EVERY HACKER needs to use THIS TOOL! Shell GPT Kali Linux Tutorial 🐚
Vložit
- čas přidán 19. 05. 2024
- In this video we will look at a program that can be used to integrate ChatGPT into Kali Linux, namely Shell GPT. Shell GPT can be used to convert our natural language into shell commands, i.e. ChatGPT interprets our requests and generates suitable commands from them. In addition, Shell GPT can explain error messages and program outputs to us. Since the API of OpenAI is used in the background, you need an API key to use Shell GPT. I’ve already created a video explaining how to create an OpenAI API Key. You can find the video in the video description down below. We will now take care of the setup that is necessary to use Shell GPT in Kali Linux.
#chatgpt #shellgpt #pentesting
00:00 | What is Shell GPT?
00:25 | OpenAI API Key
00:47 | Install JQ
01:25 | Install Shell GPT
02:17 | Start sgpt from everwhere
03:01 | Persistence
03:30 | How does Shell GPT work?
04:47 | Shell GPT example usage
Commands used in this video
► sudo apt install jq
► pip install shell-gpt
► cd .local/bin
► python sgpt
► python sgpt "Hello"
► export PATH=$PATH:~/.local/bin:/usr/bin/python3
► sgpt
► nano ~/.bashrc
► source ~/.bashrc
► sgpt --shell "Scan the target 10.0.2.17"
I've created a video on how to fix the "wrong API key problem".
czcams.com/video/bqSFxDI2DFk/video.html
I hope it helps :)
What's the difference between Shell Gpt and open interpreter?
Shell GPT costs money. I will make a video on Open interpreter soon!@@marilynlucas5128
Can you just find a way to use a Local open souce LLM? Its beyond Weird to trust Bill Gates Anything on a Kali system!
@@rev.jonathanwint6038"trust bill gates Anything on a kali system". This makes no sense. And if you don't trust someone on your computer, just use a password. You complete F@@L! Wow, smh...
@@rev.jonathanwint6038 This would just be wonderful. @sudosecurity
People be making neg comments and still have L lives.
Many of them didn't even know it existed till your video. W for this man you really make learning easier.
Thank you bro, ❤much love from Nigeria 🇳🇬
Looks like an interesting option for learning
You're the man for bringing this to the people!
Thank you very much :)
That is very interesting and useful. Thanks Sir.
You're welcome!
Mmh yes, let's let openai know that you are planning to break the law. Nothing could go wrong :)
Haha, you can also use this for cyber defense purposes ;)
100% cap it safely translates natural language to cli commands. Way irresponsible to run commands you when aren’t sure what they do.
Great tool but potentially very dangerous... it reminds me a Tesla car slamming into a semi-truck "thinking" it's a underpass !?! 😮
@@projectsspecial9224what
Here’s a little secret… don’t break the law and you will be fine
sehr cool! weiter so :)
Thank you :)
I think it's worth pointing out that the latest Kali version uses Zsh now by default, not .bashrc. If you want the path to persist, edit the ~/.zshrc file NOT ~/.bashrc. Thanks for the video :)
Use a real shell lol. chsh -s /bin/bash
@@xlneoMAXlx Zsh for interactive shell. Bash for scripts. The autocomplete feature is very useful in my opinion. But whatever works for you man.
You're welcome and thanks for this additional information
This is a great tool awesome video! Subbed and liked!
Thank you and welcome on board :) I hope you will enjoy my video series "Ethical Hacking with ChatGPT" coming up soon.
Wow! very interesting thanks a lot bro
You're welcome 🙂
Thats awsome video, one of best kali tutorials i ever seen
Really? Thank you very much :)
have solved the problem. If you follow the instructions today. However, you still have to change the model, which is currently gpd 4 as the default model, you have to change it to 3.5 turbo then everything works as you described
How did you change the model?
In the terminal open nano /home/kali/.config/shell_gpt/.sgptrc like in the videoczcams.com/video/bqSFxDI2DFk/video.html. Your default model is = -4-
and you have to set it to -3.5-turbo. You can also see it in this video.@@magicmatt316
In the terminal open nano /home/kali/.config/shell_gpt/.sgptrc like in the videoczcams.com/video/bqSFxDI2DFk/video.html. Your default model is = -4-
and you have to set it to -3.5-turbo. You can also see it in this video.@@magicmatt316
In the terminal open nano /home/kali/.config/shell_gpt/.sgptrc like in the videoczcams.com/video/bqSFxDI2DFk/video.html. Your default model is = -4-
and you have to set it to -3.5-turbo. You can also see it in this video.@@magicmatt316
In the terminal open nano /home/kali/.config/shell_gpt/.sgptrc like in the videoczcams.com/video/bqSFxDI2DFk/video.html. Your default model is = -4-
and you have to set it to -3.5-turbo. You can also see it in this video.@@magicmatt316
Great info thanks :-)
You're welcome :)
Ok that's amazing. Holy eff this is going to change my linux life forever lol
another hardworker like me.
Yes ;)
That particular task isn't breaking the law. Also, chatgpt seems to almost need it spelled out that you are doing something wrong (ethically or illegally) before it knows to block the action (or generated info).
many thanks for the video, I was struggling with my Kali VM on my UTM M2 Mac, which does not allow the UTM to use the shared clipboard (and copy paste), so I had to type everything by hand :) Quick question though: why do you think my sgpt answers with the "map" command instead of nmap for "scan the target xx.xx.xx.xx" request?
You're welcome.
I don't know :D
Nice ..Thanks..
If you used a wrong or an outdated API key, you can do the following to fix this:
- Open /home/kali/.config/shell_gpt/.sgptrc (under Kali Linux)
- Edit the line "OPENAI_API_KEY=..." and add your API Key there.
If you're not working on Kali Linux and don't know, where Shell GPT ist installed, use the following command:
- sudo find / name ".sgptrc"
After that, you can proceed just like before.
Is the API_KEY free ?
Or does it require you to have ChatGPT plus or something?
free @@wrightian5291
Bro this video made your channel grow faster💞🎉congrats
Yes, I'm very happy about it, trank you :) I hope most of the viewers will stay.
@@sudoSecurity yup they will stay bro❤️you're awesome
there is also open interpreter which writes and executes python code using gpt 3.5, gpt 4, or any open source model running locally
That's right, a video on this tool will follow soon.
thank you 🤗
You're welcome!
can this be run with a local model like LM studio in server mode? afaik, i'd have to put api_base = localhost/... but i don't know where that could be
I don't think so. But I guess, if you have a local LLM on your PC, you can write a Python program that acts like Shell GPT. I'm going to publish Python tutorials soon, so I will take this into consideration.
This is so impressive, But I'm waiting on that self installing version...
Maybe Q* will do this 😅
Your german accent hacked my brain :D
Sorry, I'm working on it :(
You know how I would do this? Instead of adding the stuff to PATH, I would add "alias sgpt='python ~/.local/bin/sgpt'" to my .bashrc because I like using nano to edit my .bashrc.
Also a good idea :)
That's a easy and quick way, but tread lightly with aliases as that's a common place to inject some executable malware, not that it's a bad idea, I've done this especially with tools I planned to use frequently in a session.
Or just make a symlink from sgpt to /usr/bin there are so many possibilities...
I prefere open interpreter or the github cli copilot tool
These are also very good tools.
The API Key is like leaving loads of breadcrumbs for the authorities 👍
Then don't give the authorities a reason to follow the breadcrumbs 👍
savage, lol@@sudoSecurity
How did you get your shell to display the "error" message like that?! I dig that. Gotta be a way with OhMyZsh yeah?
It's the basic zsh Shell with the latest version of Python installed.
imagine if you could substitute this with your own local quantized llm
I'm working on it :)
You got a sub from me for the great info thanks 🎉
Thank you and welcome on board ;)
One more
Thank you :) I hope you will enjoy my upcoming series "Ethical Hacking with ChatGPT" ;) @@nemanja12D
I would like to use LM studio as the source for this , how wouold I change the server address to the LM studio address?
I guess, that it is better to use "Open Interpreter" in that case. I'm not quite sure if Shell GPT can use different LLMs.
Is there any way to do this with llama.cpp or autogptq local models?
I'm trying to figure it out, but in the mean time you could write a Python program that translates your requests into shell commands using a prompt like
"Translate the following requirement into a shell command: {user_input}"
for the llama model.
@@sudoSecurity good idea. i also looked into it and decided the best course of action was to write an api endpoint for generation, then make a proxy on my other machine that redirects all requests to openai to my api endpoint instead.
i could have probably went to the repo and changed the endpoint manually, but oh well.
Every time I type Python sgpt "hello" I get a huge box with a lot of stuff in it. Above it says Traceback (Most recent call Last) and below it says Notfounderror: Error Code 404...
same, did they block it?
Does it work with other LInux distribution, like Mint or Arch?
Yes
Do you need to have a ChatGPT subscription to use the shell in Kali?
Yes, but I use it for other reasons than Shell GPT ;)
Can we use Ai in the terminal like …can we make Ai in the terminal then ask it to do something without us writing so much codes and use a lots of tools ? Can we develop Ai that can help you hack without long process?
It possible but with quantum engineering it going to be easier faster and more reliable
Imagine use gpt, kali and AR in street, how cool can be. (* - *)
:)
Shell gpt is going to socially engineer you😄
It's possible 😅 I will make a video on the security of ShellGPT soon.
Sir , I am using Manjaro Linux (Arch Linux) . How can i use The Command for That
By installing shell gpt
can u do this with docker?
I think so!
it says i didnt provide an api key in an authorization hearder using bear auth. how do i do that
czcams.com/video/bqSFxDI2DFk/video.html
Bro when I run the command pip install shell-gpt there is an error which says couldn't build wheels for tiktoken
Please consult StackOverflow or ChatGPT ;)
🎉
Authentication error after “python sgpt”. I’d entered the wrong api key and now it’s always an error.
Any ideas on how to fix it?
czcams.com/video/bqSFxDI2DFk/video.html&lc=Ugz2f_wID4nnlqORco94AaABAg
nice video very deutscher Accent
Thank you :)
It's because I am a Deutscher ;P
more exemples pls
Yes
where is the video down in the description you have talked about its only time stamps
I will publish it soon. Sorry, I'm currently planning into the future ;)
it's work on manjaro linux ??
I think so
now we need voice commands for shell gpt XD and where set.
:D I don't think that this is too difficult to implement ;)
any way pass this to a localllm without converting api calls?
I'm working on it. But I guess writing an own Python tool is less work ;)
I made a mistake and entered the wrong API key. How would I go about entering a new key?
Here you go czcams.com/video/bqSFxDI2DFk/video.htmlsi=Uca74nLXtFCdmnBK
Would love to see a personal AI created that can be used on the new PLAUS.
What is PLAUS?
Interesting? Yes, but...sending info on what I'm doing to openAI seems like the opposite of what I'd want out of my linux environment
I will do a follow up video on the security of Shell GPT and using OpenAI's API in general.
any guardrail will be triggered?
What do you mean by that?
Open interpreter makes this thing obsolete
I will test this soon and make an update video
Its Funny that "hackers" have to be explained how to change the PATH variable. :-D
;)
kannst du vielleicht auch ein Video auf Deutsch machen?
On my main channel.
When you order your AI to scan the target system, why you type this type of language I can't understand what are you typing there. Can you make it simple English language for running this tool
What language? This is Englisch.
@@sudoSecurity sir when you command Your AI to perform an nmap scan you type some language for scanning nmap this language I can't able to understand what you write
A, I see. Sorry for that! It's German and it says "Scan the target system 10.0.2.17"@@soumyajitnandy-s1-roll-417
@@sudoSecurity can you please set the language for English. Sir how to find the phone number of any person through his name or any social media accounts
For this video, I can't do that. But for future videos, I will.@@soumyajitnandy-s1-roll-417
where is link for video where you generate API Key
Well, simply follow the instructions on OpenAI's website.
What type of IP did you mention?
Local IP address
@@sudoSecurity thank you sir
I want to ask, why everything relative to AI require a openAI key... I am not dumb, but it is really dumb for everyone if they send everything including their command to openai.
Not everything related to AI in general requires an OpenAI API Key.
No one says, that you should send all your commands to OpenAI, especially if you're a professional. This tool is for entry level pentesters and those who start learning Ethical Hacking!
@sudoSecurity Of course I know this shellGPT is for the entry level of hacker, even you can say that is for very helpful for new linux users. As openAI is going to... "decay", if one day, I just use "if" and I guess you know what I mean... openAI is going to switch off their servers, all these kind of projects will follow it. We already have our local GPT server, why we cannot use our local GPT server to develop the AI project, instead of using openAI? I know that is not your fault, and I can say that is not even a fault. I am sorry about my personal emotional complain. orz
All right ;) I fully understand what you mean! It would be great, if there was a generic AI adapter, where you can simply link to another LLM, so that you only need an API key if you don't have a local GPT (or other) model. @@fenix20075
@@sudoSecurity I have seen some projects' config file allow to change of the access link of openAI, and allow the user to change the link to another server, so users can directly change the link to apply as local GPT server setting.
api key video not in description
Well, simply follow the instructions on OpenAI's website.
I got the 404 client error : not found for url
The error message already tells you what to do ;)
Exactly the same problem for me, have you already found a solution?
Where is gpt available for purchase
OpenAI
I did put a wrong API key and now it doesn't work anymore what should i do?
put the right API key in
yeah I pasted something in but couldnt tell if it submitted or not now its giving me an API error even though I have a fresh key
Simply set an environment variable $OPENAI_API_KEY with your API key. I hope it helps.
I have another solution!
If you used a wrong or an outdated API key, you can do the following to fix this:
- Open /home/kali/.config/shell_gpt/.sgptrc (under Kali Linux)
- Edit the line "OPENAI_API_KEY=..." and add your API Key there.
If you're not working on Kali Linux and don't know, where Shell GPT ist installed, use the following command:
- sudo find / name ".sgptrc"
After that, you can proceed just like before.
I've created an update video :) czcams.com/video/bqSFxDI2DFk/video.html
Dont see any link to a video about API keys or any video on your channel
The video will follow up soon! I'm already planning into the future ;)
ineresting bu i don have API
You can use "Open interpreter" instead
So you can say the term “script kiddie” is out. Now it's "Ai-kiddie"...
first
Here is your prize: 🏆
Hate to break it to u man, to anyone that doesn’t know to shell code, this gpt won’t do much good, they won’t know what they had tasked the machine to do.
That's why you can use the command [D]escribe ;) But I admit, it is mich better to learn shell commands from the ground up.
OpenAi using this way to train their AI... COPYRIGHT FREE.. 😂
😬
Lol this cannot be refuted ... 😅
My says missing string PROMPT
What's you input?
Api key is free for everyone?
Yes?
Openai api are not cheap
I've used this tool many times and in over one month I have still 19$ from my 20$ API usage left. "Cheap" is relative ...
@@sudoSecurity Actually i talking about api when you use in ai created chat bot in your website for public
This doesnt work? All I get is error 429
Too Many Requests!
@@sudoSecurity what should i do to solve this ? because even im facing the same issue while trying - python sgpt "hello"
I can't run it
Why? What's the problem?
Here's why you SHOULD NOT use this. OpenAI basically logs everything you send to them, including prompts, IP address etc. Now you are using your own api key, making you very easily detectable. If you do something funny with this, well they will know. That's not what you want. If you want AI model - run open source model on your local env, fine-tune it, whatever, just don't use something like that, if you are acting as a red teamer
This tool is NOT for illegal purposes. It's for beginners in the pentesting world and for this reason, it is good.
@@sudoSecurity sure thing! I'm not saying anyone should do anything illegal. But let's face the ugly truth - most beginners do exactly that. They come to channels like yours, to "learn to hack", and no matter how many times you tell them, "Do not try this at your neighbor" they will do it anyway. And that kind of action, like openly communicating with OpenAI with your own API Key is just a target practice for authorities. Good video, just IMO running pre-trained and fine-tuned model locally is way better - first because you can train it to do whatever you want and second you will learn a lot doing this
@sudoSecurity except people won't use it for learning they will use it a crutch and since report writing is a big part they won't even understand what they are actually doing
Where us the video to generate the open ai key i dont see it?
It's very simple, just visit OpenAI, create an account and follow the steps
@@sudoSecurity i keep getting a 429 error have you experience this
As a proof of concept this is neat but in practical terms this is absolutely awful. API key is traceable along with timestamps via logs of every single thing parsed by the key, giving a timeline to establish not only modus operandi but also motive while essentially having a neon sign flashing above your head that says I'M HACKING AND I DON'T KNOW WHAT I'M DOING.
Please keep this contained to local systems only that you yourself manage for proof of concept and/or teaching methods and don't actually try this on real targets or you're going to have a bad time.
Stolen API keys are a thing though just like people use stolen cars to commit crimes. Not saying to do it just saying you can easily get over the traceable part of the API key doesn’t belong to you
@@fokyewtoob8835He gets it. Or you wait for a local model.
@@fokyewtoob8835 and best to mention for any lowlife that would fuck up someone elses like that deserves all the karma they will get.
lol things are getting serious
This is so tedious to use.
Why? Depends on what you want to use it for
@@sudoSecurity maybe for newbies ok to learn commands when inside a terminal, but for writing a complex script not. Copilot does a better job.
Real hackers don't need chatgpt 😂 only idiots do!
And real hackers don't call themselves "hackers" ;)
@sudoSecurity exactly! 🤣🤣🤣🤣🤣 Mr chat gpt
22h2
?
@@sudoSecurityWindows update version
are you really going to hack someone via openai api? damn well boy i guess that will be short career
This video and Shell GPT are for educational purposes only.
sure :)
Nice try, FBI.
😂
Kali Linux has traces
?
@@sudoSecurity I’m saying kali Linux has trackers
waste!
?
Stop wasting your time on this and install open interpreter which is way more sophisticated than this.
I'll do another video on this as well.
@@sudoSecurity Awesome! i will wait and watch it!!👍🏻👏🏻
it is useless in my country
why?
@@sudoSecurity Because I cann't even register an account on openai. openai restricted my country but i'm using Llama in my daily uses & other open source AI
Wast of time....
Why?
Wtf? You think hackers should exchange their command line input with the powers trying to oversee infosec? Oh cmon
It's for beginners in the area of pentesting. On top of that, you should not use this for illegal purposes.
for me there is "no such file or directory: /.local/bin" - I created a directory called bin in .local but this one's just empty then :D any help appreciated
The directory .local should already be on your computer.
@@sudoSecurityyes, but /bin isn‘t
Are you making also Videos in German?
Yes, you will find them on my main channel "Florian Dalwigk".
Super
cd ~/.local/bin command returns with cant find path '/home/kali/~/.local/bin'
Check ls
bash: cd: /root/.local/bin: No such file or directory
czcams.com/video/bqSFxDI2DFk/video.html