ReconPal: Leveraging NLP for Infosec

ReconPal: Leveraging NLP for Infosec

Recon is one of the most important phases that seem easy but takes a lot of effort and skill to do right. One needs to know about the right tools, correct queries/syntax, run those queries, correlate the information, and sanitize the output. All of this might be easy for a seasoned infosec/recon professional to do, but for rest, it is still near to magic. How cool it will be to ask a simple question like “Find me an open Memcached server in Singapore with UDP support?” or “How many IP cameras in Singapore are using default credentials?” in a chat and get the answer?

The integration of GPT-3, deep learning-based language models to produce human-like text, with well-known recon tools like Shodan, is the foundation of ReconPal. ReconPal also supports using voice commands to execute popular exploits and perform reconnaissance.

Install

To get ReconPal up and running, follow these simple steps.

Prerequisites

• Telegram Bot Token Use BotFather and create a new telegram bot. Refer to the documentation at https://core.telegram.org/bots

• Shodan API:
  Create a shodan Account and create a new API Key from https://account.shodan.io/

• Google Speech-to-Text API:
  Enable Speech-to-Text in GCP and get the credentials. Refer to these steps from the documentation https://cloud.google.com/speech-to-text/docs/before-you-begin

• OpenAI API Key:
  Create a free openAI account to try out the API. https://beta.openai.com/account/api-keys

• Docker

  sudo apt-get updates​
  
  sudo apt-get install docker.io​
  
  sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o​ /usr/local/bin/docker-compose​
  
  chmod +x /usr/local/bin/docker-compose

   

Installation

1. Clone the repo

   git clone https://github.com/pentesteracademy/reconpal.git

2. Enter your OPENAI, SHODAN API keys, and TELEGRAM bot token in docker-compose.yml

   OPENAI_API_KEY=<Your key>
   SHODAN_API_KEY=<Your key>
   TELEGRAM_BOT_TOKEN=<Your token>

3. Start reconpal

   docker-compose up

Usage

Open the telegram app and select the created bot to use ReconPal.

1. Click on start or just type in the input box.

2. Register the model.

3. Test the tool with some commands.

Demo

Copyright (C) 2022 pentesteracademy

Source: https://github.com/pentesteracademy/