RamiGPT is an AI-powered offensive security agent designed to pwn root accounts. Leveraging PwnTools and OpwnAI capabilities, RamiGPT navigated the privilege escalation scenarios of several systems from VulnHub, getting root access in less than a minute.
| Task Description | Source | Elapsed Time in Seconds | Model |
|---|---|---|---|
| symfonos5 | https://www.vulnhub.com/entry/symfonos-52,415/ | 50.521 | gpt-5-mini |
| Escalate Linux 1 | https://www.vulnhub.com/entry/escalate_linux-1,323/ | 12.827717 | gpt-3.5-turbo |
| Nyx 1 | https://www.vulnhub.com/entry/nyx-1,535/ | 10.044392 | gpt-3.5-turbo |
| Venom: 1 | https://www.vulnhub.com/entry/venom-1,701/ | 09.669650 | gpt-3.5-turbo |
| digitalworld.local: TORMENT | https://www.vulnhub.com/entry/digitalworldlocal-torment,299/ | 09.729105 | gpt-3.5-turbo |
| digitalworld.local: DEVELOPMENT | https://www.vulnhub.com/entry/digitalworldlocal-development,280/ | 09.911129 | gpt-3.5-turbo |
| Tiki: 1 | https://www.vulnhub.com/entry/tiki-1,525/ | 10.166464 | gpt-3.5-turbo |
| hacksudo: L.P.E. | https://www.vulnhub.com/entry/hacksudo-lpe,698/ | 09.846106 | gpt-3.5-turbo |
| DC: 2 | https://www.vulnhub.com/entry/dc-2,311/ | 09.660332 | gpt-3.5-turbo |
| DevGuru: 1 | https://www.vulnhub.com/entry/devguru-1,620/ | 10.354190 | gpt-3.5-turbo |
| serial: 1 | https://www.vulnhub.com/entry/serial-1,349/ | 09.617828 | gpt-3.5-turbo |
| Dina: 1.0.1 | https://www.vulnhub.com/entry/dina-101,200/ | 09.685389 | gpt-3.5-turbo |
| Autonomous - Hostname:pehost, Server:None, Username:zeus | Link | 10.363169 | gpt-3.5-turbo |
| Autonomous - Hostname:pehost, Server:None, Username:zeus | Link | 09.944443 | gpt-3.5-turbo |
To use RamiGPT's capabilities, you'll need an OpenAI API key. Follow these steps to obtain and configure your key:
- Create an Account: Visit OpenAI and sign up for an account if you don't already have one.
- Apply for API Access: Navigate to the API section and apply for access. You might need to provide details about your intended use case.
- Get Your API Key: Once approved, you will receive an API key.
- Copy the
.env.exampleFile: In the root directory of the RamiGPT project, copy the file.env.exampleand name it.env.cp .env.example .env - Add Your API Key: Open the
.envfile and add the following line:ReplaceOPENAI_API_KEY=your_api_key_hereyour_api_key_herewith the API key you obtained from OpenAI.
Before running the project, ensure you have installed:
- Docker
- Docker Compose
- OpenAI key
Clone the repository and launch the Docker containers:
git clone https://github.com/M507/RamiGPT.git
cd RamiGPT
docker compose up -dAccess the application at: https://127.0.0.1:5001
Ensure the following are installed:
- Python 3 and pip
- OpenAI key
Clone the repository and prepare the environment:
chmod +x ./generate_certs.sh
./generate_certs.sh
pip3 install -r requirements.txt
python3 app.pyAccess the application at: https://127.0.0.1:5000
RamiGPT integrates several tools for privilege escalation enumeration, including:
- BeRoot: A tool for identifying common privilege escalation vectors in Windows environments.
- LinPEAS: A script that audits Linux environments for potential misconfigurations and vulnerabilities.
These tools are automatically employed or recommended by RamiGPT depending on the target environment.
For example, to capture a flag:
For example, executing BeRoot and feeding the results to the AI:
RamiGPT is intended solely for educational and authorized security testing. Use it responsibly and only on systems where you have explicit permission to conduct tests.