🛡️Setting Up Chisel

Why should I allow Pentest Copilot to connect to my subnets?

Using Chisel(https://github.com/jpillora/chisel) allows Pentest Co-Pilot to establish connection with any machine that your device is connected to. This means that the targets which are not available on the Internet, say a local server, or a whole internal network can be then targeted by the Pentest Co-Pilot. This also means you can outsource the computing to the cloud while targeting local networks.

Note: This also means that any VPN session you are connected to can also be used by Pentest Copilot therefore lab environments like TryHackMe and HackTheBox can also be targeted.

Steps to Connect your machine to the Pentest Copilot

1. Navigate to https://copilot.bugbase.in/login and login.

2. Start a session which will spin up a private instance of the Pentest Copilot for you.

3. Open a terminal in the GUI session and type in chisel server -p <PORT> --reverse ( You can use nohup or the ampersand[&] symbol to run it in the background indefinetly )

4. Open a terminal window on your local machine and setup a chisel client for a socks proxy chisel client <Instance-IP>:<Chisel-PORT> R:9050:socks

5. Update the /etc/proxychains.conf or /etc/proxychains4.conf on the GUI session to show socks5 127.0.0.1 9050 at the very end instead of socks4 127.0.0.1 9050

6. Ensure that the connection has been successfully made and continue with the session.

It is essential that the chisel connection is maintained properly otherwise Pentest Co-Pilot wont be able to obtain the proper outputs from the tools it runs.

What if I want to use Pentest Copilot on targets which are publicly available?

You can of course have public targets as well, however you would still need to let Pentest Copilot connect to your machine so that all the traffic that is being generated at the target has the source IP as your device's IP (local or VPN) for better OPSEC.