Security Testing

PentestGPT: Evaluating and Harnessing Large Language Models for Automated Penetration Testing
PentestGPT: Evaluating and Harnessing Large Language Models for Automated Penetration Testing

An LLM-empowered automated penetration testing framework that leverages domain knowledge inherent in LLMs, achieving 228.6% task completion improvement over baseline GPT models.

Aug 14, 2024

NAUTILUS: Automated RESTful API Vulnerability Detection

An automated framework for detecting vulnerabilities in RESTful APIs through combined static analysis and dynamic testing approaches.

Aug 9, 2023

NAUTILUS

NAUTILUS is an automated RESTful API vulnerability detection framework published at USENIX Security 2023. It combines API specification analysis with dynamic testing to uncover security flaws in modern web services.

Aug 9, 2023

PentestGPT

An LLM-empowered automatic penetration testing framework with 14k+ GitHub stars and 2.4k+ forks. PentestGPT is designed to automate penetration testing by leveraging the domain knowledge inherent in Large Language Models. It features a three-module architecture (Reasoning, Generation, and Parsing) that emulates human penetration testing workflows. Key Features: Multi-module agent design for reasoning, generation, and parsing Integration with multiple LLM backends and real-world security workflows Evaluation on CTF challenges and practical penetration testing targets 228.6% task completion improvement over baseline GPT models Recognition: Distinguished Artifact Award at USENIX Security 2024 Widely used open-source security research artifact with active community adoption

Aug 1, 2023

Morest: Model-based RESTful API Testing with Execution Feedback

A model-based approach to RESTful API testing with execution feedback for improved coverage and vulnerability detection.

May 21, 2022