Kali Linux

ReconPal : Leveraging NLP For Infosec

Recon is one of the most important phases that seem easy but takes a lot of effort and skill to do right. One needs to know about the right tools, correct queries/syntax, run those queries, correlate the information, and sanitize the output. All of this might be easy for a seasoned infosec/recon professional to do, but for rest, it is still near to magic. How cool it will be to ask a simple question like “Find me an open Memcached server in Singapore with UDP support?” or “How many IP cameras in Singapore are using default credentials?” in a chat and get the answer?

The integration of GPT-3, deep learning-based language models to produce human-like text, with well-known recon tools like Shodan, is the foundation of ReconPal. ReconPal also supports using voice commands to execute popular exploits and perform reconnaissance.

Built With

  • OpenAI GPT-3
  • Shodan API
  • Speech-to-Text
  • Telegram Bot
  • Docker Containers
  • Python 3

Getting Started

To get ReconPal up and running, follow these simple steps.

Prerequisites

  • Telegram Bot Token Use BotFather and create a new telegram bot. Refer to the documentation at https://core.telegram.org/bots
  • Shodan API:
    Create a shodan Account and create a new API Key from https://account.shodan.io/
  • Google Speech-to-Text API:
    Enable Speech-to-Text in GCP and get the credentials. Refer to these steps from the documentation https://cloud.google.com/speech-to-text/docs/before-you-begin
  • OpenAI API Key:
    Create a free openAI account to try out the API. https://beta.openai.com/account/api-keys
  • Docker

sudo apt-get updates​
sudo apt-get install docker.io​
sudo curl -L “https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)” -o​ /usr/local/bin/docker-compose​
chmod +x /usr/local/bin/docker-compose

Installation

  • Clone the repo

git clone https://github.com/pentesteracademy/reconpal.git

  • Enter your OPENAI, SHODAN API keys, and TELEGRAM bot token in docker-compose.yml

OPENAI_API_KEY=
SHODAN_API_KEY=
TELEGRAM_BOT_TOKEN=

Start reconpal

docker-compose up

Usage

Open the telegram app and select the created bot to use ReconPal.

  • Click on start or just type in the input box.

/start

  • Register the model

/register

  • Test the tool with some commands.

scan 10.0.0.8

R K

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

7 days ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

2 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago