Share
## https://sploitus.com/exploit?id=018ADFD8-9A58-587E-9F6C-ACCF917050B8
# PwnGPT
Caputre the flag with Large Language Models. Constructed by langgraph, and I learn a lot from langgraph doument, thanks for them.
## New: Tri-LLM Automation Framework (`automation/`)
A modular pipeline for automatic exploit generation with Planner, Executor, ExploitWriter, Verifier, and Decider stages.
### Quick Start
```bash
source .venv/bin/activate
pip install -r requirements.txt
# Single challenge
python3 automation/openhands_agent.py \
--problem pwn/stack/rop-1/problems.txt \
--binary pwn/stack/rop-1/rop1 \
--challenge-type rop --max-iters 5 \
--repo-root /path/to/PwnGPT
# Batch evaluation
python3 automation/evaluate.py \
--manifest automation/benchmarks/manifest_rop.json \
--agent openhands --max-iters 5 --timeout 0
```
### Configuration
Edit `automation/local_config.py` for API keys and model settings.
### Framework Architecture
```
automation/
├── openhands_agent.py # 5-step pipeline (Planner→Executor→ExploitWriter→Verify→Decider)
├── orchestrator_dual_llm.py # Original tri-LLM orchestrator
├── evaluate.py # Batch evaluation runner
├── llm_client.py # LLM client (OpenAI-compatible API)
├── local_config.py # Configuration
├── schemas.py # Data structures
├── tools/tool_runner.py # Deterministic measurement tools
├── collector/evidence_collector.py # Binary evidence collection
├── planner/planner_agent.py # Strategy planning prompts
├── executor/executor_agent.py # Measurement dispatch
├── decider/decider_agent.py # Failure diagnosis (tri-LLM)
├── verify/verifier.py # Exploit verification
└── audit/ # Static code audit
```
# Workflow

Decompile binary file by the Hex-Rays decompiler (version 8.3.0.230608) in this project.
# Run
Test LLMs by benchmark.py, run PwnGPT in llm4ctf.py.
# Directory
## preprocessing/
load file, analysis, embedding and save.
## processing/
llm application with langgraph.
## pwn/ (benchmark)
pwn challenges that are collected online.
rop1 and rop4 ret2text, rop2 and rop3 ret2libc,
rop5 ret2text(64bit), rop6 ret2text(64bit, gadget), rop7 ret2text(64bit, gadget, rop chain), rop8-9 ret2shellcode, rop10 canary(ret2libc fmt).
fmt1 write, fmt2 read, fmt3 hijack retaddr, fmt4-5 hijack GOT.
int1 Integer Overflow and ret2text, int1 Integer Overflow and ret2shellcode.
heap1 UAF, heap2 heap overflow. (heap challenges with libc are too difficult to llm)
### problems.txt:
(1) file info (2) decompile (3) readelf -r (get plt: objdump -d ./pwn/stack/rop-2/rop2 | grep @plt) (4) strings -d (5) ROPgadget --binary rop --only "pop|ret" > g.txt (6) checksec --format=json --file=
## cve/
Collect cve vulnerable Docker environments and exploit code from github. For more information, see [here](./cve/README.md).
### CVE-2011-2523 : vsftpd Backdoor Command Execution (cve-1)
### CVE-2018-10933 : libssh Authentication Bypass Vulnerability (cve-2)
### CVE-2020-14386 (todo)
# attention
some LLMs do not support ["json_schema"](https://platform.openai.com/docs/guides/structured-outputs), such as o1-preview. When we use qwen, we use OpenAI's tool-calling (formerly called function calling) for `with_structured_output` function.
# Citation
```bibtex
@inproceedings{peng-etal-2025-pwngpt,
title = "{P}wn{GPT}: Automatic Exploit Generation Based on Large Language Models",
author = "Peng, Wanzong and
Ye, Lin and
Du, Xuetao and
Zhang, Hongli and
Zhan, Dongyang and
Zhang, Yunting and
Guo, Yicheng and
Zhang, Chen",
editor = "Che, Wanxiang and
Nabende, Joyce and
Shutova, Ekaterina and
Pilehvar, Mohammad Taher",
booktitle = "Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)",
month = jul,
year = "2025",
address = "Vienna, Austria",
publisher = "Association for Computational Linguistics",
url = "https://aclanthology.org/2025.acl-long.562/",
doi = "10.18653/v1/2025.acl-long.562",
pages = "11481--11494",
ISBN = "979-8-89176-251-0",
}
```