mblanke
b9428df6df
- 6-Phase pentest methodology UI (Recon, Scanning, Vuln, Exploit, Report, Retest) - Phase-aware AI prompts with context from current phase - Attack chain analysis and visualization - CVSS-style severity badges (CRITICAL/HIGH/MEDIUM/LOW) - Findings sidebar with severity counts - Phase-specific tools and quick actions
4.2 KiB
⚡ StrikePackageGPT
AI-powered security analysis platform combining LLM capabilities with professional penetration testing tools.
🎯 Overview
StrikePackageGPT provides security researchers and penetration testers with an AI assistant specialized in:
- Reconnaissance - OSINT, subdomain enumeration, port scanning strategies
- Vulnerability Analysis - CVE research, misconfiguration detection
- Exploit Research - Safe research and documentation of exploits
- Report Generation - Professional security assessment reports
🚀 Quick Start
Prerequisites
- Docker & Docker Compose
- 8GB+ RAM recommended (for local LLM)
- (Optional) OpenAI or Anthropic API key
Installation
-
Clone the repository
git clone https://github.com/mblanke/StrikePackageGPT.git cd StrikePackageGPT -
Configure environment (optional)
cp .env.example .env # Edit .env to add API keys if using cloud LLMs -
Start the services
docker-compose up -d -
Pull a local model (first time only)
docker exec -it strikepackage-ollama ollama pull llama3.2 -
Access the dashboard
Open http://localhost:8080 in your browser
📦 Services
| Service | Port | Description |
|---|---|---|
| Dashboard | 8080 | Web UI with Chat, Terminal, and Scans tabs |
| HackGPT API | 8001 | Security-focused API with scan management |
| Kali Executor | 8002 | Docker SDK command execution |
| LLM Router | 8000 | Multi-provider LLM gateway |
| Ollama | 11434 | Local LLM inference |
| Kali | - | Security tools container |
🛠️ Security Tools
The Kali container includes:
- Reconnaissance: nmap, masscan, amass, theHarvester, whatweb
- Web Testing: nikto, gobuster, dirb, sqlmap
- Exploitation: metasploit-framework, hydra, searchsploit
- Network: tcpdump, netcat, wireshark
Access the Kali container:
docker exec -it strikepackage-kali bash
🤖 LLM Providers
StrikePackageGPT supports multiple LLM providers:
| Provider | Models | API Key Required |
|---|---|---|
| Ollama | llama3.2, codellama, mistral | No (local) |
| OpenAI | gpt-4o, gpt-4o-mini | Yes |
| Anthropic | claude-sonnet-4-20250514, claude-3-5-haiku | Yes |
📖 Usage Examples
Chat with the AI
Ask security-related questions in natural language:
- "Explain how to use nmap for service detection"
- "What are common web application vulnerabilities?"
- "How do I enumerate subdomains for a target?"
Terminal Access
Execute commands directly in the Kali container from the Terminal tab:
- Real-time command output
- Command history with up/down arrows
- Whitelisted tools for security
Security Scans
Launch and monitor scans from the Scans tab:
- nmap - Port scanning and service detection
- nikto - Web server vulnerability scanning
- gobuster - Directory and DNS enumeration
- sqlmap - SQL injection testing
- whatweb - Web technology fingerprinting
Quick Analysis
Use the sidebar buttons to start guided analysis:
- 🔍 Reconnaissance - Plan your information gathering
- 🛡️ Vulnerability Scan - Assess potential weaknesses
- 💉 Exploit Research - Research known vulnerabilities
- 📄 Generate Report - Create professional documentation
⚠️ Legal Disclaimer
This tool is intended for authorized security testing only. Always:
- Obtain written permission before testing any systems
- Follow responsible disclosure practices
- Comply with all applicable laws and regulations
- Use in isolated lab environments when learning
The developers are not responsible for misuse of this software.
🔧 Development
See Claude.md for development guidelines.
# Rebuild after changes
docker-compose up -d --build
# View logs
docker-compose logs -f
# Stop all services
docker-compose down
📄 License
MIT License - See LICENSE for details.
🤝 Contributing
Contributions welcome! Please read the development guidelines in Claude.md before submitting PRs.