VulnBot: When AI Agents Learn to Think Like Penetration Testers

Hook

What happens when you give multiple AI agents security tools, a target system, and the goal of finding vulnerabilities? VulnBot answers this question by replicating penetration testing workflows through autonomous agent collaboration.

Context

Traditional penetration testing is labor-intensive and requires specialized expertise. A single assessment can take days or weeks as security professionals methodically work through reconnaissance, vulnerability discovery, exploitation, and privilege escalation phases. Meanwhile, automated security scanners offer speed but lack the adaptive reasoning needed for complex assessments.

VulnBot bridges this gap by applying multi-agent AI systems to security assessments. Built on research published in arXiv:2501.13411, it uses Large Language Models to coordinate agents that replicate penetration testing workflows. The framework connects LLM reasoning to real penetration testing tools running in Kali Linux environments, with an optional RAG module providing historical context from previous assessments.

Technical Insight

VulnBot’s architecture integrates agent orchestration, an optional RAG-powered knowledge system built on Langchain-Chatchat, and direct integration with Kali Linux tooling. The orchestration happens through a CLI that manages agent interactions and enforces interaction limits to prevent runaway execution.

The initialization process reveals the infrastructure requirements. Before running any security assessments, you configure connections to your Kali Linux VM, MySQL database for persistence, and optionally a Milvus vector database for RAG capabilities:

python cli.py init

This setup command validates connectivity to all backend services. The configuration file (detailed in their Configuration Guide) requires specifying exact connection parameters for Kali (hostname, port, credentials), MySQL (host, port, user, password, database name), and your LLM provider (base_url, model name, API key). The Kali Linux integration is notable—agents execute actual nmap, Metasploit, and other pentesting utilities through SSH connections rather than simulating tools.

The optional RAG module serves as the agents’ institutional memory. When enabled, it stores vulnerability patterns, successful exploit chains, and contextual knowledge in a Milvus vector database. Agents can query this knowledge base during assessments to recall similar scenarios:

python cli.py start -a

This command launches the RAG service independently, allowing you to populate the knowledge base before running assessments. The separation of concerns here is intentional—RAG provides context without being tightly coupled to the agent execution loop.

Running an actual penetration test happens through the vulnbot command with a crucial parameter:

python cli.py vulnbot -m 50

The -m flag sets the maximum number of agent interactions. This serves as both a safety limit and a scope control—it fundamentally shapes how the assessment proceeds. Each interaction represents an agent taking an action: running a scan, analyzing results, selecting an exploit, or performing other tasks. The framework implements a multi-agent system where data flows into MySQL for persistence, allowing post-assessment analysis and audit trails.

The combination of MySQL for structured data and optional Milvus for semantic search suggests VulnBot can maintain both transactional information (what commands were run, what ports are open) and contextual information about findings.

Gotcha

VulnBot requires substantial infrastructure before you begin. You need a Kali Linux VM, a MySQL database server, and optionally a Milvus vector database cluster if you want RAG capabilities. The README provides CLI commands and references a Configuration Guide but focuses primarily on the happy path of getting started.

The documentation doesn’t detail safety mechanisms, target scoping controls, or operational safeguards for running autonomous security agents. The interaction limit provides execution control, but the README doesn’t address how to prevent agents from operating outside intended boundaries or how to implement audit trails for compliance scenarios. This positions VulnBot as research-grade software best suited for isolated lab environments. The framework’s behavior during complex scenarios isn’t extensively documented—understanding agent decision-making or customizing behavior beyond the configuration file may require examining the source code.

Verdict

Use if: You’re a security researcher exploring AI-augmented offensive security, have the infrastructure capability to manage multiple backend services, and operate in isolated lab environments where experimental autonomous agents can safely run. VulnBot offers innovation in applying multi-agent systems to security workflows, and the academic backing (arXiv:2501.13411) provides theoretical grounding. It’s valuable for studying how LLM agents handle security tasks or for research into autonomous penetration testing approaches.

Skip if: You need production-ready security assessment tools with extensive documentation, lack the resources to manage Kali/MySQL infrastructure (plus Milvus for RAG), or require explicitly documented safety controls and operational procedures. The framework expects technical sophistication in managing its dependencies and understanding its behavior. Organizations wanting mature, well-supported security solutions should evaluate established tools. VulnBot is research-oriented software—it’s a framework for exploration and experimentation rather than a turnkey product.

[![Featured on Starlog](https://starlog.is/api/badge/developer-tools/khenryaegis-vulnbot.svg)](https://starlog.is/api/badge-click/developer-tools/khenryaegis-vulnbot)