{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,19]],"date-time":"2025-09-19T11:36:18Z","timestamp":1758281778448,"version":"3.44.0"},"reference-count":33,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U2336206","62472398","U2436601","62402469"],"award-info":[{"award-number":["U2336206","62472398","U2436601","62402469"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/tifs.2025.3601343","type":"journal-article","created":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T18:08:54Z","timestamp":1756404534000},"page":"9657-9672","source":"Crossref","is-referenced-by-count":0,"title":["AutoPT: How Far Are We From the Fully Automated Web Penetration Testing?"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-4441-173X","authenticated-orcid":false,"given":"Benlong","family":"Wu","sequence":"first","affiliation":[{"name":"School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guoqiang","family":"Chen","sequence":"additional","affiliation":[{"name":"QI-ANXIN Technology Research Institute, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9868-3414","authenticated-orcid":false,"given":"Kejiang","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-6660-9947","authenticated-orcid":false,"given":"Xiuwei","family":"Shang","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiapeng","family":"Han","sequence":"additional","affiliation":[{"name":"Chaitin Future Technology Company Ltd., Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9546-5043","authenticated-orcid":false,"given":"Yanru","family":"He","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5576-6108","authenticated-orcid":false,"given":"Weiming","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4417-9316","authenticated-orcid":false,"given":"Nenghai","family":"Yu","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","first-page":"971","article-title":"How the web tangled itself: Uncovering the history of client-side web (in) security","volume-title":"Proc. 26th USENIX Secur. Symp. (USENIX Secur.)","author":"Stock"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3461950"},{"volume-title":"Information Supplement: Penetration Testing Guidance","year":"2017","key":"ref3"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.23"},{"key":"ref5","first-page":"5593","article-title":"NAUTILUS: Automated RESTful API vulnerability detection","volume-title":"Proc. 32nd USENIX Secur. Symp. (USENIX Secur.)","author":"Deng"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/CYBER.2015.7288225"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3372809"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3374558"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/s11432-024-4222-0"},{"key":"ref10","first-page":"847","article-title":"PentestGPT: Evaluating and harnessing large language models for automated penetration testing","volume-title":"Proc. 33rd USENIX Secur. Symp. (USENIX Secur.)","author":"Deng"},{"key":"ref11","article-title":"NYU CTF bench: A scalable open-source benchmark dataset for evaluating LLMs in offensive security","author":"Shao","year":"2024","journal-title":"arXiv:2406.05590"},{"key":"ref12","article-title":"ReAct: Synergizing reasoning and acting in language models","author":"Yao","year":"2022","journal-title":"arXiv:2210.03629"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/5.533956"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40597-6_20"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/TLA.2015.7069095"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610403"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3322319"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW51379.2020.00010"},{"key":"ref19","article-title":"LLM inference unveiled: Survey and roofline model insights","author":"Yuan","year":"2024","journal-title":"arXiv:2402.16363"},{"key":"ref20","article-title":"Personal LLM agents: Insights and survey about the capability, efficiency and security","author":"Li","year":"2024","journal-title":"arXiv:2401.05459"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3611643.3613083"},{"key":"ref22","article-title":"LLMs as hackers: Autonomous Linux privilege escalation attacks","author":"Happe","year":"2023","journal-title":"arXiv:2310.11409"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/CSR61664.2024.10679480"},{"key":"ref24","article-title":"HackSynth: LLM agent and evaluation framework for autonomous penetration testing","author":"Muzsai","year":"2024","journal-title":"arXiv:2412.01778"},{"key":"ref25","article-title":"Hacking, the lazy way: LLM augmented pentesting","author":"Goyal","year":"2024","journal-title":"arXiv:2409.09493"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3689933.3690831"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/tkde.2024.3360454"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3703155"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/103418.103468"},{"volume-title":"Automata, Computability and Complexity: Theory and Applications","year":"2008","author":"Rich","key":"ref30"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-05089-3_14"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/s10009-019-00544-0"},{"key":"ref33","article-title":"GUARD: Role-playing to generate natural-language jailbreakings to test guideline adherence of large language models","author":"Jin","year":"2024","journal-title":"arXiv:2402.03299"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/10810755\/11142562.pdf?arnumber=11142562","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,18]],"date-time":"2025-09-18T17:45:04Z","timestamp":1758217504000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11142562\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":33,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3601343","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"type":"print","value":"1556-6013"},{"type":"electronic","value":"1556-6021"}],"subject":[],"published":{"date-parts":[[2025]]}}}