Pentesting with OpenAI
It's bad, but maybe not *that* bad. Yet.
I've recently seen a demonstration of using ChatGPT with Kali Linux to automate pentesting in such a way that the attacker need only ask the GPT to perform an attack in simple terms, and the attack can be executed all by itself.
It's very neat, very scary, but I decided to have a run through to see just how effective it might be, using this site as an example.
Running standard exploit tools did give back some pretty horrible results, with several exploits scoring a solid 10 (which is bad) but drilling into the results and having the GPT actually exploit those did show the limitations of the tooling. for example trying to run nonexistent local scripts, or taking a webpage as a command.
So maybe all is not lost. Yet. But these tools are only going to improve over the next few years and I'm sure once they work out the difference between a webpage and a script, we'll see a lot more attacks just because it's easy.
