An IDA PRO plugin to help in finding vulnerabilites in binaries.
Use IDA PRO HexRays decompiler with OpenAI(ChatGPT) to find possible vulnerabilities in binaries
Disclaimer, possible replies while trying to find binary vulnerabilites using an AI may lead to false positives, however it has worked in many CTFs I have worked on (simple/medium ... some hard)
Inspired by Gepetto : https://github.com/JusticeRage/Gepetto
Drop python script on IDA Pro Plugin location.
Right click on decompiled code , select "Find possible vulnerability in function"
Well do a little bit of static, rename variables/functions, create structs if need be add some FLIRT ... i mean help your AI out :)
Windows (PowerShell)
Temporary (current PowerShell window only):
$env:OPENAI_API_KEY = "sk-your-key-here"
$env:OPENAI_BASE_URL = "https://api.openai.com/v1"
Then launch IDA from the same window so it inherits the variable:
& "C:\Program Files\IDA Pro 9.0\idat64.exe"
Persistent (for your user account):
setx OPENAI_API_KEY "sk-your-key-here"
setx OPENAI_BASE_URL "https://api.openai.com/v1"
➡️ Close PowerShell and restart IDA (apps only see new env vars on next start).
Check it:
Windows (Command Prompt / cmd.exe)
Temporary (current cmd only):
set OPENAI_API_KEY=sk-your-key-here set OPENAI_BASE_URL=https://api.openai.com/v1 "C:\Program Files\IDA Pro 9.0\idat64.exe"
Persistent (user env):
setx OPENAI_API_KEY "sk-your-key-here" setx OPENAI_BASE_URL "https://api.openai.com/v1"
➡️ Restart IDA afterward.
Linux / macOS (bash/zsh)
Temporary (this shell only):
export OPENAI_API_KEY="sk-your-key-here" export OPENAI_BASE_URL="https://api.openai.com/v1" idat64
Persistent: Add to your shell profile and reload it (or open a new terminal):
export OPENAI_API_KEY="sk-your-key-here" export OPENAI_BASE_URL="https://api.openai.com/v1"