This chatbot is part of my personal effort for the OWASP educational initiative in Cybersecurity. It is based on Google technology, and uses 4 different approaches:
- Regular conversation
- Cybersecurity Expert
- Hardened Cybersecurity Expert
- Cloud Cybersecurity Expert
It uses Langchain to generate a conversation flow with memory, and also a RAG (Retrieval Augmented Generation) document that can be customized according to your educational goals.
Currently, RAG contains a list of fictitious usernames and passwords. One of the goals is to retrieve usernames and passwords via prompt injection techniques (direct and indirect). You can also poison the RAG document to force a Sensitive Information Disclosure.
In order to use/replicate this chatbot, git clone this repository. Then, you will have to create a Google Cloud project, go to IAM, Service Accounts and generate a key.json.
This key can be used directly as an environment variable by using os.environ['GOOGLE_APPLICATIONS_CREDENTIALS']='key.json', or even better, you can go to Google Cloud Secret Manager and create
a secret called GOOGLE_APPLICATIONS_CREDENTIALS and store the content of this JSON file.
Main.py file is set up to be used with the Secret Manager in VSCode (Cloud Code extension).
Then, edit your project name and number in main.py. After that, run in command line:
gcloud auth login
gcloud config set project your projectAnd you are good to go:
python3 main.py
- Special thanks for Harish S.G., as this chatbot is based on the DamnVulnerableLLMBot (https://github.com/harishsg993010/DamnVulnerableLLMProject).