We present RapidPen, a fully automated penetration testing (pentesting) framework that addresses the challenge of achieving an initial foothold (IP-to-Shell) without human intervention. Unlike prior approaches that focus primarily on post-exploitation or require a human-in-the-loop, RapidPen leverages large language models (LLMs) to autonomously discover and exploit vulnerabilities, starting from a single IP address. By integrating advanced ReAct-style task planning (Re) with retrieval-augmented knowledge bases of successful exploits, along with a command-generation and direct execution feedback loop (Act), RapidPen systematically scans services, identifies viable attack vectors, and executes targeted exploits in a fully automated manner. In our evaluation against a vulnerable target from the Hack The Box platform, RapidPen achieved shell access within 200-400 seconds at a per-run cost of approximately \$0.3-\$0.6, demonstrating a 60\% success rate when reusing prior "success-case" data. These results underscore the potential of truly autonomous pentesting for both security novices and seasoned professionals. Organizations without dedicated security teams can leverage RapidPen to quickly identify critical vulnerabilities, while expert pentesters can offload repetitive tasks and focus on complex challenges. Ultimately, our work aims to make penetration testing more accessible and cost-efficient, thereby enhancing the overall security posture of modern software ecosystems.

翻译：本文提出RapidPen——一种全自动渗透测试框架，旨在解决无需人工干预即可实现初始立足点（IP到Shell）的挑战。与先前主要关注后期利用或需要人工介入的方法不同，RapidPen利用大语言模型（LLMs）从单个IP地址出发，自主发现并利用漏洞。通过将先进的ReAct式任务规划（Re）与基于检索增强的成功利用知识库相结合，并辅以命令生成与直接执行反馈循环（Act），RapidPen能够以全自动方式系统扫描服务、识别可行的攻击向量并执行针对性漏洞利用。我们在Hack The Box平台的漏洞目标上进行的评估显示，RapidPen在200-400秒内获得Shell访问权限，单次运行成本约为0.3-0.6美元，在复用先前“成功案例”数据时达到60%的成功率。这些结果证明了真正自动化渗透测试对于安全新手和经验丰富的专业人员均具有应用潜力。缺乏专职安全团队的组织可利用RapidPen快速识别关键漏洞，而专业渗透测试人员则可借此分流重复性任务，专注于复杂挑战。最终，我们的工作致力于使渗透测试更易实施且成本效益更高，从而提升现代软件生态系统的整体安全态势。