Researchers have introduced ARACNE, a fully autonomous Large Language Model (LLM)-based pentesting agent designed to interact with SSH services on real Linux shell systems.
ARACNE is engineered to execute commands autonomously, marking a significant advancement in the automation of cybersecurity testing.
The agent’s architecture supports multiple LLM models, enhancing its flexibility and effectiveness in penetration testing scenarios.
This modular approach allows for dynamic decision-making by separating planning and command execution into distinct components, the planner and the interpreter, respectively.
Technical Architecture and Performance
ARACNE’s architecture consists of four primary modules: the planner, interpreter, summarizer, and core agent.
The planner generates attack plans using GPT-O3-mini, while the interpreter translates these plans into executable Linux commands using LLaMA 3.1.
The summarizer, an optional module, condenses the operational history to fit within context size limits, employing GPT-4o for summarization.
The core agent orchestrates these modules and executes commands on the target system via SSH using the Paramiko library.
ARACNE has demonstrated a 60% success rate against ShelLM, an LLM-based shell honeypot, and a 57.58% success rate against the Over The Wire Bandit CTF challenges, slightly improving over existing state-of-the-art methodologies.
Evaluation and Future Directions
The evaluation of ARACNE involved testing against ShelLM and Over The Wire Bandit challenges.
According to the Report, these environments provided structured goals, allowing for clear success or failure metrics.
The results highlight ARACNE’s potential but also indicate areas for improvement, such as integrating additional models and supporting diverse SSH connection methods.
Future work includes refining prompts for optimal performance and assessing the agent in real-world environments.
Ethical considerations are also emphasized, as the development of such agents raises concerns about responsible research and deployment to enhance cybersecurity defenses.
Despite these challenges, ARACNE represents a significant step forward in automated cybersecurity testing, showcasing the potential for sophisticated and adaptable attack agents in penetration testing scenarios.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try for Free
-based pentesting agent designed.){kind=link}