What Makes a Good LLM Agent for Real-World Penetration Testing?

LLM-based agents show promise for automating penetration testing, yet reported performance varies widely across systems and benchmarks. We analyze 28 LLM-based penetration testing systems and evaluate five representative implementations across three benchmarks of increasing complexity. Our analys...

WordPress plugin Nelio AB Testing 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Regular Expression Denial of Service (ReDoS) Detector

This Metasploit auxiliary module implements a scientific approach to detecting and validating ReDoS vulnerabilities in HTTP-based applications. It leverages context-aware payload generation, length progression testing, and statistical analysis to identify inefficient regular expressions that may...

Malicious code in telebot-infe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 590d96b39de125e4d96c7b88fdc57ef5257eddbf8277011e51c84e1500302aaf The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

poc-test-vulnerability

poc-test-vulnerab...

Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta

Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption E2EE in Rich Communications Services RCS messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for...

📄 n8n Workflow Automation Remote Configuration / Admin Data Extraction

This Metasploit module exploits multiple vulnerabilities in n8n workflow automation tool. It leverages a file read vulnerability to steal encryption keys and database, then uses stolen credentials to authenticate and execute arbitrary commands via the Execute Command node...

OMNI-STRIKE Multi‑Protocol Wireless Security Testing Platform

OMNI‑STRIKE is a multi‑protocol wireless security assessment application built for Flipper Zero. It is designed to discover nearby wireless devices and perform controlled, authorized security testing in a structured and logged environment...

OpenSSL 3.x Realistic ASN.1 / PKCS#12 Denial of Service Tool

This proof of concept builds structurally correct ASN.1 DER / PKCS12 files designed to stress-test OpenSSL's parser and memory handling. It focuses on non-exploitative impacts such as denial of service, excessive memory consumption, deep recursion, malformed lengths, and duplicated/overlapping...

Simulated-pen-test-agent

Simulated-pen-tes...

vulnerability-assessment-lab

vulnerability-assessment-lab Controlled security test...

HTB-Season-10

HTB-Season-10 HTB Season 10 — Competiti...

ARGUS

ARGUS - All-seeing Recon & General Unified Security...

Exploit for OS Command Injection in Docker

HATCH Host Access Testing for Container Hardening A com...

Exploit for CVE-2025-49132

CVE-2025-49132PoC Pterodactyl Panel 1.11.11 - Remote Code Exe...

Hand over the keys for Shannon’s shenanigans

Welcome to this week's edition of the Threat Source newsletter. Last week, yet another security AI tool made the rounds on social media: Shannon, a fully autonomous AI penetration testing tool created by Keygraph. It "autonomously hunts for attack vectors in your code, then uses its built-in...

Ryan Liles, master of technical diplomacy

Cisco Talos is back with another inside look at the people who keep the internet safe. This time, Amy chats with Ryan Liles, who bridges the gap between Cisco's product teams and the third-party testing labs that put Cisco products through their paces. Ryan pulls back the curtain on the delicate...

MAL-2026-869 Malicious code in ritch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bc0d5c6c0c3175de2d5def02fe422574cfee5f7fe3a88f894de7122aa9dcf588 Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...

Sparse Autoencoders Are Capable LLM Jailbreak Mitigators

Jailbreak attacks remain a persistent threat to large language model safety. We propose Context-Conditioned Delta Steering CC-Delta, an SAE-based defense that identifies jailbreak-relevant sparse features by comparing token-level representations of the same harmful request with and without...

MAL-2024-12374 Malicious code in ci-metadata-python-logging (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b2ec44231abe88a238f040c6ed291532c456a0f07e91b5966a76b5262526672d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...