ChatGPT Techniques for Successful Penetration Testing Prakash, 15, July 202310, August 2023 ChatGPT is one of the largest and advanced language models ever created, with a huge neural network containing over 175 billion parameters.However, According to recent research, ChatGPT for penetration testing can help testers achieve more success.In November 2022, OpenAI introduced ChatGPT, generating substantial disruption in the AI/ML community. Because threat actors are exploiting the potential of artificial intelligence, sophisticated email attacks are on the rise.Researchers, on the other hand, are staying one step above by using ChatGPT in threat assessment and penetration tests.Sheetal Tamara from the University of the Cumberlands recently published a research article highlighting the beneficial use of ChatGPT in Reconnaissance.TABLE OF CONTENTS1 ChatGPT For Penetration Testing1.1 Also Read:1.2 About The Author1.2.1 Prakash1.3 RelatedChatGPT For Penetration TestingThe ChatGPT can be utilised during the initial reconnaissance phase, when the penetration tester gathers precise data about the breadth of the examination.Pen-testers can use ChatGPT to collect reconnaissance data. Such as IP (Internet Protocol) address ranges, domain names, network topology, vendor technologies, SSL/TLS cyphers, ports & services, and operating systems.This study demonstrates how artificial intelligence language models can be employed in cybersecurity and adds to the advancement of penetration testing approaches.Pentesters can obtain the organization’s IP address using the prompt. (“What IP address range related information do you have on [insert organization name here] in your knowledge base?”).This prompt would deliver the possible IP addresses used by the organization.“What type of domain name information can you gather on [insert target website here]?”ChatGPT could provide the list of domain names used by the organization. Such as primary domains, subdomains, other domains, international domains, generic top-level domains (gTLDs), and subsidiary domains.“What vendor technologies does [insert target website fqdn here] make use of on its website?”Answering this question, ChatGPT will provide various technologies. Such as content delivery networks (CDNs), Web servers, Advertising engines. Analytics engines. Customer relationship management (CRM), and other technologies organizations use.“Provide a comprehensive list of SSL ciphers based on your research used by [insert target website fqdn] in pursuant to your large corpus of text data present in your knowledge base.”ChatGPT could provide the ciphers, SSL/TLS versions, and types of TLS certificates used, also, with this question, ChatGPT above to check the encryption standard used.“Please list the partner websites including FQDN based on your research that [insert target website here] has direct links to according to your knowledge base.”In response to the question, ChatGPT is able to provide a list of partner websites that are directly linked.“Provide a vendor technology stack based on your research that is used by [insert organization name here].“This prompt would extract the include application server type, database type, operating systems, big data technologies, logging and monitoring software, and other infrastructure-related information specific to the organization.“Provide a list of network protocols related information that is available on [insert organization name here].”ChatGPT will return a list of network protocols the target organization uses, including HTTPS, SMTP, NTP, SSH, SNMP, and others.According to the results “ChatGPT has the ability to provide valuable insight into the deployment of the target organization’s technology stack. As well as specific information about web applications deployed by the target organisation,” according to the published study.“The research on ChatGPT necessitated trial and error in the prompting. Because certain requests can be outright rejected or result in responses that do not contain usable data for the reconnaissance phase of a penetration test.”Also Read:PentestGPT: A GPT-empowered penetration testing toolOsintgram – A OSINT Tool On InstagramHow to Monitor Your WiFI Network and See What People Are DoingHow Hackers Ban WhatsApp Number A Step By Step GuideThe 8 Best Free Web Application Penetration Testing ToolsThe Best Penetration Testing Tools for LinuxAbout The Author Prakash See author's posts Related ChatGPT Tech chatgptChatGPT Techniquespentesting
Reveals What are TCP and UDP ports? How do they work? 9, November 20229, November 2022Every internet user who has a computer is familiar with ports. Because, almost every application or game that you use on your computer almost always requires the input of port numbers to initiate the connection. For instance, when you are playing an online game, you need to put in the… Read More
Hacking Do You Know About What These Hacking Tools Can Do. 6, June 202216, November 2022If you wish to keep your or your company’s sensitive information protected in this situation, you need be aware of these hacking tools. You can quickly check for vulnerabilities in your network, computer, or server with the use of these hacking tools. A hacker can gain access to the network… Read More
Reveals World’s 8 Most Powerful Computers at this time 22, August 202223, August 2022We often see powerful computers in science fiction that are able to process a lot of data very quickly. They make the modern personal computer look like a toy in comparison. However, what many people don’t know is that today’s supercomputers are already extremely powerful. They are blurring the line… Read More