AI-Driven Penetration Testing: Automating Exploits with LLMs and Metasploit-A VSFTPD Case Study

AI-Driven Penetration Testing: Automating Exploits with LLMs and Metasploit-A VSFTPD Case Study

연구 분야: Strategies

학회: 2025 International Conference on New Trends in Computing Sciences (ICTCS)

Penetration testing, a critical cybersecurity practice, is often bottlenecked by manual exploit selection and payload crafting. We propose a novel framework integrating Large Language Models (LLMs) with Metasploit to automate vulnerability analysis, exploit selection, and payload customization. Our system dynamically adapts to target defenses, demonstrated through a case study on VSFTPD 2.3.4 (CVE-2011-2523), where it autonomously generates and executes a reverse shell payload. Evaluated in controlled environments, our approach significantly enhances efficiency, accuracy, and adaptability, outperforming traditional manual methods. This work highlights the transformative potential of AI-driven automation in cybersecurity while raising important ethical and operational questions for future red-teaming and defensive strategies.