use a 'catch-all' approach rather than using both API's & subprocessing.</p1>
</div>
</div>
<div class="images col-12 md-6 justify-content-center" style="display: flex;">
<img src="img/install.png" style="min-height: min-content; max-height: 50rem;">
</div>
</section>
<section id="section4" style="margin-bottom: 2rem;">
<div class="row">
<div class="col-12 text-center seperator" style="background-color: black;">
<h2>Interesting Features</h2>
<p1>As this has been a huge passion project for me, there are some features i decided to add for my own educational benefit, improving user experience, or just for fun.</p1>
</div>
</div>
<div class="row" id="row1" style="margin-top: 1%;">
<div class="col-12 text-center seperator">
<h3> - Output results to styled HTML page: </h3>
<p> I was getting tired of wasting the beautiful styling in the terminal from the rich python library, so decided to add a condition to add some simple styling to any .html exports created. Always keeping the user experience in mind ;) </p>
</div>
</div>
<div class="images col-12 md-6 justify-content-center" style="display: flex;">
<img src="img/html.gif" style="min-height: min-content; max-height: 50rem;">
</div>
<div class="row" id="row2" style="margin-top:1%">
<div class="col-12 text-center seperator">
<h3> - Q&A Tool: </h3>
<p> I'm a big fan of learning, and learning is a big part of Cyber Security. I thought it would be a well taken addition if i could add some oppurtunity to expand your knowledge in the tool. </p>
<p> The Q&A tool can be found in the main menu, named AI Assistant. Will have a context driven conversation with you for as long as you'd like.</p>
<p> Context parameters are set to Cyber Security focussed Q&A, but can also take questions and give answers to anything you'd like. Have fun :)</p>
</div>
</div>
<div class="images col-12 md-6 justify-content-center" style="display: flex;">
<img src="img/qna.png" style="min-height: min-content; max-height: 50rem;">
</div>
<div class="row" id="row3" style="margin-top: 1%;">
<div class="col-12 text-center seperator">
<h3> - Bring your own binary: </h3>
<p> This idea was a very late stage implementation, mainly a lightbulb idea for quick testing of the ai responses when doing some prompt engineering. Which turned to me realising how flexible it makes the tool</p>
<p> With the use of this feature, you can run any binary as if it were a new shell. From 'ip a' to spinning up a docker. The potential of this i haven't been able to comprehensively test, however it seems faultless in my small testing so far </p>
<p> May be useful for more experienced Pen Testers, i certaintly found it nice to be able to just punch in my CLA's as if it were a regular shell. But now with AI!</p>
</div>
</div>
<div class="images col-12 md-6 justify-content-center" style="display: flex;">
<img src="img/byob.png" style="min-height: min-content; max-height: 50rem;">
</div>
<div class="row" id="row4" style="margin-top: 1%;">
<div class="col-12 text-center seperator">
<h3> - Cleanup: </h3>
<p> Digital garbage remover.</p>
<p> With enough use, you'll find that the tool can produce quite a few log files of each scan saved. This feature is here to give the user an intuitive way to get rid of what they don't want</p>
<p> Specifically searches for log-style files, will ommit anything that shouldn't be deleted.</p>
<p> Exclusion method - The user chooses the file they DON'T want deleted, rather than vice versa.</p>
</div>
</div>
<div class="images col-12 md-6 justify-content-center" style="display: flex;">
<div class="embed-responsive embed-responsive-16by9">
<video class="embed-responsive-item" controls muted>
<source src="img/cleanup.mp4" type="video/mp4">
Your browser does not support the video tag.
</video>
</div>
</div>
</section>
</div>
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js"></script>
<script src="scripts/js/main.js" defer></script>
</body>
</html>