Penetration Testing

PentestGPT – A ChatGPT Empowered Automated Penetration Testing Tool

Cyber Security News has found a new ” PentestGPT ” tool that helps penetration testers automate their pentesting processes, and ChatGPT powers it.

A Ph.D. student at Nanyang Technological University, operating under “GreyDGL” on GitHub, recently released a new ChatGPT-powered Penetration Testing Tool dubbed “PentestGPT.”

After its initial release by OpenAI, the ChatGPT achieved immense fame and a user base rapidly due to its extraordinary advancements and possibilities.

Primarily ChatGPT captured the attention of a broad user base due to the two key abilities that we have mentioned below:- 

  • Engage in human-like conversations
  • Provide helpful information

PentestGPT ChatGPT-Based Penetration Testing Tool

This PentestGPT tool is wholly based on ChatGPT, and it helps the penetration testers perform several complicated procedures involved during penetration testing.

Moreover, for high-quality reasoning, the PentestGPT Tool entirely depends on the OpenAI’s GPT-4 module. 

So, if you want access to the PentestGPT Tool, you must purchase or subscribe to the ChatGPT Plus membership since the GPT-4 API is not yet available to the public for free.

Moreover, the PentestGPT Tool ultimately depends on the OpenAI’s GPT-4 module for high-quality reasoning. 

So, if you want access to the PentestGPT Tool, you must purchase or subscribe to the ChatGPT Plus membership since the GPT-4 API is not yet available to the public for free.

PentestGPT Design

Here is the complete PetestGPT architecture and the current design is mainly for web penetration testing.

PentestGPT architecture

General Design

  • A test generation module that generates the exact penetration testing commands or operations for the users to execute.
  • A test reasoning module conducts the reasoning of the test, guiding the penetration testers on what to do next.
  • A parsing module that parses the output of the penetration tools and the contents on the webUI.

Logic Flow Design

  1. User initializes all the sessions. (prompt)
  2. User initializes the task by
    1. User provides the target information to the ReasoningSession.
    2. The ReasoningSession generates a task-tree based on the target information.
    3. The ReasoningSession decides the first todo, and passes the information to the GenerationSession.
    4. The GenerationSession generates the exact command for the user to execute, and passes it to the User.

Function Design

The handler is the main entry point of the penetration testing tool. It allows pentesters to perform the following operations:

  1. (initialize itself with some pre-designed prompts.)
  2. Start a new penetration testing session by providing the target information.
  3. Ask for todo-list, and acquire the next step to perform.
  4. After completing the operation, pass the info to PentestGPT.
  5. The generation module can also start a continuous mode, which helps the user to dig into a specific task.

You can read the complete architecture details here at GitHub.

Here’s what GreyDGL stated:-

“Since the PentestGPT tool is built on ChatGPT so, it seamlessly automates the penetration testing with interactivity, guiding testers in progress and operations.”

Not only that, even PentestGPT also able to rectify the following challenges easily:-

  • HackTheBox machines challenges
  • CTF challenges

Here’s the quick video demonstration of PentestGPT by GreyDGL:-

3 Modules of PentestGPT

Here below, we have mentioned the three modules of PentestGPT:-

  • Test generation module
  • Test reasoning module
  • Parsing module

Functions of PentestGPT

  • Initialize the system by using pre-designed prompts to set up the initial state.
  • By entering the target information, it starts a new penetration testing session.
  • Ask for the todo-list, which will provide the next step or action to be performed during the penetration testing.
  • Carry out the assigned operation or task from the todo-list.
  • Once the operation is completed, transfer the following relevant data to PentestGPT for further analysis:-
  • Tool output
  • Webpage content
  • Human description


PentestGPT Installation
  • By running the command “pip install -r requirements.txt,” you must install the requirements.txt.
  • Then in the config file, you have to configure the cookies, and to do so:
  • a. Copy the sample configuration file by running the command “cp config/ config/”.
  • b. If you use cookies, log in to the ChatGPT session page.
  • c. Open the Inspect tool and go to the Network tab.
  • d. Look for connections to the ChatGPT session page.
  • e. Find the cookie in the request header of the URL “”.
  • f. Copy the cookie value.
  • g. Paste the copied cookie into the “cookie” field of the “config/” file.
  • h. Note that other fields in the config file are temporarily deprecated due to the ChatGPT page update.
  • Fill in the “userAgent” field with your user agent in the “config/” file.
  • If you’re using the API, fill in the OpenAI API key in the “” file.
  • Now run the command “python3” to verify the connection is configured correctly.
  • Then look for sample conversations with ChatGPT.

Sample Output:

1. You’re connected with ChatGPT Plus cookie. 

To start PentestGPT, please use <pentestgpt –reasoning_model=gpt-4>

## Test connection for OpenAI api (GPT-4)

2. You’re connected with OpenAI API. You have GPT-4 access. To start PentestGPT, please use <pentestgpt –reasoning_model=gpt-4 –useAPI>

## Test connection for OpenAI api (GPT-3.5)

3. You’re connected with OpenAI API. You have GPT-3.5 access. To start PentestGPT, please use <pentestgpt –reasoning_model=gpt-3.5-turbo –useAPI>

## Test connection for OpenAI api (GPT-3.5 16k tokens)

3. You’re connected with OpenAI API. You have GPT-3.5 access. To start PentestGPT, please use <pentestgpt –reasoning_model=gpt-3.5-turbo-16k –useAPI>

If the errors continue, you must refresh the page, repeat the steps, and retry. If needed, then you can also use the cookie at “” You can find the complete module here.

Frequently Asked Questions

What is PentestGPT?

PentestGPT is a penetration testing tool that ChatGPT powers. It’s made to ease the process of penetration testing. It is built on top of ChatGPT and works in an interactive way to help penetration testers with overall progress and specific operations.

Do I need to be a ChatGPT plus member to use PentestGPT?

ChatGPT plus or the GPT-4 API are what you should be using. For enhanced reasoning, PentestGPT uses the GPT-4 model. A wrapper is provided to enable PentestGPT to make use of a ChatGPT session, as there is currently no publicly available GPT-4 API. GPT-4 API can be used directly if available.

Cyber Writes Team

Work done by a Team Of Security Experts from Cyber Writes ( - World’s First Dedicated Content-as-a-Service (CaaS) Platform for Cybersecurity. For Exclusive Cyber Security Contents, Reach at:

Published by
Cyber Writes Team

Recent Posts

Google Revealed RETVec to Defend Malicious Emails & Spam for Gmail Users

The text-to-dense representation techniques vary, evolving from character bi-grams to advanced subword vectorizers, combating OOV…

15 hours ago

New Android Malware FjordPhantom Spreads Covertly Via Email, SMS, & Messaging Apps

In the ever-evolving realm of cybersecurity, Promon, a trailblazer in mobile security solutions, has brought…

2 days ago

New SugarGh0st RAT Delivered via Malicious Windows Shortcut & JavaScript

Hackers use Remote Access Trojans (RATs) to gain unauthorized access and control over a victim's…

2 days ago

Black Basta Ransomware Received Over $100 Million From Victims

Black Basta, the fourth-most active ransomware strain with more than 329 victims, has reportedly made…

2 days ago

Notepad++ Input Validation Flaws Leads to uncontrolled Search Path Vulnerability

Notepad++ has been discovered with an uncontrolled search path vulnerability, which could allow threat actors…

2 days ago

WhatsApp Secret Code Feature Lets Users Set Unique Locked Chat Passwords

WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret…

2 days ago