Your privacy, your choice

We use essential cookies to make sure the site can function. We also use optional cookies for advertising, personalisation of content, usage analysis, and social media.

By accepting optional cookies, you consent to the processing of your personal data - including transfers to third parties. Some third parties are outside of the European Economic Area, with varying standards of data protection.

See our privacy policy for more information on the use of your personal data.

for further information and to change your choices.

Skip to main content
SpringerLink
Log in

AI-Assisted Pentesting Using ChatGPT-4

  • Conference paper
  • First Online:
ITNG 2024: 21st International Conference on Information Technology-New Generations (ITNG 2024)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1456))

Included in the following conference series:

  • 44 Accesses

Abstract

Artificial Intelligence (AI) technologies have been experiencing rapid developments and applications in various fields including Cybersecurity to improve efficiency, productivity, and accuracy. Penetration testing (pentesting) is a critical step in cyber defense to utilize authorized offensive tools and simulated attacks to uncover security vulnerabilities to be used for cybersecurity risk assessment and mitigation. Pentesting steps often include reconnaissance, scanning, knowledge discovery, data analysis, and queries of large amounts of information to detect meaningful threats and vulnerabilities, which could use the help of interactive AI tools, such as ChatGPT. However, AI tools like ChatGPT are still evolving with limitations and challenges for applications. This study conducts simulation tests based on a limited AI-Assisted pentesting model for security knowledge discovery using interactive ChatGPT-4 powered by Large Language Models (LLMs). The purpose of this research is to discover and demonstrate the role and value of AI in planning and conducting pentesting. This study utilizes a VMWare-based network of virtual machines for simulated network attacks and ChatGPT-4 for training and answering prompts on pentesting questions of interest. This research will also discuss limitations of using AI technologies in pentesting and suggestions for the future.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. D.N. Railkar, S. Joshi, A comprehensive literature review of artificial intelligence in the field of penetration testing, in Intelligent Systems and Applications, Lecture Notes in Electrical Engineering, ed. by A.J. Kulkarni et al., vol. 959, (2023), pp. 75–85. https://doi.org/10.1007/978-981-19-6581-4_7

    Chapter  Google Scholar 

  2. P. Wang, H. D’Cruze, Lessons on the power of knowledge for cyber defense from Sun Tzu’s the Art of War. Issues Inf. Syst. 21(3), 105–116 (2020)

    Google Scholar 

  3. M. Dsouza, How artificial intelligence can improve pentesting (2018). Available: https://hub.packtpub.com/how-artificial-intelligence-can-improve-pentesting/

  4. A. Mamgai, Generative AI with cybersecurity: Friend or foe of digital transformation? (2023). Available: https://www.isaca.org/resources/news-and-trends/industry-news/2023/generative-ai-with-cybersecurity-friend-or-foe-of-digital-transformation

  5. A. Happe, J. Cito, Getting pawn’d by AI: Penetration testing with Large Language Models, in ESEC/FSE ‘23, San Francisco, CA, USA, 3–9 Dec 2023 (2023)

    Google Scholar 

  6. G. Deng, et al., PENTESTGPT: An LLM-empowered automatic penetration testing tool (2023). Available: https://doi.org/10.48550/arXiv.2308.06782

  7. B. Schneier, The coming AI hackers, in The Cyber Projecct: Council for the Responsible Use of AI, (Harvard Kennedy School, 2021)

    Google Scholar 

  8. R. Kaur, D. Gabrijelcic, T. Klobucar, Artificial intelligence for cybersecurity: Literature review and future research directions. Inf. Fusion 97, 1–29 (2023)., 101804

    Article  Google Scholar 

  9. A. Froehlich, AI pen testing promises, delivers both speed and accuracy (2020). Available: https://www.techtarget.com/searchsecurity/tip/AI-pen-testing-promises-delivers-both-speed-and-accuracy

  10. J. Pope, Human vs AI in pen testing (2023). Available: https://cybersmartconsulting.com/ai-in-pen-testing/

  11. M. Gupta, K. Aryal, L. Praharaj, From ChatGPT to ThreatGPT: Impact of generative AI in cybersecurity and privacy. IEEE Access 11(2023), 80218–80245 (2023)

    Article  Google Scholar 

  12. S. Temara, Maximizing penetration testing success with effective reconnaissance techniques using ChatGPT. Res. Sq., 1–10 (2023). https://doi.org/10.21203/rs.3.rs-2707376/v1

  13. S. Wilson, Cybersecurity and Artificial Intelligence: Threats and Opportunities (Contrast Security, 2023)

    Google Scholar 

  14. M. Al-Hawawreh, A. Aljuhani, Y. Jararweh, Chatgpt for cybersecurity: Practical applications, challenges, and future directions. Clust. Comput. 2023(26), 3421–3436 (2023)

    Article  Google Scholar 

  15. X. Zhan, Y. Xu, S. Sarkadi, Deceptive AI ecosystems: The case of ChatGPT, in ACM Conference on Conversational User Interfaces (CUI ‘23), Eindhoven, Netherlands, 19–21 July 2023 (2023)

    Google Scholar 

  16. CYFIRMA, ChatGPT AI in security tessting: Opportunities and challenges (2023). https://www.cyfirma.com/outofband/chatgpt-ai-in-security-testing-opportunities-and-challenges/

  17. OpenAI, GPT-4 (2023). Available: https://openai.com/research/gpt-4

  18. OpenAI, GPT-4 Technical Report (2023). Available: https://arxiv.org/abs/2303.08774

  19. J. Liu, Welcome to LlamaIndex (2022). Available: https://gpt-index.readthedocs.io/en/stable/

  20. J. Liu, Simple Directory Reader (2022). Available: https://gpt-index.readthedocs.io/en/latest/examples/data_connectors/simple_directory_reader.html

  21. LangChain, Inc., LangChain – Introduction (2023). Available: https://python.langchain.com/docs/get_started/introduction

  22. J. Liu, PromptHelper (2022). Available: https://gpt-index.readthedocs.io/en/latest/api_reference/service_context/prompt_helper.html

  23. NMAP.ORG, Nmap: Discover your network (2023). Available: https://nmap.org/

  24. WIRESHARK.ORG, About Wireshark (2023). Available: https://www.wireshark.org/about.html

  25. VulnHub, BWAPP: BEE-BOX (v1.6) (2023). Available: https://www.vulnhub.com/entry/bwapp-bee-box-v16,53/

Download references

Author information

Authors and Affiliations

  1. Robert Morris University, Pittsburgh, PA, USA

    Ping Wang

  2. University of Maryland, College Park, MD, USA

    Hubert D’Cruze

Authors
  1. Ping Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hubert D’Cruze
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ping Wang .

Editor information

Editors and Affiliations

  1. Dept of Electrical & Computer Engg, University of Nevada, Mail Stop 4026, Las Vegas, NV, USA

    Shahram Latifi

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, P., D’Cruze, H. (2024). AI-Assisted Pentesting Using ChatGPT-4. In: Latifi, S. (eds) ITNG 2024: 21st International Conference on Information Technology-New Generations. ITNG 2024. Advances in Intelligent Systems and Computing, vol 1456. Springer, Cham. https://doi.org/10.1007/978-3-031-56599-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-56599-1_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-56598-4

  • Online ISBN: 978-3-031-56599-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics