The AI takeover is in full force!
A whole range of AI-powered tools has flooded the technology market, and several are geared towards cyber security like Microsoft’s upcoming Security Copilot. These tools empower users to augment their workflow and elevate their output.
But how can you make the most of AI?
This article answers this question by looking at five ways you can use the popular ChatGPT application to help you create your own cyber security tools. This is a useful practice whether you are a SOC analyst, security researcher, or penetration tester. Custom tools allow you to fully understand the technology you are working with and improve the efficiency of your work.
Let’s jump in and learn how to harness the power of AI!
You can find an article I wrote about Microsoft Security Copilot at What Is Microsoft Security Copilot? A Comprehensive Guide.
Use Case #1: Doing Technical Research
A common requirement when creating your custom cyber security tools is to research the modules or libraries that you can use to help you accomplish a certain task. For instance, if you are programming a Python tool and need to process CSV files, then you will want to use the csv module.
Modules and libraries save you from creating code to solve a complex task when someone else has already done the hard work for you. This saves you time and energy, but you need to know what modules or libraries to include, and this takes some technical research.
ChatGPT provides you with easy access to the entire Internet. Just ask it a question and let the AI do the technical research for you.
What Python modules can I use for browser automation?
If you are creating a Python tool that performs browser automation but don’t know what Python modules can help you do this. Just ask ChatGPT.
Here ChatGPT does the research for you and compiles a list of several popular Python browser automation modules that you can use.
What Go libraries can I use to write command line tools?
If you are programming a Go project and need to know how to interact with the command line to get user input or display output, you can always ask ChatGPT.
ChatGPT is able to perform the technical research for you and produce a list of Go libraries that you can use to build interactive and efficient command-line applications in Go. It provides a brief description of each library so you can choose which one to incorporate into your project.
Use Case #2: Writing Code Snippets
Many Integrated Development Environments (IDEs) and other development tools come with code snippets. These are small, reusable portions of code that can be inserted into your coding projects to save you time implementing a commonly used element, such as a for loop or if statement. In fact, there are AI-powered tools like Github Copilot that use AI to generate code snippets.
You can use ChatGPT to create these code snippets and save time when creating your cyber security tools. When you ask ChatGPT to do so, it will often go above and beyond just simple code snippets, as you will see in the following examples
Be cautious with how much you ask of ChatGPT as it can occasionally get the code wrong, so make sure always to double-check the output.
Write a function to get user input in Python
If you are writing a tool that needs user input to function (e.g., an IP address, domain name, filename, or anything else), just ask ChatGPT to write you a function that can get this input. It will even tell you how to use the function in your code.
ChatGPT generates a Python function capable of receiving user input and returning this to your program’s main function. It also demonstrates how to use this function and provides a useful hint about data types.
Write a function to fuzz web applications in Go
If you are trying to test a web application for vulnerabilities, a common method is fuzzing. This involves sending random input values to an application to see if it misbehaves and reveals a vulnerability. You can use existing tools to do this or create your own.
A popular language to write cyber security tools that interact with the web is Go. To save you time writing your own fuzzing function, you can ask ChatGPT too.
ChatGPT creates an entire web fuzzing function in Go and explains how to use it. The AI-powered application also highlights two Go libraries dedicated to fuzzing that you could use in your project.
Use Case #3: Discovering Language-Specific Secure Coding Practices
Whenever you create a cyber security tool, you should use language-specific features that allow you to implement secure coding practices. These features vary between languages, and it can be difficult to remember them all.
Thankfully, ChatGPT can come to your rescue and remind you of the language features you can take advantage of to minimize the chances of your code containing vulnerabilities.
What are secure coding practices in Rust?
ChatGPT is very useful when learning a relatively new language like Rust. Many developers are unaware of the features this system programming language provides because it’s consistently adding new ones.
Luckily, you don’t need to keep up with the constant updates. Just ask ChatGPT what secure coding practices you can use for Rust.
Here ChatGPT identifies several Rust-specific languages that you can use to secure your Rust code. The language’s ownership and borrowing feature is of particular note as it allows you to eliminate many of the memory-related vulnerabilities found in other popular system programming languages like C or C++.
Use Case #4: Debugging Errors
On your programming journey, you will encounter many errors that you must investigate and debug to get your code working. The error messages generated by modern programming languages can sometimes be confusing and require you to research so you can understand the actual problem.
This is where ChatGPT can come to the rescue. You can ask ChatGPT what a certain error means or copy and paste the error message directly into ChatGPT’s prompt. The AI-powered application will do the heavy lifting for you and enlighten you on what the error means and how to fix it.
What does list index out of range mean in Python?
When you got to run your Python tool, the Python interpreter may throw you an error in its output that you don’t understand. This is often the case if you are new to the language and haven’t seen a certain type of error (or exception) before.
No need to worry. You can use ChatGPT to investigate the error. For example, you may encounter the error IndexError: list index out of range, and it may be confusing if you haven’t seen this error type before. Well, just prompt ChatGPT to answer what it means.
ChatGPT explains the error to you in a “human readable” manner and even provides a code example that would generate such an error. This allows you to learn what this error is and how to avoid it in the future.
You can even copy and paste the error messages directory into the ChatGPT prompt. However, this may not always generate the output you expect.
Use Case #5: Identifying Existing Tools
It is often difficult to come up with ideas when creating your own cyber security tools. You may lack inspiration for a tool idea, or you might not know how to implement a specific feature of your tool. A good place to draw inspiration from is the open-source community.
Open-source tools are software programs or applications that you can freely use, modify, and distribute. They are the perfect resource for any programmer to draw inspiration from and discover new ways to tackle complex problems. The only ask is if you know a way to improve the tool, you contribute back to the open-source project to benefit the community.
What are good open-source tools to check password strength?
If you are designing your own cyber security tool that checks the strength of passwords users enter, you can ask ChatGPT if there are similar open-source tools you could draw inspiration from. Then look up these tools on Github or Gitlab to view their source code.
Here ChatGPT lists several open-source tools you could use to check password strength or draw inspiration from when creating your own cyber security tool.
What are the open-source tools to check the security of my active directory environment?
Another example would be researching activity directory tools. Active directory is used by 90% of Fortune 1000 companies and is a prime target for attackers. It’s useful to try to create your own tools to enumerate or exploit this attack vector, and ChatGPT can help you find inspiration to do this using open-source tools.
ChatGPT produces a nice list of tools to check the security of active directory environments. I personally use the BloodHound tool to help me identify attack paths I could exploit when attacking an active directory domain.
Asking ChatGPT to list hacking tools won’t go well. The AI application is designed not to provide information that could be used for nefarious purposes or to break the law. As such, you must find workarounds to get the information you need, such as asking for “security tools to check.” To learn more, read Unlock ChatGPT for Hacking: Jailbreaking Ethical Restrictions.
AI is all the rage at the moment. You should ignore the noise and find ways AI can actually help you on a day-to-day basis.
I have found a whole range of AI-powered tools that I can use to augment my workflow and increase my efficiency exponentially. This includes tools for writing online, creating graphics, and performing research. I have yet to discover the next great cyber security tool, but if you read this article, you may create it using the tips discussed.
Good luck creating your own tools, and let me know if you find any other ways ChatGPT, or any AI-powered tool, can be used to help you in your development journey!