Web Security

SSL/TLS Security Analysis

Analyze SSL/TLS configurations to identify cryptographic weaknesses and protocol vulnerabilities.

SSL Scanning (sslscan)

Performs comprehensive SSL vulnerability scans on specified domains, retrieving supported protocols, cipher suites, and certificate information.

• Protocol Detection: Identifies supported TLS/SSL versions (TLS 1.0, 1.1, 1.2, 1.3)
• Cipher Suite Analysis: Lists available cipher suites and their strength
• Vulnerability Checks: Detects vulnerabilities like Heartbleed, POODLE, and BEAST
• Certificate Information: Evaluates certificate validity, expiration, and chain

Example Prompts:

Perform SSL Scan on juice-shop.hackergpt.app

Check SSL configuration for example.com

Is example.com vulnerable to heartbleed?

What TLS versions does target.com support?

Vulnerability Assessment

Discover and analyze known vulnerabilities using CVE databases and specialized scanning tools.

CVE Information Retrieval (cve_fetcher)

Fetch detailed information about known vulnerabilities by their CVE identifier.

• Retrieves comprehensive CVE details including description and severity
• Provides CVSS scores and impact metrics
• Correlates vulnerabilities with discovered services

Example Prompts:

Get details for CVE-2021-44228

What is the severity of CVE-2023-12345?

CVE Search (cve_search)

Search for CVE records related to specific software products and versions using the NIST NVD API.

• Finds all known vulnerabilities for a specific software version
• Helps identify potential security risks in your technology stack
• Returns detailed CVE information including severity ratings

Example Prompts:

Find all CVEs for OpenSSH version 9.1

Find all CVEs for Grafana 10.0

Search for Apache 2.4.49 vulnerabilities

Exploit Discovery (cve_exploit_fetcher)

Find publicly available exploit code or proof-of-concept scripts for known vulnerabilities.

• Locates exploit code for specified CVE IDs
• Returns relevant exploit files (Python, C, shell scripts)
• Helps with vulnerability validation and red teaming
• Excludes setup files and documentation to focus on core exploit logic

Example Prompts:

Find exploit script for CVE-2021-44228

Get proof-of-concept for CVE-2023-12345

WordPress Security Scanning (web_wpscan)

Specialized security scanner for WordPress websites to identify CMS-specific vulnerabilities.

• Plugin Enumeration: Discovers installed plugins and their vulnerabilities
• User Enumeration: Identifies WordPress users
• Theme Analysis: Checks for vulnerable themes
• Version Detection: Identifies WordPress core version

Example Prompts:

Scan WordPress site at example.com

Check for vulnerable plugins on my-wordpress-site.com

Enumerate users on target-wordpress.com

Browser Navigation & Network Logging

HackerGPT includes an intelligent browser that can navigate websites, capture network traffic, and interact with web applications for security testing.

Browser Control (navigation_engine_execute_instruction)

A unified browser control tool that executes both low-level commands and high-level semantic instructions for web application testing.

Low-Level Commands:

• GO_TO_URL https://example.com - Navigate to a URL
• SCAN - Get current page content
• WAIT 2 - Wait for specified seconds
• BACK - Navigate back in history

Semantic Instructions:

• Click buttons and links by description
• Fill out forms and input fields
• Extract specific data from pages
• Interact with dynamic web elements

Example Prompts:

Open browser at https://juice-shop.hackergpt.app

GO_TO_URL http://testphp.vulnweb.com/

Click the login button

Fill in the username field with "admin"

Extract all links from the current page

Browser Session Inspection (inspect_browser_session)

Retrieve the current state of the browser session including network logs, useful for analyzing requests and responses during security testing.

• Current URL: Shows the currently loaded page
• Page Title: Displays the page title
• Screenshot: Captures the current page state
• Network Logs: Filtered network traffic for analysis

Example Prompts:

Show me the current browser state

What network requests were made?

Inspect the browser session

HTTP Requests (curl)

Fetch data from URLs and test web application endpoints. Useful for directory traversal, API testing, and other web-based attacks.

• Supports complex HTTP/HTTPS request scenarios
• Facilitates web vulnerability probing
• Enables manual request crafting

Example Prompts:

Fetch the content of https://example.com/robots.txt

Check the response headers from target.com

Test directory traversal on /admin path

Common Workflows

Combine web security tools for comprehensive assessments.

Full Web Security Assessment

Perform a service discovery scan and find associated CVEs on testphp.vulnweb.com

Then follow up with:

Find exploit script for the discovered CVE

SSL Configuration Audit

Perform SSL Scan on target.com and check for outdated protocols

WordPress Security Audit

Scan the WordPress site at myblog.com for vulnerabilities

Web Application Testing with Browser

Open browser at https://juice-shop.hackergpt.app

Navigate to the login page and attempt SQL injection

Best Practices

• Always get authorization: Only test systems you have explicit permission to scan.
• Start with reconnaissance: Use fingerprinting tools before diving into vulnerability assessment.
• Validate findings: Use the browser and curl tools to manually verify discovered vulnerabilities.
• Check SSL regularly: SSL configurations can change; regular scans help maintain security.
• Keep WordPress updated: WPScan findings often highlight outdated plugins and themes.