Monday, May 26, 2025
Homecyber securityARACNE: LLM-Powered Pentesting Agent Executes Commands on Real Linux Shell Systems

ARACNE: LLM-Powered Pentesting Agent Executes Commands on Real Linux Shell Systems

Published on

SIEM as a Service

Follow Us on Google News

Researchers have introduced ARACNE, a fully autonomous Large Language Model (LLM)-based pentesting agent designed to interact with SSH services on real Linux shell systems.

ARACNE is engineered to execute commands autonomously, marking a significant advancement in the automation of cybersecurity testing.

The agent’s architecture supports multiple LLM models, enhancing its flexibility and effectiveness in penetration testing scenarios.

- Advertisement - Google News

This modular approach allows for dynamic decision-making by separating planning and command execution into distinct components, the planner and the interpreter, respectively.

Technical Architecture and Performance

ARACNE’s architecture consists of four primary modules: the planner, interpreter, summarizer, and core agent.

The planner generates attack plans using GPT-O3-mini, while the interpreter translates these plans into executable Linux commands using LLaMA 3.1.

The summarizer, an optional module, condenses the operational history to fit within context size limits, employing GPT-4o for summarization.

The core agent orchestrates these modules and executes commands on the target system via SSH using the Paramiko library.

ARACNE has demonstrated a 60% success rate against ShelLM, an LLM-based shell honeypot, and a 57.58% success rate against the Over The Wire Bandit CTF challenges, slightly improving over existing state-of-the-art methodologies.

Evaluation and Future Directions

The evaluation of ARACNE involved testing against ShelLM and Over The Wire Bandit challenges.

According to the Report, these environments provided structured goals, allowing for clear success or failure metrics.

The results highlight ARACNE’s potential but also indicate areas for improvement, such as integrating additional models and supporting diverse SSH connection methods.

Future work includes refining prompts for optimal performance and assessing the agent in real-world environments.

Ethical considerations are also emphasized, as the development of such agents raises concerns about responsible research and deployment to enhance cybersecurity defenses.

Despite these challenges, ARACNE represents a significant step forward in automated cybersecurity testing, showcasing the potential for sophisticated and adaptable attack agents in penetration testing scenarios.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...