Simple-Exploit Pentest Agent

AI-powered penetration testing framework with intelligent analysis powered by GitHub Models API (GPT-4o/GPT-5).

⚠️ Legal Disclaimer

THIS TOOL IS FOR AUTHORIZED SECURITY TESTING ONLY

By using this tool, you acknowledge that:

• You have EXPLICIT WRITTEN PERMISSION to test target systems
• Unauthorized access to computer systems is ILLEGAL (CFAA, Computer Misuse Act, etc.)
• You assume ALL LEGAL RESPONSIBILITY for your actions
• The authors are NOT LIABLE for misuse of this tool

Violation of computer fraud laws may result in criminal prosecution, civil liability, and imprisonment.

Features

• 🎯 Interactive REPL Mode: Terminal interface with persistent context, command history, and AI chat
• 🤖 AI-Driven Analysis: Powered by GitHub Models API (GPT-4o/GPT-5) for intelligent vulnerability analysis
• 💡 Context-Aware AI: Analyzes actual scan/attack results instead of generic templates
• 🔄 Smart Retry Logic: Automatic exponential backoff for rate limiting (2s, 4s, 8s)
• 🎨 Configurable Models: Switch between AI models on the fly (gpt-4o, openai/gpt-5, etc.)
• 🔍 Pattern Recognition: Automatically categorizes endpoints (auth, API, admin, file operations)
• 🛡️ WAF Bypass Engine: Active fingerprinting and adaptive bypass strategies
• ✅ Interactive Approval: Human-in-the-loop confirmation for attack execution
• 📊 Structured Analysis: Evidence-based recommendations using full scan/attack data
• ⚡ Adaptive Rate Limiting: Token bucket algorithm with circuit breaker pattern
• 🔒 Security Safeguards: Scope validation and audit logging

Supported Targets

• Web Applications: SQL injection, XSS, CSRF, XXE, SSRF, LFI/RFI, template injection
• REST APIs: GraphQL introspection, JWT manipulation, OAuth flow testing, mass assignment
• Active Directory: Kerberos attacks, NTLM relay, golden/silver tickets, DCSync
• ADFS: Token manipulation, endpoint enumeration, federation vulnerabilities
• Authentication: Brute force, password spray, session hijacking, MFA bypass
• Authorization: IDOR, privilege escalation, horizontal/vertical bypass

Installation

From Source

# Clone repository
git clone https://github.com/htunn/simple-exploit.git
cd simple-exploit

# Build
go build -o exploit cmd/exploit/main.go

# Install globally (optional)
sudo mv exploit /usr/local/bin/

Using Go Install

go install github.com/htunn/simple-exploit/cmd/exploit@latest

From Releases

Download pre-compiled binaries from GitHub Releases.

Quick Start

Prerequisites

1. GitHub Token: Get a GitHub personal access token from https://github.com/settings/tokens
2. GitHub Models Access: Ensure you have access to GitHub Models (requires GitHub Copilot subscription or free tier)

Interactive REPL Mode (Recommended)

The tool runs in REPL-only mode with integrated AI assistance:

# Set your GitHub token
export GITHUB_TOKEN="github_pat_xxxxxxxxxxxxx"
# or
export COPILOT_GITHUB_TOKEN="github_pat_xxxxxxxxxxxxx"

# Run the tool (automatically starts REPL)
./exploit

# Inside REPL:
🔥 exploit> target https://example.com
✅ Target set to: https://example.com

🔥 exploit> model gpt-4o
✅ Model set to: gpt-4o

🔥 exploit> scan
🔧 Initializing orchestrator...
🎯 Starting scan on: https://example.com
...
🤖 Analyzing results with AI...
📋 AI Security Analysis:
[Detailed analysis based on actual scan results]

🔥 exploit> ask how to bypass cloudflare waf?
💬 AI Response:
[Specific WAF bypass techniques]

🔥 exploit> attack sqli
⚔️  Execute sqli attack on https://example.com? [y/N]: y
...

🔥 exploit> show scan
[Display last scan results]

🔥 exploit> help
[Show all available commands]

🔥 exploit> exit

Available Commands

Target Management:

• target <url> - Set the target URL
• show target - Display current target

AI Model Configuration:

• model <name> - Set AI model (gpt-4o, openai/gpt-5, etc.)
• show model - Display current model

Scanning & Attacks:

• scan [url] - Scan target for vulnerabilities
• attack [type] - Execute attack with confirmation
• analyze scan|attack - Get AI analysis of results
• show scan|attack - Display raw results

AI Assistance:

• ask <question> - Ask AI security questions
• bypass <waf-type> - Get WAF bypass techniques
• ? <question> - Quick ask (alias)

Utilities:

• history - Show command history
• clear - Clear screen
• help - Show help
• exit|quit - Exit REPL

Configuration

Configuration files are located in ~/.exploit/configs/:

• trusted-authors.yaml - Plugin author allowlist
• pre-approval.yaml - Target → exploit category mappings
• limits.yaml - Rate limits and concurrency settings
• scope.yaml - Authorized target ranges

Plugin Development

Create custom exploit modules using the plugin interface:

package main

import (
    "context"
    "github.com/htunn/simple-exploit/pkg/pluginkit"
    "github.com/hashicorp/go-plugin"
)

type MyExploit struct{}

func (e *MyExploit) Name() string {
    return "my-exploit"
}

func (e *MyExploit) Metadata() pluginkit.ExploitMetadata {
    return pluginkit.ExploitMetadata{
        Name:      "My Exploit",
        Category:  pluginkit.CategoryWeb,
        RiskLevel: pluginkit.RiskLevelMedium,
    }
}

func (e *MyExploit) Validate(target pluginkit.Target) error {
    return nil
}

func (e *MyExploit) Execute(ctx context.Context, target pluginkit.Target) (pluginkit.Result, error) {
    // Exploit implementation
    return pluginkit.Result{Success: true}, nil
}

func main() {
    plugin.Serve(&plugin.ServeConfig{
        HandshakeConfig: pluginkit.HandshakeConfig,
        Plugins: map[string]plugin.Plugin{
            "exploit": &pluginkit.ExploitPlugin{Impl: &MyExploit{}},
        },
    })
}

Architecture

cmd/exploit/          # REPL entry point
internal/
  ├── agent/          # Vulnerability scanner orchestration
  ├── approval/       # Interactive approval workflow
  ├── bypass/         # WAF detection & bypass strategies
  ├── cmd/            # REPL command handlers
  ├── copilot/        # GitHub Models API integration
  ├── ratelimit/      # Rate limiting & concurrency control
  └── reporter/       # Structured reporting
pkg/
  └── pluginkit/      # Plugin interface
configs/              # Configuration files

AI Analysis Features

Intelligent Scan Analysis

The AI receives complete scan data and provides:

1. Attack Surface Analysis: Identifies specific vulnerabilities from actual endpoints
2. Technology-Specific Risks: Known CVEs and attack vectors for detected tech stack
3. Endpoint Pattern Recognition: Auto-categorizes endpoints:
   • 🔐 Authentication (login, oauth, token, session)
   • 🔌 API endpoints (rest, graphql, api/)
   • ⚙️ Admin/Management (admin, console, config)
   • 📁 File operations (upload, download)
4. Recommended Attack Vectors: Prioritized based on actual findings
5. Exploitation Roadmap: Step-by-step recommendations with specific endpoints

Attack Result Analysis

For Failed Attacks:

• Why it failed (WAF, hardening, wrong vector)
• Alternative approaches and modified payloads
• Bypass techniques for detected security controls
• Prerequisite reconnaissance steps needed

For Successful Attacks:

• Impact assessment and compromised resources
• Evidence extraction and proof of exploitation
• Privilege escalation and lateral movement paths
• Remediation guidance and root cause analysis

GitHub Models API

This tool uses the GitHub Models API for AI-powered security analysis.

Supported Models

• gpt-4o (default) - Fast, balanced performance
• openai/gpt-5 - Latest GPT model with enhanced reasoning
• Custom models supported via the model command

Authentication

Get a GitHub Personal Access Token:

1. Go to https://github.com/settings/tokens
2. Generate new token (classic or fine-grained)
3. Ensure GitHub Models access (requires Copilot subscription or free tier)
4. Set environment variable:

export GITHUB_TOKEN="github_pat_xxxxxxxxxxxxx"

API Features

• Direct HTTP Integration: No SDK dependencies, pure REST API
• Automatic Retry: Exponential backoff for rate limiting (2s, 4s, 8s)
• Error Handling: Clear error messages with status codes
• Configurable: Switch models on-the-fly in REPL

Development

Build from Source

go build -o exploit cmd/exploit/main.go

Run Tests

go test ./...

Changelog

v1.0.1 (2026-02-06)

• ✨ Migrated from Copilot SDK to direct GitHub Models API integration
• 🔄 Added automatic retry logic with exponential backoff for rate limits
• 🎨 Added configurable AI model selection (model command)
• 🧠 Improved AI analysis - now uses full scan/attack data instead of templates
• 🔍 Added intelligent endpoint pattern recognition (auth, API, admin, file ops)
• 📊 Enhanced analysis with technology stack identification
• 🎯 Increased AI token limits (4000 → 8000) for detailed analysis
• 🛠️ Fixed API parameter naming (max_tokens → max_completion_tokens)
• ⚡ REPL-only mode - simplified architecture, removed unused CLI commands
• 🔧 Updated default endpoint to https://models.github.ai/inference
• 📝 Improved help documentation and command examples

v1.0.0

• Initial release with Copilot SDK integration

Contributing

Contributions welcome! Please:

1. Fork the repository
2. Create a feature branch
3. Write tests for new functionality
4. Submit a pull request

License

MIT License - see LICENSE file.

Disclaimer

This tool is provided for educational and authorized security testing purposes only. The authors assume no liability for misuse or damage caused by this program. Always obtain explicit written permission before testing any systems you do not own.

Support

• 📚 Documentation
• 🐛 Issue Tracker
• 💬 Discussions

---

Built with ❤️ using GitHub Models API