AI-Enhanced Ethical Hacking: A Linux-Focused Experiment
Haitham S. Al-Sinani, Chris J. Mitchell
TL;DR
This paper investigates how GenAI, notably ChatGPT, can streamline ethical hacking across reconnaissance, scanning, gaining/maintaining access, and reporting within a Linux-focused lab. Using a controlled VirtualBox NAT environment with Kali as the attacker and a Linux target, the study demonstrates AI-assisted guidance enabling efficient decision-making, rapid task automation, and successful exploitation (SMB trans2open) with persistence via a new user and SSH keys. It also highlights risks such as AI misguidance, data biases, and potential misuse, underscoring the necessity of balanced human-AI collaboration and rigorous ethical safeguards. The work contributes a practical framework and empirical findings for AI-augmented penetration testing and points to future extensions across platforms and domains, including stronger governance and broader attack surfaces.
Abstract
This technical report investigates the integration of generative AI (GenAI), specifically ChatGPT, into the practice of ethical hacking through a comprehensive experimental study and conceptual analysis. Conducted in a controlled virtual environment, the study evaluates GenAI's effectiveness across the key stages of penetration testing on Linux-based target machines operating within a virtual local area network (LAN), including reconnaissance, scanning and enumeration, gaining access, maintaining access, and covering tracks. The findings confirm that GenAI can significantly enhance and streamline the ethical hacking process while underscoring the importance of balanced human-AI collaboration rather than the complete replacement of human input. The report also critically examines potential risks such as misuse, data biases, hallucination, and over-reliance on AI. This research contributes to the ongoing discussion on the ethical use of AI in cybersecurity and highlights the need for continued innovation to strengthen security defences.