Neural Matcher

[ph03n1xx7]

Would you consider adding support for trained neural network models as matcher? The input from various protocols would be converted into tensors (multi-dimensional slices of float64) according to the model input shape, and the model output would result in a match or not

[forgedhallpass]

@ph03n1xx7

What are you thinking of exactly? Detecting protocols or deciding if a fuzzing attack was successful or not? Where would we get the training data etc?

We are accepting PRs 😉

[ph03n1xx7]

For example, it would allow semantical and contextual analysis, allowing to perform elaboration on the page corpus allowing a matcher to determine the context of the web page, which right now are limited to regexes and word presence/absence. For example, detecting a login page, regardless of the specific technology, and executing some action is impossible or can be done by searching for keywords like "login" and "password" with potentially many false positives.
Also, the fuzzing scenario could be a possible use. Since the model is already trained, there is no need for training data, unless you meant that the model should evolve during the scan in a sort of online learning, that would work much better than the classical content discovery tools based on fixed filters or naive preliminary threshold calculation with non-existing paths.

[geeknik]

Since the model is already trained, there is no need for training data

Yes, but someone has to train the model to start with, so where does that training data come from? Who creates it? Who vets it? Etc. 👍🏻

[ph03n1xx7]

In my case, I would like to use a pre-existing model I trained myself. I don't know if the team may be interested in some pre-existing nuclei neural matchers pre-trained models that users can call within the templates, similarly to their helper functions

[Mzack9999]

@ph03n1xx7 Thanks for opening this interesting discussion. Indeed it opens up a wide range of non-deterministic matchers. I see a few possible problems here:

• From which framework are these models from? For example, torch bindings aren't covered very well, and also TensorFlow's ones have been abandoned by the TensorFlow team
• Implementing these bindings from scratch via cgo would require a non-trivial effort
• The network topology would require a specific input. Therefore the data transformation to extract the features would be embedded within the template?