Pith. sign in

REVIEW 19 cited by

PentestGPT: An LLM-empowered Automatic Penetration Testing Tool

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 2308.06782 v2 pith:RKPGH25N submitted 2023-08-13 cs.SE cs.CR

PentestGPT: An LLM-empowered Automatic Penetration Testing Tool

classification cs.SE cs.CR
keywords testingpenetrationllmspentestgptautomaticbenchmarkchallengesindustrial
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

Penetration testing, a crucial industrial practice for ensuring system security, has traditionally resisted automation due to the extensive expertise required by human professionals. Large Language Models (LLMs) have shown significant advancements in various domains, and their emergent abilities suggest their potential to revolutionize industries. In this research, we evaluate the performance of LLMs on real-world penetration testing tasks using a robust benchmark created from test machines with platforms. Our findings reveal that while LLMs demonstrate proficiency in specific sub-tasks within the penetration testing process, such as using testing tools, interpreting outputs, and proposing subsequent actions, they also encounter difficulties maintaining an integrated understanding of the overall testing scenario. In response to these insights, we introduce PentestGPT, an LLM-empowered automatic penetration testing tool that leverages the abundant domain knowledge inherent in LLMs. PentestGPT is meticulously designed with three self-interacting modules, each addressing individual sub-tasks of penetration testing, to mitigate the challenges related to context loss. Our evaluation shows that PentestGPT not only outperforms LLMs with a task-completion increase of 228.6\% compared to the \gptthree model among the benchmark targets but also proves effective in tackling real-world penetration testing challenges. Having been open-sourced on GitHub, PentestGPT has garnered over 4,700 stars and fostered active community engagement, attesting to its value and impact in both the academic and industrial spheres.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 19 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Certifying Ghosts: How Cybersecurity AI Agents Break the EU Cyber Resilience Act

    cs.CR 2026-07 conditional novelty 7.0

    Cybersecurity AI agents invalidate the CRA's premises about vulnerability discovery, exploitation, and remediation speed, making static conformity certificates false and requiring continuous agent-operated defense.

  2. Honeyval: A Comprehensive Evaluation Framework for LLM-powered HTTP Honeypots

    cs.CR 2026-05 unverdicted novelty 7.0

    Honeyval evaluates LLM HTTP honeypots with AI attackers and shows they produce longer interactions, lower detection rates, and cost advantages over rule-based baselines.

  3. CyberEvolver: Structured Self-Evolution for Cybersecurity Agents On the Fly

    cs.CR 2026-05 unverdicted novelty 7.0

    CyberEvolver introduces a four-layer self-evolving agent architecture with trace-to-diagnosis and population beam search that raises seed agent success rates by 13.6% on CTF, exploitation, and penetration tasks across...

  4. Rethinking Side-Channel Analysis: Automated Discovery and Analysis of Side-Channel Leakage with LLM-Assisted Agents

    cs.CR 2026-05 unverdicted novelty 7.0

    SCAgent automates side-channel leakage discovery via LLM agents for target identification and few-shot foundation models for scalable analysis on iOS.

  5. PHANTOM: Polymorphic Honeytoken Adaptation with Narrative-Tailored Organisational Mimicry

    cs.CR 2026-05 unverdicted novelty 7.0

    PHANTOM raises honeytoken believability from 0.576 to 0.778 by adding organization-specific mimicry, lifting human acceptance to 100% and detection resistance to 0.870.

  6. Trace: Unmasking AI Attack Agents Through Terminal Behavior Fingerprinting

    cs.CR 2026-05 unverdicted novelty 7.0

    Trace fingerprints AI penetration testing agents from terminal command sequences to identify model families and extracts their system prompts via targeted defensive prompt injection.

  7. ScopeJudge: Cost-Aware Pre-Execution Gating for Offensive Security Agents

    cs.CR 2026-07 conditional novelty 6.5

    Static-policy judges achieve near-zero recall on scope violations; request-conditioned pre-execution judges reach F1 0.66 (open-weight best) against an expert reference of 0.78 on a 4,897-call labeled benchmark.

  8. CornerCase: Automated Extremal Testing of Protocol Implementations using LLMs

    cs.NI 2026-06 unverdicted novelty 6.0

    CornerCase automates extremal testing of protocol implementations by using LLMs to extract validity constraints from specs and generating boundary test cases, uncovering 42 anomalies (26 acknowledged as bugs) in HTTP,...

  9. HunterAgent: Neuro-Symbolic Attack Trace Reconstruction under Anti-Forensics

    cs.CR 2026-05 unverdicted novelty 6.0

    HunterAgent combines LLM hypothesis generation with symbolic verification and cost-bounded graph search to reconstruct attack paths under anti-forensics, reporting 86.1% mean F1 on benchmarks with reduced hallucinations.

  10. The Authorization-Execution Gap Is a Major Safety and Security Problem in Open-World Agents

    cs.CR 2026-05 conditional novelty 6.0

    Open-world agents suffer from an Authorization-Execution Gap arising from delegation incompleteness, channel corruption, and composition fragmentation, requiring dynamic runtime integrity checks instead of only upfron...

  11. Patch2Vuln: Agentic Reconstruction of Vulnerabilities from Linux Distribution Binary Patches

    cs.CR 2026-05 unverdicted novelty 6.0

    An agentic pipeline localizes the security-relevant function in 10 of 20 Ubuntu binary security updates and produces an accepted root-cause classification in 11 of 20, limited mainly by binary differencing coverage.

  12. SAGE: Signal-Amplified Guided Embeddings for LLM-based Vulnerability Detection

    cs.CR 2026-04 unverdicted novelty 6.0

    SAGE uses sparse autoencoders to boost vulnerability signals in LLMs, raising internal SNR 12.7x and delivering up to 318% MCC gains on vulnerability detection benchmarks.

  13. PoC-Adapt: Semantic-Aware Automated Vulnerability Reproduction with LLM Multi-Agents and Reinforcement Learning-Driven Adaptive Policy

    cs.CR 2026-04 unverdicted novelty 6.0

    PoC-Adapt improves automated PoC exploit generation reliability by 25% and lowers cost using semantic state validation and RL adaptive policies, verifying 12 PoCs from 80 recent CVE attempts at $0.42 each.

  14. A Survey on Large Language Model based Autonomous Agents

    cs.AI 2023-08 accept novelty 6.0

    A survey of LLM-based autonomous agents that proposes a unified framework for their construction and reviews applications in social science, natural science, and engineering along with evaluation methods and future di...

  15. A Lifecycle and Application-Stack Survey of Large Language Model Vulnerabilities: Attacks, Risks, Defenses, and Open Problems

    cs.CR 2026-06 unverdicted novelty 5.0

    The paper provides a lifecycle-based systematization of LLM vulnerabilities across data collection, pretraining, alignment, packaging, retrieval, prompting, tool execution, and deployment, mapping them to security obj...

  16. Synthetic APTs: the Collapse of TTP-Based Attribution

    cs.CR 2026-06 unverdicted novelty 5.0

    AI-emulated APTs compromise enterprise hosts and weaponize defender tools in 8/10 trials while military ranges resist, indicating TTP attribution fails when agents can be scaffolded to mimic threat actors.

  17. Enhancing Linux Privilege Escalation Attack Capabilities of Local LLM Agents

    cs.CR 2026-04 unverdicted novelty 5.0

    Targeted prompting and system interventions enable local LLMs such as Llama 3.1 70B to exploit 83% of tested Linux privilege escalation vulnerabilities.

  18. Hephaestus: Toward a Cybersecurity AI Scientist

    cs.CR 2026-06 unverdicted novelty 4.0

    The paper proposes the Cybersecurity AI Scientist as a modular multi-agent architecture for automating cybersecurity research, distinguished by its focus on non-stationary threats and anchored in a four-zeros risk-tru...

  19. Benchmarking Mythos-Linked Bug Rediscovery

    cs.SE 2026-05 unverdicted novelty 4.0

    A benchmarking experiment finds low rediscovery rates for three models on six Mythos-linked bug tasks, with only six target matches across 54 attempts under controlled prompting.