LLM-powered Offensive Security / AI-powered Penetration Testing

Project: LLM-Powered Manual Hacking Machine

Description: Designed and implemented a local AI agent that integrates fine-tuned open-source LLMs with direct terminal access to automate manual hacking workflows. The model receives a goal (e.g., enumerate services, find vulnerabilities), plans steps, runs terminal commands, interprets results, and decides next actions — all without cloud dependency. Successfully used this system to complete HackTheBox starting point labs autonomously.

Key Features:

• Fine-tuning and prompt-engineering of open-source LLMs (Mistral, WhiteRabbit, LLaMA 3)
• Python middleware to securely connect the LLM to a terminal
• Autonomous command execution, output parsing, and adaptive planning
• Persistent logging of commands and results for auditability
• Demonstrated successful exploitation on HackTheBox beginner labs

Technologies & Tools Used:

• Python (subprocess, sandboxing, logging)
• Mistral, WhiteRabbit, LLaMA 3 (open-source LLMs)
• Prompt-engineering and lightweight fine-tuning
• Linux terminal, enumeration & exploitation tools

Use Case: This research-driven project explored the feasibility of using local LLMs for autonomous penetration testing. It highlights the potential of AI-assisted red-team tooling while also demonstrating risks if such systems fall into adversarial hands.