Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

ARACNE: An LLM-Based Autonomous Shell Pentesting Agent

Tomas Nieponice, Veronica Valeros, Sebastian Garcia

TL;DR

ARACNE tackles autonomous pentesting by introducing a modular, multi-LLM architecture that separates planning and command execution for SSH shell interactions. The planner, interpreter, optional summarizer, and core agent collaborate to generate, translate, and execute Linux commands on target systems with context-aware iteration. Empirical results against ShelLM and the Over The Wire Bandit challenges show competitive success rates (60% and 57.58%, respectively) and typically small action counts on successful runs, surpassing prior state-of-the-art in Bandit. The work demonstrates the feasibility of using specialized LLMs for autonomous offensive testing and discusses guardrails, jailbreaks, ethical considerations, and directions for integration with standard security tooling. Overall, ARACNE advances autonomous LLM-driven cybersecurity research by offering a flexible, extensible framework that can evolve with evolving models and defense mechanisms.

Abstract

We introduce ARACNE, a fully autonomous LLM-based pentesting agent tailored for SSH services that can execute commands on real Linux shell systems. Introduces a new agent architecture with multi-LLM model support. Experiments show that ARACNE can reach a 60\% success rate against the autonomous defender ShelLM and a 57.58\% success rate against the Over The Wire Bandit CTF challenges, improving over the state-of-the-art. When winning, the average number of actions taken by the agent to accomplish the goals was less than 5. The results show that the use of multi-LLM is a promising approach to increase accuracy in the actions.

ARACNE: An LLM-Based Autonomous Shell Pentesting Agent

TL;DR

ARACNE tackles autonomous pentesting by introducing a modular, multi-LLM architecture that separates planning and command execution for SSH shell interactions. The planner, interpreter, optional summarizer, and core agent collaborate to generate, translate, and execute Linux commands on target systems with context-aware iteration. Empirical results against ShelLM and the Over The Wire Bandit challenges show competitive success rates (60% and 57.58%, respectively) and typically small action counts on successful runs, surpassing prior state-of-the-art in Bandit. The work demonstrates the feasibility of using specialized LLMs for autonomous offensive testing and discusses guardrails, jailbreaks, ethical considerations, and directions for integration with standard security tooling. Overall, ARACNE advances autonomous LLM-driven cybersecurity research by offering a flexible, extensible framework that can evolve with evolving models and defense mechanisms.

Abstract

We introduce ARACNE, a fully autonomous LLM-based pentesting agent tailored for SSH services that can execute commands on real Linux shell systems. Introduces a new agent architecture with multi-LLM model support. Experiments show that ARACNE can reach a 60\% success rate against the autonomous defender ShelLM and a 57.58\% success rate against the Over The Wire Bandit CTF challenges, improving over the state-of-the-art. When winning, the average number of actions taken by the agent to accomplish the goals was less than 5. The results show that the use of multi-LLM is a promising approach to increase accuracy in the actions.

Paper Structure

This paper contains 20 sections, 2 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Previous Work
  3. Methodology
  4. Overview of ARACNE
  5. Planner
  6. Interpreter
  7. Summarizer
  8. Core agent
  9. Operational Workflow
  10. Guardrails and Jailbreaks
  11. Evaluation
  12. ShelLM
  13. Over the Wire Bandit
  14. Results
  15. ARACNE vs ShelLM
  16. ...and 5 more sections

Figures (2)

  • Figure 1: ARACNE architecture and connection diagram without summarizer module. The execution begins when the user provides a goal. The core agent then passes it to the planner module. Afterward, the planner module generates an attack plan, which is then passed to the interpreter module. The result of the interpreter module is a Linux terminal command, which the core agent module executes in the SSH. Then, the core agent module retrieves the command output and stores it along with the previous plan, the command itself, and the goal into a context file. This file’s content is then passed to the planner module to devise the next steps.
  • Figure 2: ARACNE architecture and connection diagram with summarizer module. The execution begins when the user provides a goal. The core agent then passes it to the planner module. Afterward, the planner module generates an attack plan, which is then passed to the interpreter module. The result of the interpreter module is a Linux terminal command, which the core agent module executes in the SSH. Then, the core agent module retrieves the command output and stores it along with the previous plan, the command itself, and the goal into a context file. This file’s content is then passed to the summarizer module, which stores a summarized version of the given context in the context file. The new summarized context is then passed on to the planner to devise the next steps.