半自动化linux终端命令系统

1.反复调试生成GPT初始提示词

1.1.中文提示词:

“””

​ 我想要你充当一个kali linux自动化命令生成器,我会提出需要达到的目标。你会根据我提出的描述生成kali linux命令(root用户),,仅仅需要生成一条命令即可,如果需要执行多条命令,你可以先返回一条命令,我会将执行的结果以固定的json格式返回给你,你再根据执行的结果和我的描述再执行下一条命令,直到达成我提出的目标为止。我给你提供的内容是固定的json数据格式,具体格式为:{“goal”, “我会在这里提供我要你达成的目标任务,或者让你终止之前的任务重新开始新的目标,如果这里为空则继续执行之前的任务。”, “cmd_result”: “在这里会返回你上一条提供命令执行的结果,如果上一条消息没有命令,那么这里为空”,””}。你给我提供的内容必须以固定的json格式返回,具体格式为:{“cmd”: “在这里写kali linux命令,如何已经达成目标,这里可以不用写任何内容”, “cmd_description”, “在这里写该命令用来干什么,如果没有命令这里不用写任何内容”, “goal_result”, “当此条消息包含命令时,这里为空。当此条消息不包含任何命令,且已经通过上一条消息返回的命令执行结果,确认了已经达成相应目标时,这里才需要写入内容,内容显示我的目标结果,否则这里不需要写任何内容。”}。我的第一个目标:

“””

2.2.由于,GPT的英文识别能力更强,初始提示词翻译为英语:

“””

I want you to act as a Kali Linux automation command generator. I will present the goals I want to achieve. Based on my descriptions, you will generate Kali Linux commands (as root user). Only one command needs to be generated at a time. If multiple commands are required, you can return one command first, and I will provide the execution result in a fixed JSON format. Based on the result and my description, you can then execute the next command until the desired goal is achieved. The content I provide will be in a fixed JSON data format, with the specific format as follows: {“goal”: “I will provide the goal or instruct you to terminate the previous task and start a new one. If this field is empty, continue executing the previous task.”, “cmd_result”: “Here, the result of the previous command execution will be returned. If there was no command in the previous message, this field will be empty.”}. The content you provide to me must be returned in a fixed JSON format, with the specific format as follows: {“cmd”: “Write the Kali Linux command here. If the goal has already been achieved, you don’t need to write anything here.”, “cmd_description”: “Write what this command is used for here. If there is no command, you don’t need to write anything here.”, “goal_result”: “When this message contains a command, this section is empty. When this message does not contain any commands and the execution result of the command returned by the previous message has been confirmed to have achieved the corresponding goal, this section should be filled with content displaying my target result. Otherwise, there is no need to write anything here.”}. My first goal is:

“””

2.实现GPT生成kali linux命令模块

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import json
import requests
import uuid


class CommandBuilder:
    # 初始化命令终端配置文件包含,初始提示词,gpt接口地址,以及模型定义。
    def __init__(self, config_file):
        self.config_data = self.load_config(config_file)
        self.init_prompt = self.config_data["init_prompt"]
        self.GPT_URL = self.config_data["gpt_url"]
        self.model = self.config_data["model"]
        self.parent_message_id = str(uuid.uuid4())
        self.conversation_id = ""
        self.prompt = {}
        self.result_json = {}

    def load_config(self, config_file):
        with open(config_file, 'r', encoding='utf-8') as f:
            config_data = json.load(f)
        return config_data
	# 获取需要完成的目标,以及上一条命令执行的结果
    def generate_cmd(self, goal, cmd_result=""):
        self.prompt = {
            "goal": goal,
            "cmd_result": cmd_result
        }
        # 初始化请求体
        question = {
            "prompt": self.init_prompt + json.dumps(self.prompt),
            "model": self.model,
            "message_id": str(uuid.uuid4()),
            "parent_message_id": self.parent_message_id,
            "conversation_id": self.conversation_id,
            "stream": ""
        }
        self.init_prompt = ""
        response = requests.post(url=f'{self.GPT_URL}/api/conversation/talk', json=question)
        # 判断GPT是否请求成功
        if response.status_code == 200:
            response_json = response.json()
            message_json = response_json["message"]["content"]["parts"][0]
            self.result_json = json.loads(message_json)
            # 继承上条消息机制
            self.conversation_id = response_json["conversation_id"]
            self.parent_message_id = response_json["message"]["id"]
        else:
            print("Error:", response.status_code)
        return self.result_json

3.初始化主程序

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
from autoGPTAPI import CommandBuilder
import subprocess
# 定义配置文件路径
config = "config.json"
cb = CommandBuilder(config)
cmd_result = ""

# 确认操作静态函数
def confirm_action(prompt='确认执行此操作?(y/n): '):
    while True:
        user_input = input(prompt).lower()
        if user_input == 'y' or user_input == '':
            return True
        elif user_input == 'n':
            return False
        else:
            print("无效的输入,请输入 'y' 或 'n'.")


while 1:
    # 获取需要执行的任务
    goal = input("目标输入:")
    # GPT接口请求
    message = cb.generate_cmd(goal, cmd_result)
    cmd = message["cmd"]
    cmd_description = message["cmd_description"]
    goal_result = message["goal_result"]
    # 显示GPT返回信息
    if cmd:
        print("生成命令:" + cmd)
        print("命令描述:" + cmd_description)
    if goal_result:
        print("任务结果:" + goal_result)
    # 回显GPT生成的命令,确认是否执行该条命令,确保系统执行的安全性。
    if confirm_action("是否执行该条命令?(y/n):") and cmd:
        result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
        # 执行的结果返回给GPT,让其判断是否成功,不成功则会重新生成其他新的命令来达成目标
        cmd_result = result.stdout + result.stderr
        print(cmd_result)
    else:
        cmd_result = ""

4.定义JSON配置文件

1
2
3
4
5
 {
  "init_prompt": "I want you to act as a Kali Linux automation command generator. I will present the goals I want to achieve. Based on my descriptions, you will generate Kali Linux commands (as root user). Only one command needs to be generated at a time. If multiple commands are required, you can return one command first, and I will provide the execution result in a fixed JSON format. Based on the result and my description, you can then execute the next command until the desired goal is achieved. The content I provide will be in a fixed JSON data format, with the specific format as follows: {\"goal\": \"I will provide the goal or instruct you to terminate the previous task and start a new one. If this field is empty, continue executing the previous task.\", \"cmd_result\": \"Here, the result of the previous command execution will be returned. If there was no command in the previous message, this field will be empty.\"}. The content you provide to me must be returned in a fixed JSON format, with the specific format as follows: {\"cmd\": \"Write the Kali Linux command here. If the goal has already been achieved, you don't need to write anything here.\", \"cmd_description\": \"Write what this command is used for here. If there is no command, you don't need to write anything here.\", \"goal_result\": \"When this message contains a command, this section is empty. When this message does not contain any commands and the execution result of the command returned by the previous message has been confirmed to have achieved the corresponding goal, this section should be filled with content displaying my target result. Otherwise, there is no need to write anything here.\"}. My first goal is:",
  "gpt_url": "http://15.168.60.49:8018",
  "model": "gpt-3.5",
}

5.实机测试

5.1.基础命令测试

5.2.sql注入测试

5.3.端口测试

6.总结

​ 能用,只能用一点点,智能程度不高,对于复杂的命令就不行了,下次启用GPT4 API测试一下。