PwnPatrol

What it does

Our app automates the responsible disclosure process by performing thorough CVE (Common Vulnerabilities and Exposures) analysis, generating and testing search dorks, and conducting OSINT (Open Source Intelligence) to identify potentially impacted organizations and their employees.
Upon receiving a CVE identifier, the app begins by analyzing the CVE details using the Gemini API, which helps determine if the CVE is dorkable. If so, the app uses Gemini to generate relevant Google and Shodan dorks tailored to the CVE characteristics. These dorks are then tested to identify vulnerable websites and systems.
For each identified vulnerable entity, the app extracts information such as domain names and performs OSINT to gather data on associated companies and their key cybersecurity personnel. This is done using tailored queries to search engines, and the Gemini API assists in summarizing and interpreting the search results.
One of the key advantages of using the Gemini API's large context size is its ability to parse entire websites' data without the need for CSS selectors or XPath queries. By simply copying visible text from web pages, the app asks Gemini to interpret the data, leveraging its understanding of various patterns found in e-commerce sites, forums, and more. The API is also used to create precise and effective Google dorks, further enhancing the app's capabilities.