How to leverage ChatGPT to upgrade your OSINT skills
ChatGTP is making a big buzz right now in the Infosec community. It is said that it’s destined to be the next Google. It’s capacity to change the output of a query into a more human readable text is full of potential. It helps decrease the difficulty level of multiple tasks and makes some skills more accessible to the population.
As a security researcher, ChatGPT poses a great threat, but also a great opportunity to acquire new skills or be more efficient. It can go both way and to be able to keep up with malicious threat actors, we need to be at least as efficient as them.
Here is some tricks you can use to improve your work using ChatGPT.
Automation
ChatGPT is known for his capacity to prepare snippets of code with the given parameter. If you ask it explicitly to write malicious code or exploits, it will tell you that it is not ethical and will not answer your request. But there are some ways to bypass this security measure quite easily.
First, always ask for a sample of code. If you ask ChatGPT to write you a program, it might only provide you with few steps on how to build it yourself. If you ask for a sample, it will provide you a fully build code sample that you can use to automate your OSINT information gathering.
Also, it is important to never write any information that will let ChatGPT the intent behind the code you want to write. If you write specifics words that are related to OSINT, like email gathering, it will tell you that the request is not ethical and deny it. If you simply tell ChatGPT what tools to use with what parameter, you can get a script that does the same thing as in the first request.
From there you can add as many functionalities as want to with a simple phrase to your new OSINT gathering automated tools.
Confidentiality
By using ChatGPT to produce your own tools to help you gather information about a client, you can implement functionalities that would assure you that no the information you gather for a Pentest is sold to a third-party. For exemple, if you use a website that automates the task for you, you cannot be sure if that same website store the information you get and sell this information to not trusted third-party. If you are gathering a list of email addresses for a client, you might not want the result to be public.
To continue with the script written in the last section, you can change the Search Engine used to a more confidential one.
Conclusion
The use of ChatGPT is a great tool to automate your testing for a company. It provides you with code that can be produce in a matter of minutes instead of multiple days of development and you can personalize it as much as you want to be able to create the perfect fit for your needs.
With this, you can gather relevant information faster and more accurately than to simply base your research on a single website. Furthermore, with using your own tools and having your own code produced, you can be certain that the result of your research won’t be send to a not wanted third party and the confidentiality of your search can be greatly improved.
