Argus: Graph-Driven Autonomous Penetration Testing

Created by team R4BB1T on July 09, 2026
Unicorn Track

Pentest Agent is an autonomous, MITRE ATT&CK-integrated penetration testing agent that treats an engagement as a live, weighted attack graph rather than a flat report or checklist. It discovers attack surface with standard tools, then enriches every finding in real time by cross-referencing NVD for CVE/CVSS data, FIRST.org for EPSS exploitation-probability scores, and the CISA KEV catalog for active-exploitation status — mapping each vulnerability to its MITRE ATT&CK technique via CWE/CAPEC lookups. Every host, service, vulnerability, credential, and privilege becomes a typed node in a networkx directed graph, with edges weighted by exploit cost and detection risk. A priority-queue ranks exploitable vulnerabilities by CVSS × EPSS × KEV, and Dijkstra/A* pathfinding plans the optimal route toward an objective like Domain Admin — naturally handling the convergence, cycles, and multi-parent relationships that make real attack surfaces graphs rather than trees. At the core is a ReAct agent loop: an LLM observes the current graph state, decides the next action (recon, enrich, exploit, or lateral movement), invokes the appropriate tool through an MCP-style interface, and the result is folded back into the graph. The system is LLM-agnostic — Claude, GPT, or a local Ollama model can all be plugged in via a simple callable interface — and ships with a deterministic mock LLM for demos that don't require API keys. An interactive Cytoscape.js visualizer renders the live attack graph, highlighting KEV-listed vulnerabilities and animating the optimal exploit chain. Built for bug bounty work, and authorized red-team engagements, the project's current phase (v0.1) covers the graph model, enrichment pipeline, tool wrappers, and agent loop; the roadmap extends into real exploitation (Metasploit RPC, C2 framework integration), live threat intel feeds, BloodHound/Active-Directory attack-path import, and a Neo4j-backed production deployment with multi-agent coordination.

Category tags: