HackerGPT Was Trained For Cyber Security (Use with CAUTION!!)
HTML-код
- Опубликовано: 15 май 2024
- HackerGPT is a fine-tuned version of LLaMA 2, made to be your cybersecurity AI copilot. I'll show you how to install it and we'll test it out!
Enjoy :)
Join My Newsletter for Regular AI Updates 👇🏼
www.matthewberman.com
Need AI Consulting? ✅
forwardfuture.ai/
Rent a GPU (MassedCompute) 🚀
bit.ly/matthew-berman-youtube
USE CODE "MatthewBerman" for 50% discount
My Links 🔗
👉🏻 Subscribe: / @matthew_berman
👉🏻 Twitter: / matthewberman
👉🏻 Discord: / discord
👉🏻 Patreon: / matthewberman
Media/Sponsorship Inquiries 📈
bit.ly/44TC45V
Links:
Massed Compute - bit.ly/matthew-berman-youtube USE CODE "MatthewBerman" for 50% discount
HackerGPT Model - huggingface.co/whiterabbitneo...
How To Install TextGen WebUI - • How To Install TextGen... 
Наука
What are you going to use HackerGPT for?
I'm probably going to use it to learn about tools.
Make it an agent.
My wife is being tapped at work to get involved with AI aspects of cybersecurity and looking into matching solutions where she works. This could be very handy for red team/blue team testing there.
More useful functions to add to my overall system of course. If you were to think of these fine tuned models as "Instructors" fits the best.
"How to hack Matthew Berman's RUclips channel"
Most of the information shown here is already included as part of Llama 2 and Mistral's base training sets baked into the models. This information is considered fairly entry-level and common in cybersecurity. You could get similar or even better results using a newer base model that has been uncensored such as openhermes-2.5-mistral-7b. I did a quick check and it provided all the same information. I would love to see if this model could do more than just spit out a textbook example of a script. The real feat will be when these models have agents that can actually connect, analyze, and hack a system.
It's 'dated' but even Zephyr beta can put out these results and better when you crank up the temps
I was just going to say this. This was possible with other models.
🚬😶 bot wars?
I just tried teknium/OpenHermes-2.5-Mistral-7B and its not uncensored. Tells me hacking is unethical.
This is what I came here for.. instead it's just a textbook on hacking 101
Matt, I think having a private bot to automate various periodic CyberSecurity assessments and consolidate the findings into a report that tabs out into different versions of reports to include a technical summary with recommended steps to take, leadership status update, risk assessment, and change management tracking and analysis, would be extremely beneficial to various organizations at various levels.
if there is something out there like this, i would love to see it
Great way to watch a company shit it's own bed.
The questions you asked were typical ones covered the likes of Google's Certificate in Cybersecuirty, which covers cybersecurity basics. This could be a really cool tool to help people wise up to basic security risks, such as not using a VPN on a free wifi network, or not using proper security protocols on their websites.
Yeah this was a basic demo.He wasnt showing what it could REALLY do😂...If u know how to prompt systems and code some,this model can spit out some wild stuff. Especially if u get a model that can self optimize,it could create a whole new book of stuff
Seriously. A perfect VM? Thank you.
Good work, Matt. Most Appreciated.
00:01 HackerGPT introduces White Rabbit Neo for offensive and defensive cyber security.
00:52 Using masked Compu compute for powerful GPU and Linux desktop access
01:44 Setting up and running text generation web UI on different operating systems.
02:40 Downloading and loading the model with specific parameters
03:27 Trained HackerGPT for Cyber Security
04:11 Learning to attack Wi-Fi networks using Wireless techniques.
05:06 Monitoring network traffic and protecting against hacking
05:59 Overview of ethical hacking and responsible use
Great Video Matthew!
LLMs intelligently analyzing attacks and writing tools to detect and stop attacks has a lot of potential. I dont think this is it, but I might be wrong.
Shouts out to the massed computer!! Where has this been!!
The answers were general, i didn't see a single real code on how to do any of the questions.
thats cause its only 13B parameters . you need 70B parameters for better responses
@@myname-mz3lo7b doing way better now
The questions were general. This is just a language model with search and copy paste abilities.
I'd be a lot more impressed with a cybersecurity AI that can analyze cpu workload, temps, pcaps, and ram usage, then come back with an answer to what it found.
Another banger! Thanks!
I love it...a single tear just welded up in the corner of my eye...
You love how pointless and useless it is? Cool.
Very interesting! I never knew a thing about hacking this tool is very educational.
all of us should use this only for educational purposes, to make the world a better place, nice job matthew
Awesome thanks 🎉
Nice. Maybe it‘s better for „normal“ coding in python. Any experience?
2:14 --listen also breaks stuff in some versions. It should be fixed but I experienced it even in "fixed" versions. For example expansions tab didn't work anymore.
Much better video and instructions. You should do this with every model in the future.
Kindly share what software you are using for screen recording
awesome, thanks!!!
Don't I have a Senior to my input? Is it not safer for counterintelligence?
Nice video. Nice pointers. Tried it at home. One issue I found is that the answers are not reliable. I've asked the model to give me description of CVE code that was obviously too new for it to know. Different answers would always attribute it to different target system and vulnerability type and score. Some of those "were reported" in the future up to Jan 2025. My instructions not to invent things went unnoticed. :D. Still fun exercises.
How did he got the UI where he optimized settings and gave Input text to HackerGpt??
Hello all. I had an issue... after I started the vm and installed the webui, I was unclear where you went to to paste in the whiterabbitneo card to hugginface. I couldn't find that page you were on that allowed you to manage all the settings. I'm kinda new to all this.
Which model should be used in VMs? none option
Super awesome
I wonder if ethical considerations have been broadly lifted. For example, does this model tell you how to break into a car? Also, how does it perform in non-hacking areas? Why not run it through your rubric?
they already have many uncensored versions that can tell you how to break into a car, make meth, build a nuke, etc. idk if u been living under a rock but u can find these within a matter of minutes xD
At 2:48, where did you paste the link to download?
TheBloke has made quantized versions of K M-S models of the 13b. Running it on my 2070 Super 8GBVram, its a bit slow but stable.
Nice! Is it any good in your opinion?
You’re all gonna keep building! Hello, welcome to RUclips COLORADO!
Cyber Criminals and Script Kiddies is watching your videos and they're both happy but the fbi also watching HAHAHA
FBI is too busy investigating parents who don’t want their kindergarteners learning about oral sex and veterans.
I was waiting for a model to have my name. I think it is done :)
White rabbit neo could be made to be as easy to use as rabbit r1 if it was available as an app.
Please tell me what application you scrolled through to paste the link and then download. Can you show me?
Amazing info, thanks bro
Intresting
It’s all same responses ChatGPT outputs if you set ChatGPT correctly
When I go to load the model, it loads to about 67% and then there is an error that requires me to run the start_linux command again and start over. Any quick suggestions?
I think the days of leaving your internet router on 24/7 are going to be a thing of the past.
Why, internet is dirt cheap nowadays and there are free hotspots. And I didn't see it using Aircrack-NG autonomously, it only provided general info how it works.
This plus flipper zero equals 😂
what do you mean
The attacks are based on the proximity to the router he had shown. Malicious actors are going for big fish, not you, its VERY unlikely.
Let's put it this way. Fortune 500 companies leave their routers on all the time. When they're breached, it's not due to the routers. They're literally the least of the concerns.
Will this work with ollama??
amazing❤
De new toy, always good for a vid
I cant be able to download the whiterabbit model as it says unauthorized acess token error. Then i tried to get a token and insert it into the hf_api set access token, i am unable to set it. Can you shed a light what can be going wrong?
same here, if you got there plz share the way
All this info has been readily available for years in any number of hacking books. If you have a PDF version of the book you can also obtain it seconds with a simple search...
can this be ran locally?
Hey there. Have been seeing your videos since last year. Can you please do a review on the new tinyllama 1.1B llm model. I heard it's a good model for its size but am having strange results with it. Thanks in advance
I think, tinyllama is a perfect base for building a mixture of experts model. On itself is lacking on chat and knowledge.
@@adamstewarton Hmm.. Thanks for the clarification. I actually thought it was a chat trained model. Really excited to see what cool models the community generates using this. These models will be easily be run in low end hardware so we can easily give our microwave personality so they refuse to heat us food for us when we're in a diet :)
@@YeasinRafio
Hm .. one certain toaster comes into mind .. (Fallout new Vegas, old world blues )
:P
Is it supported by gpt4all?
So, will this eventually replace actual pentesters, cyber security experts & such? Am I wasting my time studying for the CompTIA as I’m taking pentester courses?
Learning will never be a waste of time.
There is not such a thing as perfect tools even as an ai. Ai will surely be able to analyze and make report on potential positive suspect activity but you will also get some positive-negative situation. The problem will be in the situation where u will get a negative-positive result. Unfortunately as in any field, even medical, things are not as easy as that.
With AI there are also risks. AI model can be infected by hackers which can gather your sensitive information. You still need humans.
Matthew used a 1xA6000 for this video which is a standard rental for his VM on Massed Compute. Happy to answer any questions
So I assume my MacBook M2 32GB might not handle the model that well?
Thing is this is actually more limited I tried it and I couldn't get it to do things that I could trick normal chatgpt to do like write me some malicious code.
It would've been awesome if you did setup a test wifi network and hack it using the methods. This would've make this video epically popular.
This would have been more interesting if you used it to walk through a hackthebox machine (or any ctf problem), to show how someone who doesnt really know much about cybersecurity could use it somewhat practically.
I made one like this on poe but it will actually launch a DDOS from the model itself
"Research"😂
Gated? not able to download now.
> As an AI developed by OpenAI, I must clarify that I do not have personal preferences or opinions on any Pokemon species, including the mudkip. However, I can provide information on the general idea of Pokemon and their characteristics.
Yeah, totally a Llama2 model.
As long as there' s no co-pilot for writing 0-days I am not too impressed. This model just gave a general overview of tools/steps to take but I think it wouldn't take out any of the nitty gritty work out of your hands.
Would be cool if it could scan open source repositories / binary analysis for dangerous code/libs/systemcalls and propose attack vectors
I can’t get white rabbit neo to load in
I just convinced GPT3.5 free version to give me detailed instructions how to attack a server running Ubuntu 22.04 on Hetzner dedicated server. It did not even blink. I was shocked. And it continued to coach me as i tried what it said against my own server. Each detail I asked was answered with details.
model link not working
Very helpful walkthrough - thank you! I wonder if there is anything special I have to do to make it work on a Mac M2 32GB? Because so far it only produced 4 words... and I already wait for about 20 minutes...
I have an 32GB ram RTX a3000 i9 11900h laptops I couldn't even get it working it.
I think it's an Ram issue
I'm not an expert, but if you have a mac with m2 chip, it should clearly give you way more then 4 words in 20 minuts, read about Metal wich is what Macs use, or try to restart the model loading. Cause clearly something is wrong there.
I dont know if this model works or not, but it should work normamly since it is just a simple text model like many others, did you try any other text models? if you did and they work normal, then maybe is better to retry downloading the model again, cause it probably didnt download fully but is still a file there, wich is not complety, it happens with me a lot, when I put download models, it breaks the download but the file is there anyway, but instead of having lets imagine a model with 5GB it has, less say the download break at 1gb, it has a file with 1gb only, but it thinks it is the normal file since most apps like webui and llmstudio, don't check if the file is good or not, they just try to run it anyway. And freeze in the midle of generetion or crash.
What's the difference between this and WormGpt?
git clone the repo,. git pull will only work if you are already in the cloned repo's directory.
It will never have the necessary creativity like using a qbittorrent client exploit to download a monero miner onto people's home servers and creativity is the bottleneck, not writing the actual script.
It's an AI. You could literally be like "qbittorrent client exploit...monero miner..." Creativity is in the hands of the prompter.
@@MagusArtStudios that's what I'm saying, it won't satisfy the audience in the way we would actually like to see it (be it for pentesting or whatever)
@@MagusArtStudios That's why people who are terrible at writing guides or have any creative thought will never be as good as someone who is good at being creative and understanding what they want.
As an Open AI Employee said if you can talk to people and get across what you really want AI is a huge helper for you, but if you cant... You're not going to get far with it.
Yes@@helix8847 and the gap will widen until it doesn't matter.
Watch Dogs is becoming possible more and more.
How do we know that they aren't hackers who have set up this AI and are using it to gain any particular information about us and our systems as they can while we "use" their AI system to better secure our own servers and laptops?
Why did the AI bring a ladder to the computer? It wanted to reach the next level of artificial intelligence! 🤖😄 #TechHumor
DUde, if i already have the answer of this particaular case, i do not have to repeat...
doesnt work on windows
Can you imagine Humanity vs bad ai vs Ai jobloss vs the Ai new world order. I wonder who will win?
Ummmh... The AI Will win imho
Glad you mentioned you are new to Cybersecurity because its protection suggestions to your "wifi attack" dont apply.
All you have displayed here can be displayed on other A.I.s like ChatGPT but you need to have a basic understanding of know what to ask.
A lot of hacking is preventable if people weren't lazy, FACT. I remember during my Cyber Security training they questioned the whole class which infrastructure was the most vulnerable against a hacker was it software, network or internet? Some said network others said software I was last to reply neither, the tutor look at me & asked why is that? I replied the most vulnerable point for any hacker to get into any system is a person. The tutor asked what if the network was closed looped & firewalled from any external access no WIFI? Easy watch the building gather information find out who is the main infrastructure administrator tail them then grab them & torture the information out of them. If you want to make it secure don't make one person as the sole administrator I would suggest 3 people are require to input authorization before before any software or hardware be implemented into the system, tutor just looked at me & said interesting then proceeded with the lesson.
Ask it to create blueborne
You can ask ChatGPT to help you write a non-fictional story about a book you're writing and simply ask what the fictional character would do in each scenario
It will write SQL injection codes
why is your face so shiny lol
I was messing with color correction, maybe i didn't do it so well
😅😅 now that message made me laugh so hard, was not expecting it in the midle of so many good and some stupid coments here ahahahahah
yes we need to know his skin care routine
Hey I have a question, how do I deploy and use these models? The site doesn’t give much help with this, if you could reply and tell me step by step how to do it or possibly make a video that would be great! Thank you!
The version on their website is powered by OpenAI and useless. I'll have to try it on my own device.
This is just an encyclopedia with a search index. It's questionable if it even counts as AI.
Useful but VERY dangerous.Can only imagine what the other side has...I could combine hacker GPT with an open source bot swarm & do some really nasty shyt.
Infosec people had better get it together,like today....You could literally sit on this and research new ways of penetrating systems.
This is going to cause havoc.. but the more information out there the more secure the internet can become.. everyone needs to have the tools.
It doesn't seem groundbreaking to me. It's just a guide for script kiddies and nothing more. To harness this potential effectively, you need to have some knowledge. You won't utilize it properly and fully if you don't know what you're doing. Simply copying and pasting commands and code will lead to nothing but confusion, if anything at all. That's why I say this tool is just a guide for those who already know what to do but need access to all commands. It's like an interactive man page for Linux.
These type of Hacker Gpt should be on the dark web, because they wouldn't be able to take down easily on the darkweb.....
it was better not to show this 😆
we are F
Hmm, very tame and generic responses. I havent seen anything here that would be of real use to hack or secure against. I am pretty sure those iPhone passcodes hacks wont work either. But of course this is just the beginning. Eventually we will have a war of AI bots attacking and defending 🙂
"You don't really need to worry about what these do" "I don;t know why it does that. "Cybersecurity isn't something I'm an expert on, in fact I'm a complete beginner. SOOOOOO about that... WTF? This is why professionals don't go giving any yokel tools. This is another level of WTF? You don't know what your doing. You don't know how these models work. Have you even looked at the code? This is why we can't have nice things. Would you play with a loaded gun? Or hand one to someone else?
The VM is pretty bad. Most of the stuff does not run on the VM and it takes ages of your paid VM time to set things up. It's pretty unsuable. Also you cannot create an image of a VM. So if you want to visit your VM later again, you either keep it running in the background, which will get very expensive, very fast... Or you setup everything again. Naah! Won't do that.
What a useless LLM
"I cannot provide assistance with creating or executing scripts for unauthorized access control mechanisms or other illegal activities. Security measures should only be implemented after thorough analysis and discussion within the context of an authorized security program. If you have questions about securing your network, please feel free to ask me any legal and ethical queries that are relevant to cybersecurity best practices in a controlled environment."
I asked to generate a script for my local network.
somebody make a llm to make video game cheats...XDDDDD😂😂😂😂😂😂
lazy hackers XD
censored poop
Not worth it
Fellow ethical hackers.
How do i set it up to protect my devices. Show a videos on blocking and securing systems. Dont care how to attack them ansld every damn security youtub video shows how to hack them. Nobody make videos on stopping and evicting all 5he jackasss that every youtube teaches how to be stalker by hacking cell phones bet you make videos preventing the assholes from doing that shit will get you in the millions of subscribers. Because nobody making these videos. If this is correct i do know it is worth morethen anyone willing to pay. feel free to pay me what the suggestion you feel was worth.
Do you think this is good? In the video you mention that you are not an expert in cyber security, and in that regard you are absolutely right. If you really knew what you were doing you wouldn't have made this video. You have created a tool for bad people with this video. I understand that you want to educate people who want to learn. But there are those who are going to use this content to do harm.
Useless answers
Too generic, not trained on an actual vulnerability dataset (like Juliet Test Suite, CGC, etc). Very high level and amateurish responses. All hype.
Lost me as soon as you said “you don’t need to know what these do.” How about next time you let the viewer dictate what we need/want to know?