探索网络安全新技术
攀登黑客技术最高峰

ChatGPTScan:批量白盒代码审计工具

ChatGPTScan:批量白盒代码审计工具-威武网安

安装

git clone https://github.com/YulinSec/ChatGPTScanner
cd ChatGPTScanner
pip install -r requirements.txt

使用(需要设置你的OPENAI_API_KEY)

$ python chatgptscan.py --help

NAME
    chatgptscan.py - ChatGPTScan help summary page

SYNOPSIS
    chatgptscan.py - COMMAND | 

DESCRIPTION
    A white box code scan powered by ChatGPT

    Example:

        python chatgptscan.py common_scan --project ./benchmark --language "['python']" --include "['directory']" --proxy http://127.0.0.1:7890

        python chatgptscan.py common_scan --project ./go-sec-code --language "['go']" --include "['controllers/cmdi.go','utils']"  --proxy http://127.0.0.1:8080

        python chatgptscan.py taint_sink_scan --project ./benchmark --language "['python']" --sink "os.system()"  --exclude "['directory/exclude.go']"

    Note:
        --project       path to target project
        --language      languages of the project, decide which file extension will be loaded
        --include       files send to ChatGPT, relative directory or relative filepath, match by prefix 
        --exclude       files not send to ChatGPT, relative directory or relative filepath, match by prefix 
        --sink          decrible your sink, only works in taint_sink_scan
        --key           openai api key, also get from environment variable OPENAI_API_KEY
        --proxy         openai api proxy
        --dry           dry run, not send files to ChatGPT

项目地址

ChatGPTScanner

赞(0) 打赏
版权声明:本文采用知识共享 署名4.0国际许可协议 [BY-NC-SA] 进行授权
文章名称:《ChatGPTScan:批量白盒代码审计工具》
文章链接:https://www.wevul.com/382.html
本站所有内容均来自互联网,只限个人技术研究,禁止商业用途,请下载后24小时内删除。

评论 抢沙发

如果文章对你有帮助 可以打赏一下文章作者

非常感谢你的打赏,我们将继续提供更多优质内容,让我们一起创建更加美好的网络世界!

支付宝扫一扫打赏

微信扫一扫打赏

登录

找回密码

注册