Abstract
Developing security scanners to identify vulnerable software within the network of an organization can be expensive and error prone: for each new software or version thereof, a security engineer deploys a live instance and determines fingerprintable properties that can be automatically identified. This disclosure describes techniques that leverage large language models (LLMs) to perform attack surface management functions such as the discovery of software that is exposed to attackers and the vulnerabilities of such software. A reconnaissance scan of the network perimeter determines HTTP endpoints within the network. The HTTP endpoints are fed to the LLM alongside a prompt instructing the LLM to identify webpages, in particular, webpages that appear to admin panels for an application, the login page for an admin panel, etc. The LLM provides actionable yet cost-efficient signals relating to the nature of exposed webpages. The signal can be passed on to a human operator for further investigation. Network vulnerabilities are ascertained without the use of brittle heuristics and databases of administrator panels or hardcoded application signatures.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Criscione, Claudio, "Leveraging Large Language Models for the Analysis of Network Security", Technical Disclosure Commons, (October 23, 2025)
https://www.tdcommons.org/dpubs_series/8768