Consider Including RapidPen: Fully Automated IP-to-Shell Penetration Testing with LLM-based Agents

[laysakura]

Hi,

We would like to suggest adding our recent paper to the Awesome-LLM4Cybersecurity repository.

• Paper Title: RapidPen: Fully Automated IP-to-Shell Penetration Testing with LLM-based Agents
• arXiv: arxiv.org/abs/2502.16730
• Author's GitHub: laysakura

Summary: RapidPen is a fully autonomous penetration testing framework that uses an LLM-based agent to achieve initial system access (IP-to-Shell) without any human intervention. It employs advanced ReAct-style task planning with a retrieval-augmented exploit knowledge base and an execution-feedback loop to autonomously scan services, identify attack vectors, and execute exploits. In a HackTheBox evaluation, RapidPen obtained shell access within minutes (≈200–400 seconds) and achieved ~60% success when leveraging prior success-case data, illustrating the potential of truly automated pentesting for both novices and experts.

Suggested Category: LLM Assisted Attack (applications of LLMs in cybersecurity)

Additional Reference: [Demo] RapidPen Automatically Gains a Shell (HTB Blue Machine)

Thank you for considering our work!

[tmylla]

Thank you for your suggestion!

We appreciate your contribution and find that this work is highly relevant to the LLM Assisted Attack theme.

We will include your paper in our next repository update, which is scheduled to be released within the next few days, likely by the end of this month or early next month.

Once again, thank you for bringing this to our attention, and we look forward to featuring your work in the Awesome-LLM4Cybersecurity repository!