{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T15:53:16Z","timestamp":1775145196983,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,8,25]]},"DOI":"10.1145\/3708821.3733882","type":"proceedings-article","created":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T06:30:56Z","timestamp":1755066656000},"page":"375-391","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["PentestAgent: Incorporating LLM Agents to Automated Penetration Testing"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-8301-7961","authenticated-orcid":false,"given":"Xiangmin","family":"Shen","sequence":"first","affiliation":[{"name":"Northwestern University, Evanston, IL, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-3901-2131","authenticated-orcid":false,"given":"Lingzhi","family":"Wang","sequence":"additional","affiliation":[{"name":"Northwestern University, Evanston, IL, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7712-0292","authenticated-orcid":false,"given":"Zhenyuan","family":"Li","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4103-1498","authenticated-orcid":false,"given":"Yan","family":"Chen","sequence":"additional","affiliation":[{"name":"Northwestern University, Evanston, IL, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-4130-4131","authenticated-orcid":false,"given":"Wencheng","family":"Zhao","sequence":"additional","affiliation":[{"name":"Ant Group, Hangzhou, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-9821-182X","authenticated-orcid":false,"given":"Dawei","family":"Sun","sequence":"additional","affiliation":[{"name":"Ant Group, Hangzhou, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-3100-0534","authenticated-orcid":false,"given":"Jiashui","family":"Wang","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8721-4391","authenticated-orcid":false,"given":"Wei","family":"Ruan","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, Zhejiang, China"}]}],"member":"320","published-online":{"date-parts":[[2025,8,24]]},"reference":[{"key":"e_1_3_3_2_2_2","unstructured":"0x727. 2024. ObserverWard. https:\/\/github.com\/0x727\/ObserverWard"},{"key":"e_1_3_3_2_3_2","unstructured":"Talor Abramovich Meet Udeshi Minghao Shao Kilian Lieret Haoran Xi Kimberly Milner Sofija Jancheska John Yang Carlos\u00a0E Jimenez Farshad Khorrami et\u00a0al. 2024. EnIGMA: Enhanced Interactive Generative Model Agent for CTF Challenges. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2409.16165 (2024)."},{"key":"e_1_3_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586140"},{"key":"e_1_3_3_2_5_2","unstructured":"AutoGPT. 2024. AutoGPT. https:\/\/github.com\/Significant-Gravitas\/AutoGPT"},{"key":"e_1_3_3_2_6_2","first-page":"12","volume-title":"ICAPS","author":"Boddy Mark\u00a0S","year":"2005","unstructured":"Mark\u00a0S Boddy, Johnathan Gohde, Thomas Haigh, and Steven\u00a0A Harp. 2005. Course of Action Generation for Cyber Security Using Classical Planning.. In ICAPS. 12\u201321."},{"key":"e_1_3_3_2_7_2","doi-asserted-by":"crossref","unstructured":"Jinyin Chen Shulong Hu Haibin Zheng Changyou Xing and Guomin Zhang. 2023. GAIL-PT: An intelligent penetration testing framework with generative adversarial imitation learning. Computers & Security 126 (2023) 103055.","DOI":"10.1016\/j.cose.2022.103055"},{"key":"e_1_3_3_2_8_2","unstructured":"Rapid7\u00a0Global Consulting. 2019. Under the Hoodie: Lessons from a Season of Penetration Testing. https:\/\/www.rapid7.com\/research\/reports\/under-the-hoodie-2019\/ Accessed: 2024-06-19."},{"key":"e_1_3_3_2_9_2","doi-asserted-by":"crossref","unstructured":"Rapid7\u00a0Global Consulting. 2020. Under the Hoodie: Lessons from a Season of Penetration Testing. https:\/\/www.rapid7.com\/research\/reports\/under-the-hoodie-2020\/ Accessed: 2024-06-27.","DOI":"10.1016\/S1353-4858(20)30102-1"},{"key":"e_1_3_3_2_10_2","unstructured":"Alibaba Could. 2024. Vulnerability DB. https:\/\/avd.aliyun.com\/"},{"key":"e_1_3_3_2_11_2","unstructured":"National\u00a0Vulnerability Database. 2024. Common Vulnerability Scoring System Calculator. https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\/v3-calculator"},{"key":"e_1_3_3_2_12_2","unstructured":"Gelei Deng Yi Liu Yuekang Li Kailong Wang Ying Zhang Zefeng Li Haoyu Wang Tianwei Zhang and Yang Liu. 2023. Jailbreaker: Automated jailbreak across multiple large language model chatbots. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2307.08715 (2023)."},{"key":"e_1_3_3_2_13_2","first-page":"847","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Deng Gelei","year":"2024","unstructured":"Gelei Deng, Yi Liu, V\u00edctor Mayoral-Vilches, Peng Liu, Yuekang Li, Yuan Xu, Tianwei Zhang, Yang Liu, Martin Pinzger, and Stefan Rass. 2024. PentestGPT: Evaluating and Harnessing Large Language Models for Automated Penetration Testing. In 33rd USENIX Security Symposium (USENIX Security 24). 847\u2013864."},{"key":"e_1_3_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3623343"},{"key":"e_1_3_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/LISAT.2016.7494156"},{"key":"e_1_3_3_2_16_2","first-page":"101","volume-title":"STAIRS","author":"Durkota Karel","year":"2014","unstructured":"Karel Durkota and Viliam Lis\u1ef3. 2014. Computing Optimal Policies for Attack Graphs with Action Failures and Costs.. In STAIRS. 101\u2013110."},{"key":"e_1_3_3_2_17_2","unstructured":"GreenBone. 2024. GreenBone OpenVAS. https:\/\/www.openvas.org\/"},{"key":"e_1_3_3_2_18_2","unstructured":"HackTheBox. 2024. Hackthebox: Hacking training for the best.https:\/\/www.hackthebox.com\/"},{"key":"e_1_3_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/3611643.3613083"},{"key":"e_1_3_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW51379.2020.00010"},{"key":"e_1_3_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37119-6_23"},{"key":"e_1_3_3_2_22_2","unstructured":"Patrick Lewis Ethan Perez Aleksandra Piktus Fabio Petroni Vladimir Karpukhin Naman Goyal Heinrich K\u00fcttler Mike Lewis Wen-tau Yih Tim Rockt\u00e4schel et\u00a0al. 2020. Retrieval-augmented generation for knowledge-intensive nlp tasks. Advances in Neural Information Processing Systems 33 (2020) 9459\u20139474."},{"key":"e_1_3_3_2_23_2","unstructured":"Guohao Li Hasan Hammoud Hani Itani Dmitrii Khizbullin and Bernard Ghanem. 2023. Camel: Communicative agents for\" mind\" exploration of large language model society. Advances in Neural Information Processing Systems 36 (2023) 51991\u201352008."},{"key":"e_1_3_3_2_24_2","unstructured":"Haonan Li Yu Hao Yizhuo Zhai and Zhiyun Qian. 2023. The Hitchhiker\u2019s Guide to Program Analysis: A Journey with Large Language Models. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2308.00245 (2023)."},{"key":"e_1_3_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/3613905.3650756"},{"key":"e_1_3_3_2_26_2","unstructured":"Puzhuo Liu Chengnian Sun Yaowen Zheng Xuan Feng Chuan Qin Yuncheng Wang Zhi Li and Limin Sun. 2023. Harnessing the power of llm to support binary taint analysis. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2310.08275 (2023)."},{"key":"e_1_3_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.24556"},{"key":"e_1_3_3_2_28_2","unstructured":"Microsoft. 2024. System message framework and template recommendations for Large Language Models (LLMs). https:\/\/learn.microsoft.com\/en-us\/azure\/ai-services\/openai\/concepts\/system-message"},{"key":"e_1_3_3_2_29_2","unstructured":"MITRE. 2024. CVE. https:\/\/cve.mitre.org\/"},{"key":"e_1_3_3_2_30_2","unstructured":"nmap. 2024. nmap. https:\/\/nmap.org\/"},{"key":"e_1_3_3_2_31_2","unstructured":"Jorge\u00a0Lucangeli Obes Carlos Sarraute and Gerardo Richarte. 2013. Attack planning in the real world. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/1306.4044 (2013)."},{"key":"e_1_3_3_2_32_2","unstructured":"Forum of Incident\u00a0Response and Inc. Security\u00a0Teams. 2024. Common Vulnerability Scoring System v3.0: Specification Document. https:\/\/www.first.org\/cvss\/specification-document"},{"key":"e_1_3_3_2_33_2","unstructured":"Forum of Incident\u00a0Response and Inc. Security\u00a0Teams. 2024. Exploit Prediction Scoring System (EPSS). https:\/\/www.first.org\/epss\/"},{"key":"e_1_3_3_2_34_2","unstructured":"OWASP. 2024. OWASP Benchmark. https:\/\/owasp.org\/www-project-benchmark\/"},{"key":"e_1_3_3_2_35_2","unstructured":"OWASP. 2024. Top 10 Web Application Security Risks. https:\/\/owasp.org\/www-project-top-ten\/"},{"key":"e_1_3_3_2_36_2","unstructured":"Rapid7. 2024. Rapid7 Metasploit. https:\/\/www.metasploit.com\/"},{"key":"e_1_3_3_2_37_2","first-page":"50","volume-title":"Working Notes for the 2011 IJCAI Workshop on Intelligent Security (SecArt)","author":"Roberts Mark","year":"2011","unstructured":"Mark Roberts, Adele Howe, Indrajit Ray, Malgorzata Urbanska, Zinta\u00a0S Byrne, and Janet\u00a0M Weidert. 2011. Personalized vulnerability analysis through automated planning. In Working Notes for the 2011 IJCAI Workshop on Intelligent Security (SecArt). 50."},{"key":"e_1_3_3_2_38_2","first-page":"1816","volume-title":"Proceedings of the AAAI Conference on Artificial Intelligence","volume":"26","author":"Sarraute Carlos","year":"2012","unstructured":"Carlos Sarraute, Olivier Buffet, and J\u00f6rg Hoffmann. 2012. POMDPs make better hackers: Accounting for uncertainty in penetration testing. In Proceedings of the AAAI Conference on Artificial Intelligence , Vol.\u00a026. 1816\u20131824."},{"key":"e_1_3_3_2_39_2","unstructured":"Carlos Sarraute Olivier Buffet and J\u00f6rg Hoffmann. 2013. Penetration testing== POMDP solving? arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/1306.4714 (2013)."},{"key":"e_1_3_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1145\/2046684.2046695"},{"key":"e_1_3_3_2_41_2","unstructured":"Snyk Security. 2024. Snyk Vulnerability Database. https:\/\/security.snyk.io\/"},{"key":"e_1_3_3_2_42_2","unstructured":"Noah Shinn Federico Cassano Ashwin Gopinath Karthik Narasimhan and Shunyu Yao. 2024. Reflexion: Language agents with verbal reinforcement learning. Advances in Neural Information Processing Systems 36 (2024)."},{"key":"e_1_3_3_2_43_2","unstructured":"The Penetration Testing\u00a0Execution Standard. 2024. PTES Technical Guidelines. http:\/\/www.pentest-standard.org\/index.php\/PTES_Technical_Guidelines"},{"key":"e_1_3_3_2_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/TCSET.2016.7452095"},{"key":"e_1_3_3_2_45_2","unstructured":"Tenable. 2024. Tenable Nessus. https:\/\/www.tenable.com\/products\/nessus"},{"key":"e_1_3_3_2_46_2","unstructured":"Vulhub. 2024. Vulhub. https:\/\/github.com\/vulhub\/vulhub"},{"key":"e_1_3_3_2_47_2","unstructured":"VulnHub. 2024. VulnHub. https:\/\/www.vulnhub.com\/"},{"key":"e_1_3_3_2_48_2","unstructured":"Jason Wei Xuezhi Wang Dale Schuurmans Maarten Bosma Fei Xia Ed Chi Quoc\u00a0V Le Denny Zhou et\u00a0al. 2022. Chain-of-thought prompting elicits reasoning in large language models. Advances in neural information processing systems 35 (2022) 24824\u201324837."},{"key":"e_1_3_3_2_49_2","unstructured":"Jiacen Xu Jack\u00a0W Stokes Geoff McDonald Xuesong Bai David Marshall Siyue Wang Adith Swaminathan and Zhou Li. 2024. AutoAttacker: A Large Language Model Guided System to Implement Automatic Cyber-attacks. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2403.01038 (2024)."},{"key":"e_1_3_3_2_50_2","doi-asserted-by":"crossref","unstructured":"Tian-yang Zhou Yi-chao Zang Jun-hu Zhu and Qing-xian Wang. 2019. NIG-AP: A new method for automated penetration testing. Frontiers of Information Technology & Electronic Engineering 20 9 (2019) 1277\u20131288.","DOI":"10.1631\/FITEE.1800532"}],"event":{"name":"ASIA CCS '25: 20th ACM Asia Conference on Computer and Communications Security","location":"Hanoi Vietnam","acronym":"ASIA CCS '25","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 20th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3708821.3733882","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T07:27:07Z","timestamp":1755070027000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3708821.3733882"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,24]]},"references-count":49,"alternative-id":["10.1145\/3708821.3733882","10.1145\/3708821"],"URL":"https:\/\/doi.org\/10.1145\/3708821.3733882","relation":{},"subject":[],"published":{"date-parts":[[2025,8,24]]},"assertion":[{"value":"2025-08-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}