Hackers of India

ReconPal: Leveraging NLP for Infosec

By  Jeswin Mathai   Shantanu Kale   Sherin Stephen  on 10 Aug 2022 @ Blackhat : Arsenal

This Tool Demo covers following tools where the speaker has contributed or authored
RECONPAL

Abstract

Recon is one of the most important phases that seem easy but takes a lot of effort and skill to do right. One needs to know about the right tools, correct queries/syntax, run those queries, correlate the information, and sanitize the output. All of this might be easy for a seasoned infosec/recon professional to do but for rest, it is still near to magic. How cool it will be to ask a simple question like “Find me an open Memcached server in Singapore with UDP support?” or “How many IP cameras in Singapore are using default credentials?” in WhatsApp chat or a web portal and get the answer?

The integration of GPT-3, deep learning-based language models to produce human-like text, with well-known recon tools like Shodan is the foundation of ReconPal. In this talk, we will be introducing ReconPal with report generation capabilities and interactive terminal sessions. We are also introducing a miniature attack module, allowing users to execute popular exploits against the server with just the voice commands. The code will be open-source and made available after the talk.