HackGPT Enterprise is a production-ready, cloud-native AI-powered penetration testing platform designed for enterprise security teams. It combines advanced AI, machine learning, microservices architecture, and comprehensive security frameworks to deliver professional-grade cybersecurity assessments.
Created by Yashab Alam
π° Support the Project: Donate to HackGPT Development | Help us build the future of AI-powered penetration testing!
- 7 AI Providers: OpenAI, Anthropic (Claude), Google (Gemini), DeepSeek, GLM (Zhipu), Local LLMs (Ollama), OpenRouter
- 26+ AI Models: GPT-5, GPT-5.6, o3, o4-mini, Claude Sonnet 5, Opus 4.8, Gemini 3.5 Flash, 3.1 Pro, DeepSeek R1, and more
- Runtime Model Switching: Change AI models on-the-fly with automatic provider fallback
- Machine Learning: Pattern recognition, anomaly detection, behavioral analysis
- Zero-Day Detection: ML-powered vulnerability discovery and correlation
- Risk Intelligence: CVSS scoring, impact assessment, exploit prioritization
- Automated Reporting: Executive summaries, technical details, compliance mapping
- Advanced SOC Engine: Multi-format log parser/normalizer, IOC extraction, MITRE ATT&CK technique mapping
- Sliding-Window Correlation: Real-time event grouping, deduplication, and multi-stage attack timeline reconstruction
- Statistical Anomalies: Z-score volume profiling, off-hours execution, and IP/host diversity tracking
- Incident Response Playbooks: AI-driven IR response guidelines customized per attack vector
- SIEM Connectors: Native connectors for Splunk (HEC & searches), IBM QRadar (Ariel AQL), Elasticsearch, and customizable Webhooks
- Authentication: RBAC + LDAP/Active Directory integration
- Authorization: Role-based permissions (Admin, Lead, Senior, Pentester, Analyst)
- Compliance: OWASP, NIST, ISO27001, SOC2, PCI-DSS frameworks
- Audit Logging: Comprehensive activity tracking and forensics
- Data Protection: AES-256-GCM encryption, JWT tokens, secure sessions
- Microservices: Docker containers with Kubernetes orchestration
- Service Discovery: Consul-based service registry
- Load Balancing: Nginx reverse proxy with auto-scaling
- Multi-Cloud: AWS, Azure, GCP deployment support
- High Availability: Circuit breakers, health checks, failover
- Parallel Processing: Celery-based distributed task execution
- Multi-Layer Caching: Redis + memory caching with TTL management
- Database: PostgreSQL with connection pooling and replication
- Real-Time: WebSocket dashboards with live updates
- Auto-Scaling: Worker pools adapt to workload demands
- Dynamic Reports: HTML, PDF, JSON, XML, CSV export formats
- Real-Time Dashboards: Prometheus + Grafana monitoring stack
- Log Analytics: ELK stack (Elasticsearch + Kibana) integration
- Executive Summaries: AI-generated business impact assessments
- Compliance Reports: Framework-specific compliance documentation
- Operating System: Linux (Ubuntu/Debian/RHEL/CentOS), macOS, or Windows WSL2
- Python: 3.8+ with pip and virtual environment support
- Docker: For containerized deployment (recommended)
- Resources: Minimum 4GB RAM, 20GB disk space
# Clone the repository
git clone https://github.com/yashab-cyber/HackGPT.git
cd HackGPT
# Run enterprise installer (sets up all services)
chmod +x install.sh
./install.sh
# Configure environment
cp .env.example .env
# Edit .env with your API keys and settings
nano .env
# Verify installation
python3 test_installation.py# Activate virtual environment
source venv/bin/activate
# Run enterprise application
python3 advance_hackgpt.py# Start REST API server
python3 advance_hackgpt.py --api
# API available at: http://localhost:8000
# Health check: http://localhost:8000/api/health# Start web dashboard
python3 advance_hackgpt.py --web
# Dashboard available at: http://localhost:8080# Deploy complete microservices stack
docker-compose up -d
# Services:
# - API Server: http://localhost:8000
# - Web Dashboard: http://localhost:8080
# - Monitoring: http://localhost:9090 (Prometheus)
# - Analytics: http://localhost:3000 (Grafana)
# - Logs: http://localhost:5601 (Kibana)# Run immediate assessment
python3 advance_hackgpt.py \
--target example.com \
--scope "Web application and API" \
--auth-key "ENTERPRISE-2025-AUTH" \
--assessment-type black-box \
--compliance OWASPgraph TD
A[Load Balancer/Nginx] --> B[HackGPT API Gateway]
B --> C[Authentication Service]
B --> D[AI Engine Service]
B --> E[Exploitation Service]
B --> F[Reporting Service]
B --> SOC[SOC Analysis Service]
C --> G[LDAP/AD]
D --> H[OpenAI API]
D --> H2[Anthropic API]
D --> H3[Google Gemini API]
D --> H4[DeepSeek API]
D --> H5[GLM / Zhipu API]
D --> H6[OpenRouter API]
D --> I[Local LLM / Ollama]
D --> J[ML Models]
E --> K[Parallel Processor]
F --> L[Report Generator]
SOC --> S1[Splunk HEC/Search API]
SOC --> S2[IBM QRadar Ariel API]
SOC --> S3[Elasticsearch Query DSL]
SOC --> S4[Webhook Alerts]
K --> M[Celery Workers]
M --> N[Redis Queue]
B --> O[PostgreSQL]
B --> P[Redis Cache]
Q[Prometheus] --> R[Grafana]
S[Elasticsearch] --> T[Kibana]
| Service | Purpose | Port | Technology |
|---|---|---|---|
| hackgpt-app | Main application | 8000, 8080 | Python/Flask |
| hackgpt-soc | SOC & SIEM Correlation Engine | - | Python / Log Normalizer |
| hackgpt-worker | Background tasks | - | Celery |
| hackgpt-database | Data persistence | 5432 | PostgreSQL 15 |
| hackgpt-redis | Cache & queues | 6379 | Redis 7 |
| prometheus | Metrics collection | 9090 | Prometheus |
| grafana | Monitoring dashboard | 3000 | Grafana |
| elasticsearch | Log aggregation | 9200 | Elasticsearch |
| kibana | Log visualization | 5601 | Kibana |
| consul | Service discovery | 8500 | Consul |
| nginx | Load balancer | 80, 443 | Nginx |
The configuration file supports 200+ options across multiple categories:
[app]
debug = false
environment = production
max_sessions = 100
[database]
url = postgresql://hackgpt:hackgpt123@localhost:5432/hackgpt
pool_size = 20
backup_enabled = true
[ai]
default_model = gpt-5
default_provider =
openai_api_key = your_key_here
anthropic_api_key = your_key_here
google_api_key = your_key_here
enable_local_fallback = true
confidence_threshold = 0.8
[security]
secret_key = your_secret_here
jwt_algorithm = HS256
rate_limit_enabled = true
[ldap]
server = ldaps://your-ldap-server.com:636
bind_dn = cn=admin,dc=example,dc=com
[compliance]
frameworks = OWASP,NIST,ISO27001,SOC2,PCI-DSS
auto_compliance_check = true
[cloud]
docker_host = unix:///var/run/docker.sock
service_registry_backend = consulOver 100 environment variables for enterprise deployment:
# Core Services
DATABASE_URL=postgresql://hackgpt:hackgpt123@localhost:5432/hackgpt
REDIS_URL=redis://localhost:6379/0
# AI Configuration β Multi-Provider
HACKGPT_MODEL=gpt-5 # Any model from ai_engine/model_registry.py
OPENAI_API_KEY=your_openai_api_key
ANTHROPIC_API_KEY=your_anthropic_api_key
GOOGLE_API_KEY=your_google_api_key
DEEPSEEK_API_KEY=your_deepseek_api_key
GLM_API_KEY=your_glm_api_key
OPENROUTER_API_KEY=your_openrouter_api_key
LOCAL_LLM_ENDPOINT=http://localhost:11434
# Security
SECRET_KEY=your_secret_key
JWT_SECRET_KEY=your_jwt_secret
LDAP_SERVER=ldaps://your-ldap.com:636
# Cloud Providers
AWS_ACCESS_KEY_ID=your_aws_key
AZURE_SUBSCRIPTION_ID=your_azure_id
GCP_PROJECT_ID=your_gcp_project
# Monitoring
PROMETHEUS_ENDPOINT=http://localhost:9090
GRAFANA_API_KEY=your_grafana_key
ELASTICSEARCH_ENDPOINT=http://localhost:9200Enterprise Features:
- AI-powered OSINT automation
- Multi-source data aggregation
- Threat intelligence correlation
- Cloud asset discovery (AWS, Azure, GCP)
- Tools: theHarvester, Amass, Subfinder, Shodan API
Enterprise Features:
- Parallel distributed scanning
- Service fingerprinting with ML classification
- Vulnerability correlation across assets
- Zero-day pattern detection
- Tools: Nmap, Masscan, Nuclei, HTTPx, Naabu
Enterprise Features:
- CVSS v3.1 automated scoring
- Business impact analysis
- Exploit availability assessment
- Compliance framework mapping
- Tools: OpenVAS, Nexpose integration, custom scanners
Enterprise Features:
- Safe-mode exploitation with approval workflows
- Privilege escalation enumeration
- Lateral movement mapping
- Data exfiltration simulation
- Tools: Metasploit, CrackMapExec, BloodHound, custom exploits
Enterprise Features:
- Executive dashboard with KPIs
- Technical vulnerability details
- Compliance gap analysis
- Risk prioritization matrix
- Outputs: HTML, PDF, JSON, XML, compliance reports
Enterprise Features:
- Automated remediation verification
- Regression testing for fixes
- Continuous security monitoring
- Trend analysis and metrics
- Features: Scheduled retests, delta reporting
# Interactive enterprise mode
python3 advance_hackgpt.py
# Available options:
# 1. Full Enterprise Pentest (All 6 Phases)
# 2. Run Specific Phase
# 3. Custom Assessment Workflow
# 4. View Reports & Analytics
# 5. Real-time Dashboard
# 6. User & Permission Management
# 7. System Configuration
# 8. Compliance Management
# 9. Cloud & Container Management
# 10. AI Engine Configuration# Start API server
python3 advance_hackgpt.py --api
# Available endpoints:
# GET /api/health - Health check
# POST /api/pentest/start - Start assessment
# GET /api/sessions - List sessions
# GET /api/reports/{id} - Get report
# POST /api/users - User management
# GET /api/compliance - Compliance status# Start web dashboard
python3 advance_hackgpt.py --web
# Features:
# - Real-time assessment monitoring
# - Interactive vulnerability management
# - Executive summary dashboard
# - User and role management
# - System configuration
# - Compliance reporting# Voice command mode
python3 advance_hackgpt.py --voice
# Supported commands:
# "Start enterprise assessment of example.com"
# "Show compliance dashboard"
# "Generate executive report"
# "Scale worker pool to 10"- Multi-Factor Authentication: LDAP/AD + JWT tokens
- Role-Based Access Control: Granular permissions matrix
- Session Management: Secure session handling with timeout
- API Security: Rate limiting, CORS, input validation
- Encryption: AES-256-GCM for data at rest
- Transport Security: TLS 1.3 for data in transit
- Key Management: Automated key rotation
- Audit Logging: Comprehensive activity tracking
| Framework | Coverage | Reports | Automation |
|---|---|---|---|
| OWASP Top 10 | β Full | β Yes | β Automated |
| NIST Cybersecurity Framework | β Full | β Yes | β Automated |
| ISO 27001 | β Partial | β Yes | β Semi-automated |
| SOC 2 | β Partial | β Yes | β Semi-automated |
| PCI DSS | β Partial | β Yes | β Manual |
- System Metrics: CPU, memory, disk, network utilization
- Application Metrics: Request rates, response times, error rates
- Security Metrics: Vulnerability counts, risk scores, remediation rates
- Business Metrics: Assessment coverage, compliance scores
- Email Alerts: Critical vulnerabilities, system issues
- Slack Integration: Real-time notifications to security teams
- Webhook Support: Custom integrations with SIEM systems
- Dashboard Alerts: Visual indicators and notifications
# Access Grafana dashboard
http://localhost:3000
# Login: admin / hackgpt123
# Pre-configured dashboards:
# - HackGPT System Overview
# - Assessment Performance Metrics
# - Vulnerability Trend Analysis
# - User Activity Dashboard
# - Compliance Status Overviewfrom ai_engine import get_advanced_ai_engine, list_all_models, get_available_providers
# Initialize with a specific model
engine = get_advanced_ai_engine(model_id='claude-sonnet-5')
# Switch models at runtime
engine.set_model('gemini-3.5-flash')
# List all 26+ available models
for model in engine.list_available_models():
status = "β
" if model['available'] else "β"
print(f"{status} {model['display_name']} ({model['provider']})")
# Check available providers
for provider in get_available_providers():
print(f"{provider['name']}: {provider['model_count']} models")# Add custom compliance framework
from security.compliance import ComplianceFrameworkMapper
mapper = ComplianceFrameworkMapper()
mapper.add_framework('CUSTOM', {
'sql_injection': 'SEC-01',
'xss': 'SEC-02',
# ... custom mappings
})# Deploy to Kubernetes cluster
kubectl apply -f k8s/# Deploy to AWS
python3 advance_hackgpt.py --deploy aws
# Deploy to Azure
python3 advance_hackgpt.py --deploy azure
# Deploy to GCP
python3 advance_hackgpt.py --deploy gcp# Unit tests
pytest tests/unit/
# Integration tests
pytest tests/integration/
# End-to-end tests
pytest tests/e2e/
# Security tests
bandit -r .
safety check# Install development dependencies
pip install -r requirements-dev.txt
# Pre-commit hooks
pre-commit install
# Code formatting
black .
flake8 .
mypy .# Initialize swarm
docker swarm init
# Deploy stack
docker stack deploy -c docker-compose.yml hackgpt# Create namespace
kubectl create namespace hackgpt
# Deploy applications
kubectl apply -f k8s/
# Scale workers
kubectl scale deployment hackgpt-worker --replicas=10# ECS deployment
aws ecs create-cluster --cluster-name hackgpt
aws ecs create-service --service-name hackgpt-api# ACI deployment
az container create --resource-group hackgpt --name hackgpt-api# GKE deployment
gcloud container clusters create hackgpt-cluster
kubectl apply -f k8s/# Check PostgreSQL status
systemctl status postgresql
docker logs hackgpt-database
# Test connection
python3 -c "from database import get_db_manager; print(get_db_manager().test_connection())"# Check Redis status
redis-cli ping
docker logs hackgpt-redis
# Clear cache
redis-cli FLUSHALL# List available AI models and providers
python3 -c "from ai_engine import list_all_models; [print(m.display_name, m.provider.value) for m in list_all_models()]"
# Test provider connectivity
python3 -c "from ai_engine.providers import ProviderFactory; print(ProviderFactory.get_available_providers())"
# Check local LLM (Ollama)
ollama list
ollama run llama3.3:70b# Check Celery workers
celery -A performance.parallel_processor inspect active
# Restart workers
docker-compose restart hackgpt-worker# Database optimization
python3 -c "from database import optimize_database; optimize_database()"
# Cache warming
python3 -c "from performance.cache_manager import warm_cache; warm_cache()"
# Worker scaling
docker-compose up --scale hackgpt-worker=10This project is licensed under the MIT License with additional enterprise terms:
- Commercial Use: Permitted with attribution
- Enterprise Support: Available through support channels
- Compliance: Tool usage must comply with applicable laws
- Liability: Limited liability for enterprise deployments
- Enterprise Support: yashabalam707@gmail.com
- Technical Issues: https://github.com/yashab-cyber/HackGPT/issues
- Feature Requests: https://github.com/yashab-cyber/HackGPT/discussions
- Security Issues: yashabalam707@gmail.com
- WhatsApp Business: Join Channel
- Implementation: Custom deployment and configuration
- Training: Security team training and certification
- Custom Development: Feature development and integration
- 24/7 Support: Enterprise support packages available
| Metric | Value |
|---|---|
| Total Lines of Code | 15,000+ |
| Enterprise Dependencies | 90+ |
| Configuration Options | 200+ |
| Environment Variables | 100+ |
| Docker Services | 12 |
| Supported Compliance Frameworks | 5 |
| Penetration Testing Tools | 50+ |
| API Endpoints | 25+ |
| Deployment Platforms | 6+ |
- Multi-provider AI support (OpenAI, Anthropic, Google, DeepSeek, GLM, Local, OpenRouter)
- 26+ model catalog with runtime switching
- Provider fallback chain and automatic detection
- ML-based false positive reduction
- Integration with popular SIEM systems
- Streaming responses from all providers
- Automated penetration testing workflows
- Advanced cloud security assessments
- Integration with CI/CD pipelines
- Fully autonomous security assessments
- Advanced AI attack simulation
- Quantum-safe cryptography
- Next-generation threat detection
-
Lead Developer & Founder: Yashab Alam - @yashab.alam | LinkedIn
-
AI/ML Engineer: Enterprise AI Team
-
Security Engineer: Enterprise Security Team
-
DevOps Engineer: Enterprise Infrastructure Team
-
π¬ WhatsApp: Business Channel
- OpenAI for GPT-5 and o-series API access
- Anthropic for the Claude model family
- Google DeepMind for Gemini models
- DeepSeek, Zhipu AI (GLM), and OpenRouter
- Ollama team for local LLM support
- Docker & Kubernetes communities
- Security research community
- Open source tool developers
Your donations help accelerate development and support the growing cybersecurity community:
Cryptocurrency Donations (Recommended):
- Solana (SOL):
5pEwP9JN8tRCXL5Vc9gQrxRyHHyn7J6P2DCC8cSQKDKT - Bitcoin (BTC):
bc1qmkptg6wqn9sjlx6wf7dk0px0yq4ynr4ukj2x8c
Traditional Payment:
- PayPal: yashabalam707@gmail.com
- Email: yashabalam707@gmail.com
π Full Donation Information: DONATE.md - Support tiers, funding goals, and recognition programs
HackGPT Enterprise is designed for authorized security testing only:
- β Authorized Use: Only use against systems you own or have explicit written permission
- β Compliance: Follow all applicable laws, regulations, and industry standards
- β Responsible Disclosure: Report vulnerabilities through proper channels
- β Documentation: Maintain audit trails and documentation
- β Unauthorized Use: Never use against systems without permission
- β Malicious Activity: Not for criminal or malicious purposes
The developers and contributors are not liable for misuse of this platform.
Made with β€οΈ by Yashab Alam for enterprise security teams worldwide
β Star us on GitHub | π° Support Development | π Get Support | π€ Contribute | π License
π¬ WhatsApp Business | πΎ Discord Channel
Founder & Lead Developer: Yashab Alam
π§ GitHub |
πΈ Instagram |
π¦ X (Twitter) |
πΌ LinkedIn |
π§΅ Threads
Email Contacts:
π§ yashabalam9@gmail.com | π§ yashabalam707@gmail.com