Welcome to AttackImaginator—a project crafted entirely for educational purposes!
Discover how you can leverage LLMs to enhance your day-to-day work quality and skills, instead of relying blindly on their output.
Although, it's just another scrappy pentest tool!
AttackImaginator harnesses the power of Semgrep to scan your project using defined rule repositories. It then employs LLMs to generate possible attack scenarios, aiding security engineers in their learning and penetration tests.
Code review is a mighty tool in security testing that can unveil vulnerabilities without the need for exhaustive hours of testing. While it might seem daunting to newcomers in pentesting, the reality is that code review is your best friend!
AttackImaginator helps elevate your automated code review to the next level by creating applicable Proofs of Concept (PoCs) and explanations to share with your developer peers, partners, and more.
All outputs are generated based on the code repository you provide.
Disclaimer: I do not accept any responsibility for your actions. Please thoroughly examine the scenarios that AttackImaginator creates to ensure they do not cause any harm outside your test scope.
You should have ollama installed with a model deployed in it first then you can follow below steps.
However, if you'd like to use AttackImaginator with diffferent LLM provider platforms, you're always welcome to send a PR.
$ git clone https://github.com/nuryslyrt/AttackImaginator.git
$ cd AttackImaginator
$ python3 -m venv .venv
$ source .venv/bin/activate
$ python3 -m pip install -r requirements.txt
$ python3 attack_imaginator.py -t [FULL_PATH_OF_THE_CODE_REPO_WILL_BE_SCANNED] -m [THE_MODEL_THAT_DEPLOYED_ON_YOUR_OLLAMA]Check the scanned repo folder to find your outputs!
To see what they may look like, check the example outputs from some known vulnerable apps!
Automated Scanning: Uses Semgrep to analyze your codebase with defined rule repositories. Semgrep is very powerful, lightweight and open source tool that I recommend everyone to create their own rules!
LLM-Powered Scenarios: Employs LLMs to imagine potential attack vectors based on your code.
Educational Focus: Aims to enhance your security testing skills in a fun and engaging way.
AttackImaginator is a passion project built entirely for fun!
Feel free to send a pull request to enhance it!
Here are some features you might contribute:
- Adding more model connections (e.g., AWS, Google, OpenAI)
- Remediation creation
- Scenario combination for better impact and attack analysis
Let's make security testing more imaginative and fun together! 🚀
-EOF