RapidPen: Fully Automated IP-to-Shell Penetration Testing with LLM-based Agents
We present RapidPen, a fully automated penetration testing (pentesting) framework that addressesthe challenge of achieving an initial foothold (IP-to-Shell) without human intervention. Unlike priorapproaches that focus primarily on post-exploitation or require a human-in-the-loop, RapidPenleverages large language models (LLMs) to autonomously discover and exploit vulnerabilities, starting froma single IP address. By integrating advanced ReAct-style task planning (Re) with retrieval-augmentedknowledge bases of successful exploits, along with a command-generation and direct execution feedback loop(Act), RapidPen systematically scans services, identifies viable attack vectors, and executes targetedexploits in a fully automated manner.In our evaluation against a vulnerable target from the Hack The Box platform, RapidPen achieved shellaccess within 200-400 seconds at a per-run cost of approximately \0.3-\0.6, demonstrating a60\% success rate when reusing prior "success-case" data. These results underscore the potentialof truly autonomous pentesting for both security novices and seasoned professionals. Organizationswithout dedicated security teams can leverage RapidPen to quickly identify critical vulnerabilities,while expert pentesters can offload repetitive tasks and focus on complex challenges.Ultimately, our work aims to make penetration testing more accessible and cost-efficient,thereby enhancing the overall security posture of modern software ecosystems.
View on arXiv@article{nakatani2025_2502.16730,
title={ RapidPen: Fully Automated IP-to-Shell Penetration Testing with LLM-based Agents },
author={ Sho Nakatani },
journal={arXiv preprint arXiv:2502.16730},
year={ 2025 }
}