Hackers of India

ReconPal: Leveraging NLP for Infosec

By  Nishant Sharma   Jeswin Mathai  on 07 Oct 2020 @ Rootcon

This talk covers following tools where the speaker has contributed or authored
RECONPAL

Presentation Material

Abstract

Recon is one of the most important phases that seem easy but takes a lot of effort and skill to do right. One needs to know about the right tools, correct queries/syntax, run those queries, correlate the information, and sanitize the output. All of this might be easy for a seasoned infosec/recon professional to do but for rest, it is still near to magic. How cool it will be to ask a simple question like “Find me an open Memcached in Manila with UDP support?” or “How many IP cameras in Phillippines are using default credentials?” in WhatsApp chat or a web portal and get the answer?

The integration of GPT-3, deep learning-based language models to produce human-like text, with well-known recon tools like Shodan can allow us to do the same. In this talk, we will cover how such integration can be done with Shodan and other recon tools. And, how this functionality can be extended to cover other popular tools. The code will be open-source and made available after the talk.