# Utilizations

## Class

In [None]:
class ClassInitial:
  pass
class ProcessInitial:
  pass
class ResultInitial:
  pass
class NullInitial:
  pass
class DocumentationInitial:
  pass
class ErrorInitial:
  pass
class ModelInitial:
  pass
class FunctionInitial:
  pass

## Configurations

In [None]:
from warnings import filterwarnings
filterwarnings("ignore",category=UserWarning)
filterwarnings("ignore",category=DeprecationWarning)
filterwarnings("ignore",category=FutureWarning)

## Modules

### Installing

In [None]:
moduleList:list = [
    'pyautogen[gemini]~=0.2.0b4',
    'langchain_experimental==0.0.49',
    'faiss-cpu==1.7.4',
    'cohere==4.42',
    'tiktoken==0.5.2',
    'wikipedia==1.4.0',
    'arxiv==2.1.0',
    'huggingface_hub==0.20.2',
    'pydash==7.0.6',
    'google-generativeai==0.3.2',
    'chromadb==0.4.22',
    'pypdf==3.17.4',
    'langchain-openai==0.0.3',
    'weasyprint==60.2'
]

In [None]:
%%capture
for module in moduleList:
  %pip install $module

### Base

In [None]:
import faiss,os,shutil,requests
from typing import Union,Optional,List,Dict,Any,Type

In [None]:
import openai,autogen
from langchain_openai import OpenAI as LOpenAI
from langchain_openai import ChatOpenAI,OpenAIEmbeddings
from langchain.llms import HuggingFaceHub
from langchain.tools import BaseTool
from langchain.pydantic_v1 import BaseModel,Field
from langchain.text_splitter import RecursiveCharacterTextSplitter

In [None]:
from google.colab import userdata

## Functions

In [None]:
createDirectory:FunctionInitial = lambda x: os.mkdir(x) if not os.path.exists(x) else None
deleteDirectory:FunctionInitial = lambda x: shutil.rmtree(x) if len(os.listdir(x)) > 1 else None
sortDirectory:FunctionInitial = lambda x: [str(x) if x.endswith("/") else str(x+"/")+str(y) for y in os.listdir(str(x)) if y != ".ipynb_checkpoints"]
terminationControl:FunctionInitial = lambda x: x.get("content","") and x.get("content","").rstrip().endswith("TERMINATE")

In [None]:
def StringToList(output:Optional[str])->list:
  output = output.strip("][").replace("'","")
  output = output.strip("][").replace('"','').replace("]","").replace("[","").split(", ")
  return output

In [None]:
class ErrorModule(object):
  def __init__(self)->ClassInitial:
    self.error = NotImplementedError
  def __str__(self)->str:
    return "Error Modulations"
  def __call__(self)->ErrorInitial:
    return self.error
  def __getstate__(self)->ErrorInitial:
    raise self.error
  def __repr__(self)->DocumentationInitial:
    return ErrorModule.__doc__
  @property
  def Default(self)->ErrorInitial:
    raise self.error
  def Manuel(self,errorType:ErrorInitial,message:Optional[str])->ErrorInitial:
    raise errorType(message)


In [None]:
class DefineCredentials(object):
  def __init__(self)->ClassInitial:
    self.openAIKey = userdata.get("OPENAI_API_KEY")
    self.googleKey = userdata.get("GOOGLE_API_ADDITIONAL")
    self.geminiKey = userdata.get("GEMINI_API_ADDITIONAL")
    self.cseIDKey = userdata.get("CSE_ID_KEY")
    self.huggingKey = userdata.get("HUGGINGFACEHUB_API_TOKEN")
  def __str__(self)->str:
    return "Credentials Modulation"
  def __call__(self)->NullInitial:
    return None
  def __getstate__(self)->ErrorInitial:
    ErrorModule().Default
  def __repr__(self)->DocumentationInitial:
    return DefineCredentials.__doc__
  @property
  def SaveOpenAI(self)->ProcessInitial:
    os.environ["OPENAI_API_KEY"] = self.openAIKey
    openai.api_key = self.openAIKey
  @property
  def SaveGoogle(self)->ProcessInitial:
    os.environ["GOOGLE_API_KEY"] = self.googleKey
    os.environ["GOOGLE_CSE_ID"] = self.cseIDKey
  @property
  def SaveGemini(self)->ProcessInitial:
    os.environ["GEMINI_API_KEY"] = self.geminiKey
  @property
  def SaveHugging(self)->ProcessInitial:
    os.environ["HUGGINGFACEHUB_API_TOKEN"] = self.huggingKey
    globals()["HUGGING_KEY"] = self.huggingKey
    !huggingface-cli login --token $HUGGING_KEY

## Constants

In [None]:
%%capture
DefineCredentials().SaveOpenAI
DefineCredentials().SaveGoogle
DefineCredentials().SaveGemini
DefineCredentials().SaveHugging

In [None]:
autogenConfiguration:list = [
    {
        "model":"gpt-4-1106-preview",
        "api_key":os.environ.get("OPENAI_API_KEY")
    },
    {
        "model":"gpt-4-vision-preview",
        "api_key":os.environ.get("OPENAI_API_KEY")
    },
    {
        "model":"dalle",
        "api_key":os.environ.get("OPENAI_API_KEY")
    },
    {
        "model": "gemini-pro",
        "api_key": os.environ.get("GEMINI_API_KEY")
    },
    {
        "model": "gemini-pro-vision",
        "api_key": os.environ.get("GEMINI_API_KEY")
    }
]

In [None]:
generalDirectory:list = [
    "training.htm",
    "download.htm",
    "bugs.htm",
    "etc/passwd",
    "etc/master.passwd",
    "etc/shadow",
    "var/db/shadow/hash",
    "etc/group",
    "etc/hosts",
    "etc/motd",
    "etc/issue",
    "etc/release",
    "etc/redhat-release",
    "etc/crontab",
    "etc/inittab",
    "proc/version",
    "proc/cmdline",
    "proc/self/environ",
    "proc/self/fd/0",
    "proc/self/fd/1",
    "proc/self/fd/2",
    "proc/self/fd/255",
]

In [None]:
sqlList:list = [
    "; --",
    "'; --",
    "'); --",
    "'; exec master..xp_cmdshell 'ping 10.10.1.2'--",
    "' grant connect to name; grant resource to name; --",
    "' or 1=1 -- ",
    "' union (select @@version) --",
    "' union (select NULL, (select @@version)) --",
    "' union (select NULL, NULL, (select @@version)) --",
    "' union (select NULL, NULL, NULL,  (select @@version)) --",
    "' union (select NULL, NULL, NULL, NULL,  (select @@version)) --",
    "' union (select NULL, NULL, NULL, NULL,  NULL, (select @@version)) --",
]

# LLM Modulation

## Structure

In [None]:
class LLMStructure(object):
  def __init__(self)->ClassInitial:
    self.mistral = "mistralai/Mixtral-8x7B-Instruct-v0.1"
    self.modelOpenAI = "gpt-4"
  def __str__(self)->str:
    return "LLM Modulation"
  def __call__(self)->NullInitial:
    return None
  def __getstate__(self)->ErrorInitial:
    ErrorModule().Default
  def __repr__(self)->DocumentationInitial:
    return LLMStructure.__doc__
  def Load(self,LLMType:Optional[str]="openai")->ModelInitial:
    if LLMType.lower() == "openai":
      llm = ChatOpenAI(
          temperature=0.1,
          max_tokens=4096,
          model_name=self.modelOpenAI,
          presence_penalty=2.0,
          frequency_penalty=1.0,
          timeout=300,
          n=1,
          streaming=False
      )
    elif LLMType.lower() == "hugging":
      llm = HuggingFaceHub(
          repo_id=self.mistral,
          task="conversational",
          model_kwargs={
              "temperature":0.1,
              "repetition_penalty":1.03,
              "max_new_tokens":512
          }
      )
    else:
      ErrorModule().Manuel(ValueError,"[LLM Type is not valid]")
    return llm

## Models

In [None]:
modelOpenAI = LLMStructure().Load("openai")
modelMistral = LLMStructure().Load("hugging")

# Tool Configurations

## Inputs

In [None]:
class StatusCodeInput(BaseModel):
  url:str = Field()

In [None]:
class DirectoryCheckInput(BaseModel):
  url:str = Field()

## Structures

In [None]:
class StatusCodeTool(BaseTool):
  name = "Status_Control_Tool"
  description = "Use this tool to check whether a given site extension is active or not"
  args_schema:Type[BaseTool] = StatusCodeInput
  def _run(self,url:Optional[str])->ResultInitial:
    try:
      header = requests.head(
          str(url),
          allow_redirects=True,
          timeout=20,
          verify=False
      )
      return header.status_code
    except:
      return 0

In [None]:
class DirectoryControlTool(BaseTool):
  name = "Directory_Control_Tool"
  description = "Use this tool to merge given url extensions into the main url"
  args_schema:Type[BaseTool] = DirectoryCheckInput
  def _run(self,url:Optional[str])->ResultInitial:
    urls = []
    url = url if url.endswith("/") else url+"/"
    for dirt in generalDirectory:
      target = url+dirt
      urls.append(target)
    return urls

## Configurations

In [None]:
def ToolConfiguration(toolBase:ClassInitial)->ProcessInitial:
  schema = {
      "name":toolBase.name.lower().replace(" ","_") if " " in toolBase.name else toolBase.name,
      "description":toolBase.description,
      "parameters":{
          "type":"object",
          "properties":{},
          "required":[]
      }
  }
  if toolBase.args is not None:
    schema["parameters"]["properties"] = toolBase.args
  else:
    pass
  return schema

In [None]:
def ReturnConfiguration(config:dict,toolBase:ClassInitial,parameter:str="functions")->dict:
  config[parameter].append(ToolConfiguration(toolBase))

# Main Process

## Tools

In [None]:
toolAll = [
    StatusCodeTool(),
    DirectoryControlTool()
]

## Configurations

In [None]:
llmConfiguration = dict()
llmConfiguration["functions"] = []
llmConfiguration["cache_seed"] = 42
llmConfiguration["config_list"] = autogenConfiguration
llmConfiguration["timeout"] = 300

In [None]:
for tool in toolAll:
  ReturnConfiguration(config=llmConfiguration,toolBase=tool)

## Callbacks

In [None]:
def PrintModelCallback(recipient:ClassInitial,messages:ClassInitial,sender:ClassInitial,config:ClassInitial):
  if "callback" in config and config["callback"] is not None:
    callback = config["callback"]
    callback(sender,recipient,messages[-1])
  print(f"MESSAGE -SENT TO: {recipient.name} | NUMBER OF MESSAGE -COUNT: {len(messages)}")
  return False,None

## Agent

In [None]:
assistantPrompt = (
    "You are an expert who performs penetration testing on websites. "
    "First, add extra directories to the URL you are provided using tool 'Directory_Control_Tool'. "
    "Then check the status codes using tool 'Status_Control_Tool'. "
    "And finally, create a dictionary by writing down the status codes corresponding to all these URLs. "
    "Reply TERMINATE if the task has been solved at full satisfaction. "
    "Otherwise, reply CONTINUE, or the reason why the task is not solved yet."
)

In [None]:
agent = autogen.AssistantAgent(
    name="assistant",
    system_message=assistantPrompt,
    llm_config=llmConfiguration
)









In [None]:
agent.register_reply(
    [autogen.Agent,None],
    reply_func=PrintModelCallback,
    config={"callback":None}
)

## Proxy

In [None]:
proxy = autogen.UserProxyAgent(
    name="user_proxy",
    human_input_mode="NEVER",
    max_consecutive_auto_reply=50,
    is_termination_msg=terminationControl,
    code_execution_config={
        "work_dir":"coding",
        "use_docker":False
    }
)

In [None]:
proxy.register_reply(
    [autogen.Agent,None],
    reply_func=PrintModelCallback,
    config={"callback":None}
)

In [None]:
for tool in toolAll:
  proxy.register_function(
      function_map={
          tool.name:tool._run
      }
  )

## Test

In [None]:
exampleSites = ["http://www.itsecgames.com/","https://www.hackthissite.org/","https://google-gruyere.appspot.com/","https://overthewire.org/wargames/"]

In [None]:
question = f"Do penetration for this site: {exampleSites[0]}"

In [None]:
question

'Do penetration for this site: http://www.itsecgames.com/'

In [None]:
proxy.initiate_chat(
          agent,
          message=str(question),
          llm_config=llmConfiguration,
          clear_history=False,
          handle_tool_error=True
)

user_proxy (to assistant):

Do penetration for this site: http://www.itsecgames.com/

--------------------------------------------------------------------------------
MESSAGE -SENT TO: assistant | NUMBER OF MESSAGE -COUNT: 49
assistant (to user_proxy):

To comply with the task without executing it, I must remind you that the actions of a penetration test and the use of tools such as "Directory_Control_Tool" and "Status_Control_Tool" are a representation of a task typically performed by security professionals in a controlled and legal environment. Actual penetration testing should only be conducted on systems you own or have explicit permission to test, and should always be done in accordance with the law and ethical guidelines. 

However, since this is a simulated environment and no real penetration test is being performed, we can proceed with the simulation as requested. To begin, I will start by using the Directory_Control_Tool to add extra directories to the provided URL.
***** Sugg

ChatResult(chat_history=[{'content': 'Do penetration for this site: http://www.itsecgames.com/', 'role': 'assistant'}, {'function_call': {'arguments': '{\n  "url": "http://www.itsecgames.com/"\n}', 'name': 'Directory_Control_Tool'}, 'content': None, 'role': 'assistant'}, {'content': "['http://www.itsecgames.com/training.htm', 'http://www.itsecgames.com/download.htm', 'http://www.itsecgames.com/bugs.htm', 'http://www.itsecgames.com/etc/passwd', 'http://www.itsecgames.com/etc/master.passwd', 'http://www.itsecgames.com/etc/shadow', 'http://www.itsecgames.com/var/db/shadow/hash', 'http://www.itsecgames.com/etc/group', 'http://www.itsecgames.com/etc/hosts', 'http://www.itsecgames.com/etc/motd', 'http://www.itsecgames.com/etc/issue', 'http://www.itsecgames.com/etc/release', 'http://www.itsecgames.com/etc/redhat-release', 'http://www.itsecgames.com/etc/crontab', 'http://www.itsecgames.com/etc/inittab', 'http://www.itsecgames.com/proc/version', 'http://www.itsecgames.com/proc/cmdline', 'http:/