1. Introduction to AiPy#
AiPy is an open-source project under the Starlink program of Zhidao Chuangyu 404 Laboratory. AiPy enables large models to autonomously write programs to operate computers, databases, browsers, and all applications, creating an intelligent system with autonomous development, execution, and feedback loops.
2. AiPy Windows System Installation#
Visit the AiPy official website https://www.aipy.app/ and directly choose to run the Windows one-click extraction. The directory structure is as follows:
Create a configuration file aipy.toml
:
[llm.trustoken]
api_key = "your key"
base_url = "https://api.trustoken.ai/v1/"
model = "auto"
max_tokens = 16384
enable = true
default = true
Regarding the key
, you can use interfaces from various platforms or the local deployment of large model interfaces, depending on your needs. Of course, third-party services also require payment. After configuration, double-click run.bat
to start.
3. AiPy Google Chrome Operations#
Issue prompts to AiPy to launch Google Chrome. When execution fails, it will identify the cause and modify the code to successfully launch Google Chrome. When instructed to fetch photos from the Red Bull official website every 2 minutes, it executes successfully.
4. How to Conduct Vulnerability Mining with AiPy?#
Launch Google Chrome and crawl the subdomain interfaces of http://vulnweb.com/, saving them to the d.txt
file. Based on the interface paths, determine if they are vulnerable; if so, construct harmless payloads to check for XSS vulnerabilities. Other vulnerabilities are not checked. After obtaining the subdomains, it is not specified what methods or means to use to acquire them. Let AiPy figure it out.
This is about the end; it's just a demonstration. After all, prompts need to be well-constructed to potentially uncover vulnerabilities.