Thursday, May 8, 2025
Homecyber securityARACNE: LLM-Powered Pentesting Agent Executes Commands on Real Linux Shell Systems

ARACNE: LLM-Powered Pentesting Agent Executes Commands on Real Linux Shell Systems

Published on

SIEM as a Service

Follow Us on Google News

Researchers have introduced ARACNE, a fully autonomous Large Language Model (LLM)-based pentesting agent designed to interact with SSH services on real Linux shell systems.

ARACNE is engineered to execute commands autonomously, marking a significant advancement in the automation of cybersecurity testing.

The agent’s architecture supports multiple LLM models, enhancing its flexibility and effectiveness in penetration testing scenarios.

- Advertisement - Google News

This modular approach allows for dynamic decision-making by separating planning and command execution into distinct components, the planner and the interpreter, respectively.

Technical Architecture and Performance

ARACNE’s architecture consists of four primary modules: the planner, interpreter, summarizer, and core agent.

The planner generates attack plans using GPT-O3-mini, while the interpreter translates these plans into executable Linux commands using LLaMA 3.1.

The summarizer, an optional module, condenses the operational history to fit within context size limits, employing GPT-4o for summarization.

The core agent orchestrates these modules and executes commands on the target system via SSH using the Paramiko library.

ARACNE has demonstrated a 60% success rate against ShelLM, an LLM-based shell honeypot, and a 57.58% success rate against the Over The Wire Bandit CTF challenges, slightly improving over existing state-of-the-art methodologies.

Evaluation and Future Directions

The evaluation of ARACNE involved testing against ShelLM and Over The Wire Bandit challenges.

According to the Report, these environments provided structured goals, allowing for clear success or failure metrics.

The results highlight ARACNE’s potential but also indicate areas for improvement, such as integrating additional models and supporting diverse SSH connection methods.

Future work includes refining prompts for optimal performance and assessing the agent in real-world environments.

Ethical considerations are also emphasized, as the development of such agents raises concerns about responsible research and deployment to enhance cybersecurity defenses.

Despite these challenges, ARACNE represents a significant step forward in automated cybersecurity testing, showcasing the potential for sophisticated and adaptable attack agents in penetration testing scenarios.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Critical Vulnerability in Ubiquiti UniFi Protect Camera Allows Remote Code Execution by Attackers

Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score...

IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers

A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux,...

Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks

Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security...

Seamless AI Communication: Microsoft Azure Adopts Google’s A2A Protocol

Microsoft has announced its support for the Agent2Agent (A2A) protocol, an open standard developed...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Critical Vulnerability in Ubiquiti UniFi Protect Camera Allows Remote Code Execution by Attackers

Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score...

IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers

A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux,...

Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks

Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security...