Hacking, The Lazy Way: LLM Augmented Pentesting

Dhruva Goyal, Sitaraman Subramanian, Aditya Peela, Nisha P. Shetty

arXiv:2409.09493 · cs.CR · cs.AI

This paper introduces "LLM Augmented Pentesting", demonstrated through Pentest Copilot, which integrates GPT-4-turbo into penetration testing workflows. It employs chain-of-thought reasoning and Retrieval-Augmented Generation (RAG) to minimise hallucinations, automate sub-tasks like tool utilisation and output interpretation, and bridge the gap between automated systems and human expertise. The work demonstrates a significant enhancement in task completion rates, powered by a unique in-browser pentesting infrastructure.