Skip to main content

Overview

The AI chat assistant is available throughout Pwnbook to help with security research, methodology questions, payload crafting, report writing, and analysis. It understands the context of the platform and can help you work more efficiently without leaving the app. AI capabilities require at least one AI provider to be configured. See AI Providers for setup instructions.

Using the AI chat

From within an engagement

The AI assistant is accessible from any engagement via the AI Chat button in the engagement sidebar. When you open the chat from within an engagement, the assistant has context about the engagement — its targets, recent activity, and your current workspace. To start a conversation:
  1. Click AI Chat in the engagement sidebar.
  2. Type your message in the input field.
  3. Press Enter or click Send.
The assistant responds based on your query and the available context.

From the global chat

A global AI chat is available from the main navigation bar, outside of any specific engagement. This is useful for general security questions, research, or when you want to start fresh without engagement context.

Capabilities

The AI assistant can help with a wide range of security tasks:

Methodology guidance

Ask for step-by-step testing approaches for specific vulnerability classes, attack surfaces, or technology stacks.

Payload generation

Generate payloads for XSS, SQLi, SSRF, command injection, and other common vulnerability classes. Customize for specific contexts or WAF bypass.

Report writing

Draft finding write-ups, executive summaries, or remediation recommendations. Describe the vulnerability and the assistant drafts professional report language.

Code review

Paste code snippets and ask the assistant to identify security issues, insecure patterns, or misconfigurations.

Public vs. authenticated AI chat

Authenticated chat

When you’re logged into Pwnbook and use the AI chat from within the app, your session is authenticated. This enables:
  • Engagement context awareness
  • Conversation history saved to your account
  • Access to organization-specific configurations

Public AI chat

Pwnbook optionally exposes a public-facing AI chat that does not require a Pwnbook account. This is useful for:
  • Quick security questions without logging in
  • Sharing access with external reviewers
  • Marketing or demo use cases
The public AI chat does not have access to engagement data and maintains no persistent history.
Whether the public AI chat is enabled depends on your organization’s configuration. Server admins can enable or disable it from the admin panel.

Conversation history

Authenticated conversations are saved and accessible from the AI Chat history panel. To view past conversations:
  1. Click AI Chat in the navigation.
  2. Click History in the chat sidebar.
  3. Select any past conversation to resume it.
You can delete individual conversations or clear your full history from the history panel.

AI provider configuration

Pwnbook supports two AI providers:
ProviderModels
AnthropicClaude (recommended for security tasks)
OpenAIGPT-4 and compatible models
The AI provider used depends on what your organization’s administrator has configured. If multiple providers are available, you may be able to select which one to use in the chat settings. See AI Providers for information on adding API keys and configuring the default provider.

Data privacy

Do not send confidential client data, credentials, or personally identifiable information to the AI assistant. Queries are processed by the configured AI provider’s API (Anthropic or OpenAI) and are subject to their respective data processing terms.
For maximum control over data handling, consider:
  • Using self-hosted Pwnbook with API keys configured to your own provider accounts
  • Reviewing the data processing agreements with your chosen AI provider
  • Establishing internal policies about what types of data can be shared in AI queries