Web Pen-Testing

The goal of this use-case is to explore web security. It is currently very much in the exploratory stage, but there are already very basic capabilities.

Current features

• Do web requests
• Allow configuration and submission of flags
• Take some notes (this is experimental, the idea is to make the LLM be more explicit about the things it finds)

Example run

This is a simple example run of the simple_web_test using GPT-3.5-turbo against a very vulnerable web blog: