AUTO_Pen: An Autonomous Penetration Testing Framework with Three-Agent Collaboration

AUTO_Pen is an automated penetration testing framework based on a multi-agent AI architecture, developed by the AbasSec team. Through the collaboration of three specialized LLMs—Strategist (strategic planning), Operative (vulnerability execution), and Auditor (verification and auditing)—it achieves end-to-end automation from reconnaissance and vulnerability exploitation to report generation. The framework integrates over 243 security testing modules, covering the complete penetration testing kill chain, and supports features such as attack chain chaining, attack graph visualization, etc. It is suitable for professional security assessments, bug bounty hunting, and adversarial simulation.

Traditional penetration testing faces challenges such as tool fragmentation (requiring dozens of tools with high learning costs), process dependency on manual work (many steps need expert manual execution), difficulty in knowledge inheritance (skills rely on personal experience and are hard to standardize), and time-consuming report writing. With the improvement of LLM capabilities, AI-driven automated penetration testing has become possible, and AUTO_Pen is an innovative project born in this context.

The core of AUTO_Pen is the Zenith AI three-agent architecture:

• Strategist: Responsible for macro planning (analyzing targets, formulating strategies, dynamically adjusting plans), with the default model being abacusai/dracarys-llama-3.1-70b-instruct;
• Operative: Executes specific attack operations (calling test modules, reconnaissance, vulnerability scanning), with the default model being qwen/qwen3-coder-480b-a35b-instruct;
• Auditor: Verifies result validity, assesses vulnerability severity, and generates reports, with the default model being mistralai/mistral-large-3-675b-instruct-2512. The three agents collaborate continuously through the OODA loop (Observe-Orient-Decide-Act) without manual intervention. In addition, the framework supports multiple AI backends (NVIDIA NIM, DeepSeek, Gemini, etc.), which can be configured via .env and config.yaml, and enables stealth mode by default (randomized request intervals, User-Agent rotation, etc.) to reduce detection probability.

AUTO_Pen integrates over 243 professional testing modules, covering the complete kill chain:

• Reconnaissance phase: Subdomain enumeration, technical fingerprinting, DNS/email configuration audit, etc.;
• Vulnerability exploitation phase: SQL injection, XSS, SSRF, IDOR, and other web vulnerability detection;
• API security: REST/GraphQL endpoint testing, BOLA/BFLA detection, etc.;
• Advanced attacks: Race condition exploitation, business process abuse, cloud/SaaS boundary testing, etc. Core features include: Attack chain executor (chaining multiple vulnerabilities into a complete path), attack graph visualization (exporting SVG/JSON to display risk paths), adaptive learning (agents learn from execution results to adjust strategies), and confidence threshold control (low-confidence operations require manual confirmation).

AUTO_Pen has comprehensive report functions, supporting:

• Bug bounty reports (submission-ready format), automatic CVSS v3.1 scoring, MITRE ATT&CK mapping, compliance standard (PCI-DSS, ISO27001, etc.) mapping;
• SBOM generation, PoC export, timeline export, and natural language briefing. In terms of security and compliance, the framework explicitly states it is only for authorized testing, with built-in OWASP LLM Top10 protections (input/output sanitization), data governance (PII desensitization, evidence retention), confidence gating, and other measures to avoid misuse.

AUTO_Pen helps security practitioners improve testing efficiency and reduce repetitive work; provides teams with standardized processes and knowledge precipitation mechanisms; and offers bug bounty hunters tools for quick vulnerability discovery and report generation. However, AI-driven penetration testing also brings ethical and security issues—there is a need to balance automation and manual supervision to ensure the tool is not misused, which is a direction for continuous thinking in this field.