v0.4.0
Pre-release
Overview
Good news everyone! There's a new (and long overdue) new version of hackingBuddyGPT out!
The big changes for this release are @Neverbolt's rework of the logging/configuration system and @Qsan1's new prototype that enables small LLMs to perform linux priv-esc attacks. The next use-case is already being prepared and will be in the next release.. stay tuned.
To summarize the big changes:
-
@Neverbolt did extensive work on the configuration and logging system:
- Overwork of the configuration system
- Added a visual and live web based log viewer, which can be started with
wintermute Viewer - Updated the configuration system. The new configuration system now allows loading parameters from a .json file as well as choosing which logging backend should be used
-
@lloydchang with @pardaz-banu, @halifrieri, @toluwalopeoolagbegi and @tushcmd added support for dev containers
-
@jamfish added support for key-based SSH access (to the target system)
-
@Qsan1 added a new use-case, focusing on enabling linux priv-esc with small-language models, to quote:
- Added an extended linux-privesc usecase. It is based on 'privesc', but extends it with multiple components that can be freely switch on or off:
- Analyze: After each iteration the LLM is asked to analyze the output of that round.
- Retrieval Augmented Generation (RAG): After each iteration the LLM is prompted and asked to generate a search query for a vector store. The search query is then used to retrieve relevant documents from the vector store and the information is included in the prompt for the Analyze component (Only works if Analyze is enabled).
- Chain of thought (CoT): Instead of simply asking the LLM for the next command, we use CoT to generate the next action.
- History Compression: Instead of including all commands and their respective output in the prompt, it removes all outputs except the most recent one.
- Structure via Prompt: Include an initial set of command recommendations inquery_next_command
- Added an extended linux-privesc usecase. It is based on 'privesc', but extends it with multiple components that can be freely switch on or off:
I thank all our contributors (and hopefully haven't forgotten too many). Enjoy!
What's Changed
- docs: fix CLI errors, use PascalCase args by @lloydchang in #85
- feat: add gpt-4o, gpt-4o-mini, o1-preview, o1-mini by @lloydchang in #89
- feat: add GitHub Codespaces support by @lloydchang in #88
- docs(README.md): fix typo by @lloydchang in #91
- fix(.gitignore): ignore temporary codespaces ansible files by @lloydchang in #92
- Mac target localhost container via gemini openai proxy by @lloydchang in #94
- docs(README.md): add Mac use case by @lloydchang in #95
- fix: reorganize scripts by @lloydchang in #96
- docs: move Codespaces docs to CODESPACES.md, add gemini by @lloydchang in #98
- Semantic logging #75 by @Neverbolt in #79
- update development branch with changes in main by @andreashappe in #99
- Update README.md with anti scam message by @Neverbolt in #103
- Add SSH Key Auth [Follow-up] by @jamfish in #108
- Merge RAG usecase into HackerBuddy by @Qsan1 in #111
- New Argument Parsing by @Neverbolt in #113
- Development by @andreashappe in #115
New Contributors
- @lloydchang made their first contribution in #85
- @jamfish made their first contribution in #108
- @Qsan1 made their first contribution in #111
Full Changelog: v0.3.1...v0.4.0
