Simple-Exploit Pentest Agent

AI-powered penetration testing framework with dual AI-engine support: GitHub Models (GPT-4o / GPT-5, cloud) and Ollama (Gemma4, Llama 3, local/offline).

⚠️ Legal Disclaimer

THIS TOOL IS FOR AUTHORIZED SECURITY TESTING ONLY

By using this tool, you acknowledge that:

• You have EXPLICIT WRITTEN PERMISSION to test target systems
• Unauthorized access to computer systems is ILLEGAL (CFAA, Computer Misuse Act, etc.)
• You assume ALL LEGAL RESPONSIBILITY for your actions
• The authors are NOT LIABLE for misuse of this tool

Violation of computer fraud laws may result in criminal prosecution, civil liability, and imprisonment.

Features

• 🎯 Interactive REPL Mode: Terminal interface with persistent context, command history, and AI chat
• 🤖 Dual AI Engine: Choose between GitHub Models (cloud) or Ollama (local) — switchable at runtime
• 🦙 Gemma4 / Ollama Support: Run fully offline with gemma4:e4b, llama3.1, deepseek-r1, or any Ollama model
• 💡 Context-Aware AI: Analyzes actual scan/attack results instead of generic templates
• 🔄 Smart Retry Logic: Automatic exponential backoff for rate limiting (2s, 4s, 8s)
• 🎨 Runtime Model Switching: Change AI engine and model mid-session with model ollama / model github
• 🔍 Pattern Recognition: Automatically categorizes endpoints (auth, API, admin, file operations)
• 🛡️ WAF Bypass Engine: Active fingerprinting and adaptive bypass strategies
• ✅ Interactive Approval: Human-in-the-loop confirmation for attack execution
• 📊 Structured Analysis: Evidence-based recommendations using actual scan/attack data
• ⚡ Adaptive Rate Limiting: Token bucket algorithm with circuit breaker pattern
• 🔒 Security Safeguards: Scope validation and audit logging

Supported Targets

• Web Applications: SQL injection, XSS, CSRF, XXE, SSRF, LFI/RFI, template injection
• REST APIs: GraphQL introspection, JWT manipulation, OAuth flow testing, mass assignment
• Active Directory: Kerberos attacks, NTLM relay, golden/silver tickets, DCSync
• ADFS: Token manipulation, endpoint enumeration, federation vulnerabilities
• Authentication: Brute force, password spray, session hijacking, MFA bypass
• Authorization: IDOR, privilege escalation, horizontal/vertical bypass
• OAuth2 / OIDC: PKCE downgrade, token leakage, state parameter bypass, implicit flow abuse
• SAML: Signature wrapping, XML injection, assertion replay, broker bypass
• Kubernetes: API server exposure, RBAC misconfiguration, container escape, SSRF, etcd leakage
• LLM / AI APIs: Full OWASP LLM Top 10 (2025) — prompt injection, sensitive data disclosure, supply-chain attacks, model poisoning, excessive agency, system-prompt leakage, vector/embedding weaknesses, misinformation, and unbounded consumption

Installation

From Source

# Clone repository
git clone https://github.com/htunn/simple-exploit.git
cd simple-exploit

# Build
go build -o exploit cmd/exploit/main.go

# Install globally (optional)
sudo mv exploit /usr/local/bin/

Using Go Install

go install github.com/htunn/simple-exploit/cmd/exploit@latest

From Releases

Download pre-compiled binaries from GitHub Releases.

Quick Start

Prerequisites

Option A — GitHub Models (cloud, default):

1. GitHub personal access token from https://github.com/settings/tokens
2. GitHub Models access (included with Copilot subscription or free tier)

Option B — Ollama (local, no token needed):

1. Install Ollama: https://ollama.com/download
2. Pull a model: ollama pull gemma4:e4b (or llama3.1, deepseek-r1, etc.)
3. Start the server: ollama serve

Interactive REPL Mode (Recommended)

The tool runs in REPL-only mode with integrated AI assistance.

Using GitHub Models (cloud)

export GITHUB_TOKEN="github_pat_xxxxxxxxxxxxx"
# or
export COPILOT_GITHUB_TOKEN="github_pat_xxxxxxxxxxxxx"

./exploit

Using Ollama / Gemma4 (local, no token needed)

# Start Ollama with Gemma4
ollama serve
# (in another tab, or background)

export SIMPLE_EXPLOIT_ENGINE=ollama   # use Ollama from startup
./exploit

# Optionally override the default URL and model:
export OLLAMA_BASE_URL=http://localhost:11434
export OLLAMA_MODEL=gemma4:e4b

Inside REPL

🔥 exploit> target https://example.com
✅ Target set to: https://example.com

# ── AI Engine / Model Selection ──────────────────────────────────
🔥 exploit> model ollama              # switch to Ollama (default: gemma4:e4b)
🔥 exploit> model ollama gemma4:e4b   # switch to Ollama with explicit tag
🔥 exploit> model ollama llama3.1:8b  # any model available in your Ollama
🔥 exploit> model github              # switch back to GitHub Models (gpt-4o)
🔥 exploit> model github gpt-4o       # explicit model
🔥 exploit> show model               # display current engine + model

# ── Scanning ─────────────────────────────────────────────────────
🔥 exploit> scan
🔧 Initializing orchestrator...
🎯 Starting scan on: https://example.com
...
🤖 Analyzing results with AI (gemma4:e4b)...
📋 AI Security Analysis:
[Detailed analysis powered by your chosen AI engine]

# ── AI Questions ─────────────────────────────────────────────────
🔥 exploit> ask how to bypass cloudflare waf?
🔥 exploit> bypass ModSecurity
🔥 exploit> ? test for IDOR

# ── Attacking ────────────────────────────────────────────────────
🔥 exploit> attack sqli
⚔️  Execute sqli attack on https://example.com? [y/N]: y
...

🔥 exploit> exit

Available Commands

Target Management:

• target <url> - Set the target URL
• show target - Display current target

AI Engine / Model Selection:

• model ollama - Switch to Ollama (default: gemma4:e4b)
• model ollama <tag> - Switch to Ollama with a specific model tag
• model github - Switch to GitHub Models (default: gpt-4o)
• model github <name> - Switch to GitHub Models with a specific model
• model <tag> - Change the model tag on the current engine
• show model - Display current engine and model

Scanning & Attacks:

• scan [url] - Scan target for vulnerabilities
• scan llm-attack <url> - OWASP LLM Top 10 scan of an LLM API or AI app
• scan kubernetes <ip> - Kubernetes cluster reconnaissance
• attack [type] - Execute attack with confirmation
• analyze scan|attack - Get AI analysis of results
• show scan|attack - Display raw results

AI Assistance:

• ask <question> - Ask AI security questions
• bypass <waf-type> - Get WAF bypass techniques
• ? <question> - Quick ask (alias)

Utilities:

• history - Show command history
• clear - Clear screen
• help - Show help
• exit|quit - Exit REPL

Configuration

Configuration files are located in ~/.exploit/configs/:

• trusted-authors.yaml - Plugin author allowlist
• pre-approval.yaml - Target → exploit category mappings
• limits.yaml - Rate limits and concurrency settings
• scope.yaml - Authorized target ranges

Plugin Development

Create custom exploit modules using the plugin interface:

package main

import (
    "context"
    "github.com/htunn/simple-exploit/pkg/pluginkit"
    "github.com/hashicorp/go-plugin"
)

type MyExploit struct{}

func (e *MyExploit) Name() string {
    return "my-exploit"
}

func (e *MyExploit) Metadata() pluginkit.ExploitMetadata {
    return pluginkit.ExploitMetadata{
        Name:      "My Exploit",
        Category:  pluginkit.CategoryWeb,
        RiskLevel: pluginkit.RiskLevelMedium,
    }
}

func (e *MyExploit) Validate(target pluginkit.Target) error {
    return nil
}

func (e *MyExploit) Execute(ctx context.Context, target pluginkit.Target) (pluginkit.Result, error) {
    // Exploit implementation
    return pluginkit.Result{Success: true}, nil
}

func main() {
    plugin.Serve(&plugin.ServeConfig{
        HandshakeConfig: pluginkit.HandshakeConfig,
        Plugins: map[string]plugin.Plugin{
            "exploit": &pluginkit.ExploitPlugin{Impl: &MyExploit{}},
        },
    })
}

Architecture

cmd/exploit/          # REPL entry point
internal/
  ├── agent/          # Vulnerability scanner orchestration
  ├── approval/       # Interactive approval workflow
  ├── bypass/         # WAF detection & bypass strategies
  ├── cmd/            # REPL command handlers
  ├── copilot/        # GitHub Models API client + LLMBackend interface
  ├── ollama/         # Ollama / Gemma4 local AI client
  ├── ratelimit/      # Rate limiting & concurrency control
  └── reporter/       # Structured reporting
pkg/
  └── pluginkit/      # Plugin interface
plugins/
  ├── auth-attack/    # OAuth2/OIDC/SAML/JWT attack suite
  ├── kubernetes/     # Kubernetes cluster attack suite
  └── llm-attack/     # OWASP LLM Top 10 (2025) attack suite
configs/              # Configuration files

Bundled Plugins

auth-attack — OAuth2 / OIDC / SAML / JWT Attack Suite (v1.0.0)

Tests identity providers for authentication and token security vulnerabilities.

Supported IdP targets: Keycloak · Auth0 · Okta · Azure AD / ADFS · PingFederate

CVE coverage:

CVE	Description
CVE-2015-9235	JWT alg:none / weak secret brute-force
CVE-2016-5431	OAuth2 implicit flow token leakage
CVE-2022-29361	PKCE code verifier downgrade
CVE-2020-7692	PKCE code_challenge_method=plain acceptance
CVE-2019-3778	Open redirect in OAuth2 redirect_uri
CVE-2023-6927	Keycloak open redirect
CVE-2021-27582	Keycloak consent bypass
CVE-2023-4784	Keycloak OIDC token injection
CVE-2023-0264	Keycloak error body injection
CVE-2021-36949	Azure AD MFA bypass
CVE-2017-11427 / CVE-2017-11428	SAML XML signature wrapping
CVE-2021-28550	SAML assertion replay
CVE-2017-6370	SAML comment injection
CVE-2018-0489	Shibboleth SAML XML injection

Attack categories and REPL usage:

# Scanner — passive enumeration of OAuth/OIDC endpoints and IdP fingerprinting
scan auth-attack https://login.example.com

# Attack — active exploitation of discovered vulnerabilities
attack auth-attack https://login.example.com

Build, test, and sign:

make build-plugin-auth-attack
make test-plugin-auth-attack
make sign-plugin-auth-attack

---

kubernetes — Kubernetes Cluster Attack Suite (v1.0.0)

Scans Kubernetes control-node IPs for misconfigurations and known CVEs.

Attack modules:

• Anonymous API server enumeration
• Kubelet unauthenticated read-only API (port 10255)
• etcd key enumeration
• CVE-2018-1002105 (privilege escalation)
• Nginx ingress CVE-2023-5043 (annotation injection)
• Service account token theft via path traversal
• SSRF to cloud metadata services (AWS/GCP/Azure IMDS)
• Container escape (privileged pods, hostPath mounts, hostNetwork)
• Gateway API endpoint discovery

Remediation engine:

• Automatic detection of dangerous pod configurations
• Over-privileged ClusterRoleBindings
• Nginx snippet annotation injection risks

# Inside REPL
scan kubernetes <control-node-ip>
attack kubernetes <control-node-ip>

make build-plugin
make test-plugin
make sign-plugin

---

llm-attack — OWASP LLM Top 10 (2025) Attack Suite (v1.0.0)

Scans and actively tests LLM APIs and AI-integrated applications for all ten OWASP LLM security risks.

Supported targets: OpenAI · Anthropic · Ollama · Hugging Face · Vertex AI · ChatGPT · RAG pipelines · Vector DBs (Weaviate, Qdrant, Chroma, Pinecone) · Gemma4

OWASP LLM Top 10 (2025) coverage:

ID	Risk	Attack modules
LLM01	Prompt Injection	Direct injection, indirect injection via retrieved docs, system-prompt override, Gemma4 thinking-chain token injection
LLM02	Sensitive Information Disclosure	Training-data extraction, credential leak probes, PII enumeration
LLM03	Supply Chain	Model-card tampering detection, poisoned-model repository probes
LLM04	Data and Model Poisoning	Fine-tune endpoint abuse, poisoned training-data submission
LLM05	Improper Output Handling	XSS via LLM output, code-injection output probes
LLM06	Excessive Agency	Tool-call abuse, over-permissioned plugin detection, autonomous action probes
LLM07	System Prompt Leakage	Direct-ask extraction, inference via output-format manipulation
LLM08	Vector and Embedding Weaknesses	Embedding manipulation, vector DB unauthenticated access, vector poisoning, embedding inversion
LLM09	Misinformation	Hallucination confidence probing, fact-check bypass
LLM10	Unbounded Consumption	Token flooding, repetitive query DoS, sponge attacks

Gemma4-specific probes:

• Thinking-chain token extraction (<|channel>thought / </think> leakage via JSON response)
• Fake thinking-chain injection to influence reasoning

REPL usage:

# Scan — fingerprint LLM provider, enumerate models, discover vector DBs, check TLS
scan llm-attack http://localhost:11434        # local Ollama / Gemma4
scan llm-attack https://api.openai.com        # OpenAI-compatible API
scan llm-attack https://your-ai-app.com       # web app with embedded LLM

# With API key
scan llm-attack https://api.openai.com --token sk-...

# Attack — run full OWASP LLM Top 10 active test suite
attack llm-attack http://localhost:11434
attack llm-attack https://api.openai.com --token sk-...

Build, test, and sign:

make build-plugin-llm-attack
make test-plugin-llm-attack
make sign-plugin-llm-attack

AI Analysis Features

Intelligent Scan Analysis

The AI receives complete scan data and provides:

1. Attack Surface Analysis: Identifies specific vulnerabilities from actual endpoints
2. Technology-Specific Risks: Known CVEs and attack vectors for detected tech stack
3. Endpoint Pattern Recognition: Auto-categorizes endpoints:
   • 🔐 Authentication (login, oauth, token, session)
   • 🔌 API endpoints (rest, graphql, api/)
   • ⚙️ Admin/Management (admin, console, config)
   • 📁 File operations (upload, download)
4. Recommended Attack Vectors: Prioritized based on actual findings
5. Exploitation Roadmap: Step-by-step recommendations with specific endpoints

Attack Result Analysis

For Failed Attacks:

• Why it failed (WAF, hardening, wrong vector)
• Alternative approaches and modified payloads
• Bypass techniques for detected security controls
• Prerequisite reconnaissance steps needed

For Successful Attacks:

• Impact assessment and compromised resources
• Evidence extraction and proof of exploitation
• Privilege escalation and lateral movement paths
• Remediation guidance and root cause analysis

AI Engine Reference

GitHub Models (cloud)

Uses the GitHub Models API — no local GPU required.

Model	Notes
gpt-4o	Default — fast, balanced
openai/gpt-5	Latest reasoning model

Authentication:

export GITHUB_TOKEN="github_pat_xxxxxxxxxxxxx"
# or
export COPILOT_GITHUB_TOKEN="github_pat_xxxxxxxxxxxxx"

Features: direct HTTP (no SDK), automatic exponential-backoff retry, runtime model switching.

Ollama (local / offline)

Runs entirely on your machine — no API key, no data sent to the cloud.

Model	Notes
gemma4:e4b	Default — Google Gemma4 9.6 GB, strong reasoning
llama3.1:8b	Meta Llama 3.1 8B
deepseek-r1:8b	DeepSeek R1 reasoning model
Any Ollama tag	ollama list to see all installed models

Setup:

# Install: https://ollama.com/download
ollama pull gemma4:e4b
ollama serve

# Start simple-exploit with Ollama
export SIMPLE_EXPLOIT_ENGINE=ollama
./exploit

# Optional overrides
export OLLAMA_BASE_URL=http://localhost:11434   # default
export OLLAMA_MODEL=gemma4:e4b                 # default

Switch engines at runtime (no restart needed):

🔥 exploit> model ollama gemma4:e4b   # switch to Ollama
🔥 exploit> model github gpt-4o       # switch to GitHub Models
🔥 exploit> show model                # current engine + model

Development

Build from Source

go build -o exploit cmd/exploit/main.go

Run Tests

go test ./...

Changelog

v1.0.4 (latest)

• 🦙 Ollama / Gemma4 AI engine — run fully offline with gemma4:e4b, llama3.1, deepseek-r1, or any Ollama model as the AI reasoning backend
• 🔀 Runtime engine switching — model ollama [tag] / model github [model] swaps the AI engine mid-session without restart
• 🧠 OWASP LLM Top 10 (2025) plugin (llm-attack) — full active test suite covering LLM01–LLM10 against OpenAI, Anthropic, Ollama, Vertex AI, Hugging Face, and vector DBs (Weaviate, Qdrant, Chroma, Pinecone)
• 🔬 Gemma4-specific probes — thinking-chain token extraction and fake thinking-chain injection attacks
• 📉 Compact AI prompts — scan summaries instead of full JSON blobs; 5-minute timeout for local CPU inference
• 🛡️ Input guard — model /ollama typo no longer corrupts the active GitHub Models client

v1.0.2

• 🔐 New plugin: auth-attack — OAuth2/OIDC/PKCE/SAML/JWT attack suite covering 14 CVEs across Keycloak, Auth0, Okta, Azure AD/ADFS, and PingFederate
• 🧹 gofmt 100% — zero formatting violations across all source files
• 📉 gocyclo 100% — all functions refactored to cyclomatic complexity ≤ 15 (12+ functions fixed)
• 🔧 Added make build-plugin-auth-attack, make test-plugin-auth-attack, make sign-plugin-auth-attack targets
• ✅ 31 new passing tests in plugins/auth-attack

v1.0.1 (2026-02-06)

• ✨ Migrated from Copilot SDK to direct GitHub Models API integration
• 🔄 Added automatic retry logic with exponential backoff for rate limits
• 🎨 Added configurable AI model selection (model command)
• 🧠 Improved AI analysis - now uses full scan/attack data instead of templates
• 🔍 Added intelligent endpoint pattern recognition (auth, API, admin, file ops)
• 📊 Enhanced analysis with technology stack identification
• 🎯 Increased AI token limits (4000 → 8000) for detailed analysis
• 🛠️ Fixed API parameter naming (max_tokens → max_completion_tokens)
• ⚡ REPL-only mode - simplified architecture, removed unused CLI commands
• 🔧 Updated default endpoint to https://models.github.ai/inference
• 📝 Improved help documentation and command examples

v1.0.0

• Initial release with Copilot SDK integration

Contributing

Contributions welcome! Please:

1. Fork the repository
2. Create a feature branch
3. Write tests for new functionality
4. Submit a pull request

License

MIT License - see LICENSE file.

Disclaimer

This tool is provided for educational and authorized security testing purposes only. The authors assume no liability for misuse or damage caused by this program. Always obtain explicit written permission before testing any systems you do not own.

Support

• 📚 Documentation
• 🐛 Issue Tracker
• 💬 Discussions

---

Built with ❤️ using GitHub Models API and Ollama