ALAPA-Agent: A Local AI-Driven Automated Penetration Testing Framework

ALAPA-Agent is a fully autonomous local AI-driven penetration testing framework that integrates high-speed web crawling, local large language model reasoning, automated vulnerability scanning, and interactive vulnerability validation into a single continuous pipeline.

In today's cybersecurity field, automated penetration testing tools are emerging one after another, but most solutions either rely on static heuristic rules or require sending sensitive data to cloud AI APIs for processing. The emergence of ALAPA-Agent (Autonomous Local AI Pentest Agent) breaks this situation—it is a fully autonomous, local AI-driven offensive security framework where all reasoning processes are completed on local hardware, ensuring data privacy while providing intelligent vulnerability detection capabilities.

The core value of this project lies in combining the logical reasoning capabilities of large language models with a mature security toolchain to build a complete automated pipeline from reconnaissance to exploitation. Unlike solutions that rely on cloud APIs, ALAPA-Agent performs tactical analysis using a locally deployed Qwen 3.5 9B model, which not only protects the sensitive information of the target system but also avoids network latency and API call costs.

ALAPA-Agent adopts a four-stage execution architecture, where each stage has clear responsibility boundaries and data flow mechanisms:

The reconnaissance stage uses ProjectDiscovery's Katana tool to perform high-speed crawling of the target domain. Katana is a modern web crawler that can efficiently discover all accessible endpoints of the target site. In this stage, the system pays special attention to file types of interest (such as .jsp, .php dynamic pages) and endpoints with parameters, as these are often high-risk areas for vulnerabilities.

Reconnaissance data is structured and processed to extract key metadata such as URL paths, parameter names, and form fields, preparing for the subsequent AI analysis stage.

This is the most innovative part of ALAPA-Agent. The system streams structured reconnaissance data to the Ollama daemon via a local Socket, which is analyzed by the locally deployed Qwen 3.5 9B model.

To ensure the determinism and parsability of the output, the system uses zero-temperature parameters and strict system prompts to forcefully suppress the model's chain-of-thought generation and directly output structured JSON-formatted vulnerability tags. These tags include common web vulnerability types such as SQL injection (sqli), cross-site scripting (xss), local file inclusion (lfi), etc.

The key advantage of this design is: the model does not generate attack payloads, but performs logical reasoning—judging which endpoints may have which types of vulnerabilities based on reconnaissance data. This architecture that separates the "brain" from the "fists" not only leverages the reasoning advantages of LLM but also avoids the risk of directly generating potentially harmful content.

The execution stage maps the vulnerability tags generated by AI to ProjectDiscovery's Nuclei scanning engine. Nuclei is a template-based fast vulnerability scanner with a large community template library.

ALAPA-Agent automatically selects the corresponding Nuclei templates based on the tags to perform targeted detection on the discovered endpoints. The system is configured with strict rate limits (-c 10 -rl 30), which maintains scanning efficiency while avoiding excessive load on the target system and preventing accidental denial of service.

When Nuclei detects potential vulnerabilities, the system parses the JSONL-formatted output results and generates an interactive terminal interface. The operator can view the validated vulnerability list, select specific vulnerability items, and directly inject benign Proof of Concept (PoC) payloads into the target via the requests library.

The design of this stage embodies the "human-in-the-loop" security concept—automation is responsible for discovery and preliminary validation, but the final validation operation requires manual confirmation to avoid unexpected consequences caused by false positives.

Locally deployed large models often face video memory limitations. ALAPA-Agent implements an intelligent data slicing mechanism in the reconnaissance stage, splitting large-scale reconnaissance data into segments suitable for model processing, effectively preventing VRAM deadlocks and memory overflow errors. This optimization allows smooth operation even on Mac devices with 16GB of unified memory.