FabricUI: Your Prompt Collection

A GUI for Fabric AI

Introduction

Since November 2022, Generative AI technologies are here to stay and have changed the way many of us work. Interestingly, with the advent of this technology, new domains and “expertise” have started to appear. One of them is prompt engineering, which I touched on in this previous post: Applying LLMs to Threat Intelligence.

To keep it simple, prompt engineering is the process of crafting the best prompt to send to an LLM to obtain the desired output. There are many techniques for different purposes, such as role definition, chain of thought, few-shot learning, etc.

With this new area, many people began creating different prompts for various objectives, such as correcting an email, writing a tweet, generating an offer, or creating a mindmap (The Intel Brief by SecurityBreak). 😉

You can find many of these prompts all over the internet — some quite good, while others not so much — and it became difficult to maintain a consistent library of useful prompts.

This is why I appreciate the tool created by Daniel Miessler called Fabric, which aims to solve this issue by creating a consistent structure and a way to use these prompts with multiple models.

In this post, I will talk a bit about Fabric itself and introduce Fabric UI, a simple interface I created in 2 days so you can try it easily, directly from your web browser. Let’s jump into it! 👇

What is Fabric?

Fabric is an open-source framework developed by Daniel Miessler “to augment human capabilities” using GenAI. The goal of this tool is to address a significant gap in the AI ecosystem — not the lack of AI capabilities, but the difficulty to integrate these capabilities into the everyday tasks.

Fabric enables users to break down complex problems into manageable components and apply AI solutions to each, enhancing productivity, creativity, and overall efficiency in daily tasks.

As mentioned in the introduction, Fabric is a collection of structured prompts, called Patterns, that help to accomplish specific tasks such as:

• Summarizing lengthy articles or videos.
• Extracting key insights from content.
• Generating essays or code explanations.
• Transforming complex information into digestible formats.
• There is also a bunch of patterns for cybersecurity 😎

One of the things I find most interesting is the structure used in these patterns. For example, below is the Extract_Wisdom pattern, designed to extract relevant information from any content.

As you can see in the screenshot above, the pattern follows a specific structure with keywords such as IDENTITY AND PURPOSE, STEPS, OUTPUT INSTRUCTIONS, and INPUT. Readers who pay close attention will notice the use of multiple prompt engineering techniques here.

This is the strength of Fabric — having a way to organize structured, community-driven collections of patterns for different needs.

On top of that, Fabric includes multiple features, such as retrieving transcripts from YouTube videos for example.

Now that you know a little bit more about Fabric, let’s see how you can use it.

How to Use Fabric in the CLI

Before presenting the web interface I created, let’s first see how you can use the Fabric CLI.

The initial version was coded in Python, but it has since been revamped with Go. I won’t cover the installation process, as it is well documented on the GitHub page, so I’ll jump straight to the usage.

1. The first command to run is --setup, which configures all the API keys you need for the models you want to use, or to connect to YouTube, for example.

fabric --setup

2. The help command

fabric --help
Usage:
  fabric [OPTIONS]

Application Options:
  -p, --pattern=                    Choose a pattern
  -v, --variable=                   Values for pattern variables, e.g. -v=$name:John -v=$age:30
  -C, --context=                    Choose a context
      --session=                    Choose a session
  -S, --setup                       Run setup
      --setup-skip-update-patterns  Skip update patterns at setup
  -t, --temperature=                Set temperature (default: 0.7)
  -T, --topp=                       Set top P (default: 0.9)
  -s, --stream                      Stream
  -P, --presencepenalty=            Set presence penalty (default: 0.0)
  -r, --raw                         Use the defaults of the model without sending chat options (like temperature etc.) and use the user role instead of the system role for patterns.
  -F, --frequencypenalty=           Set frequency penalty (default: 0.0)
  -l, --listpatterns                List all patterns
  -L, --listmodels                  List all available models
  -x, --listcontexts                List all contexts
  -X, --listsessions                List all sessions
  -U, --updatepatterns              Update patterns
  -c, --copy                        Copy to clipboard
  -m, --model=                      Choose model
  -o, --output=                     Output to file
  -n, --latest=                     Number of latest patterns to list (default: 0)
  -d, --changeDefaultModel          Change default pattern
  -y, --youtube=                    YouTube video url to grab transcript, comments from it and send to chat
      --transcript                  Grab transcript from YouTube video and send to chat
      --comments                    Grab comments from YouTube video and send to chat
      --dry-run                     Show what would be sent to the model without actually sending it
  -u, --scrape_url=                 Scrape website URL to markdown using Jina AI
  -q, --scrape_question=            Search question using Jina AI

Help Options:
  -h, --help                        Show this help message

3. A simple usage example with pbpaste that will paste your clipboard content into Fabric using the summarize pattern. Below is an example with a threat report: North Korean Threat Actor Citrine Sleet Exploiting Chromium Zero-Day.

pbpaste | fabric --pattern summarize

# ONE SENTENCE SUMMARY:
Microsoft identifies North Korean threat actor Citrine Sleet exploiting a Chromium zero-day vulnerability for cryptocurrency-related attacks.

# MAIN POINTS:
1. Citrine Sleet exploits CVE-2024-7971, a Chromium zero-day vulnerability, for remote code execution.
2. The actor primarily targets cryptocurrency firms for financial gain and uses social engineering tactics.
3. FudModule rootkit linked to Citrine Sleet facilitates kernel access and evades detection.
4. Google patched the vulnerability on August 21, 2024, following its discovery by Microsoft.
5. Attack chain includes directing victims to malicious domains and executing multiple exploits.
6. Microsoft recommends keeping systems updated and strengthening security configurations to mitigate risks.
7. The threat actor has conducted reconnaissance on cryptocurrency platforms to create fake websites.
8. Shared infrastructure between Citrine Sleet and Diamond Sleet indicates collaborative threat actor tactics.
9. Microsoft has notified affected customers and provided guidance on improving defenses.
10. Indicators of compromise include specific malicious domains linked to Citrine Sleet's activities.

# TAKEAWAYS:
1. Regular updates and patches are crucial to prevent exploitation of vulnerabilities.
2. Awareness of social engineering tactics can help mitigate phishing attacks.
3. Enhanced security configurations are essential for effective endpoint protection.
4. Collaboration among security teams can improve threat detection and response.
5. Continuous monitoring for indicators of compromise is vital in cybersecurity defense strategies.

Pretty cool — within no time, you can have a summary of any blog post you’re reading. And there are many more patterns to explore!

Introducing FabricUI

While the CLI is quite good and sufficient for most users, I wanted to create a simple interface to interact with Fabric, partly for the challenge and also to learn a new framework, making it the perfect project. 🤓

Disclaimer 1: I coded FabricUI over a weekend, so it only includes basic functionalities. Currently, only OpenAI models work, and some bugs may occur.

Disclaimer 2: To test the interface, you’ll need to enter your own API key. This API key is not stored on the server; instead, a local cookie in your web browser is used to retain the API key for ease of use. However, this cookie is not sent to the server. If you find this insecure, I recommend creating a temporary API key to test the interface.

Features of FabricUI:

• User-Friendly Interface: You can easily configure FabricUI by specifying your API key, the model you want to use, and the temperature setting.
• Quick Access to Patterns: Apply patterns to your content without needing to remember the command-line syntax.
• Beta Version: FabricUI is in its early stages, built over a weekend to provide a simple interface. While it’s not perfect, it’s a functional tool that offers an out-of-the-box experience with LLMs for specific use cases.

I created a short video to demonstrate how to use it.

FabricUI is available here: https://fabricui.securitybreak.io/

Conclusion

Fabric is a great tool for structuring and organizing predefined prompts for specific use cases. It’s very easy to use and offers enough flexibility to integrate into your workflow.

FabricUI is a small project that provides a simple way to interact with Fabric. This is a beta version that might be updated in the future. Until then, you have a good opportunity to experiment with it and explore its functionalities. ✌️

Edit: I recently found out that I’ve been selected for the SANS Difference Maker Award 2024. If you appreciate my contributions to the field, I’d be grateful if you could vote for me here:

👉 https://www.sans.org/about/awards/difference-makers/

That’s it! If you like this blog, you can share it and like it. You can follow me on Twitter @fr0gger_ or on Medium for more stuff such as this one. ❤

Consider becoming a Medium member if you appreciate my content and want to help me as a writer. It cost $5 per month and gives you unlimited access to Medium content. I’ll get a little commission if you sign up via my link and that will help supporting my community projects. Thanks!🤓