Share
## https://sploitus.com/exploit?id=437DC562-FE2B-5D55-902F-06F38E83D8EC
# autohack

Autonomous security research framework. Inspired by [Karpathy's autoresearch](https://github.com/karpathy/autoresearch).

Give an AI agent a target, a PoC, and a goal. Let it iterate overnight. Wake up to results.

## How It Works

Same loop as autoresearch, adapted for offensive security:

1. Agent modifies `exploit.py` (the only mutable file)
2. `harness.py` runs the exploit against an isolated target
3. Results are measured against defined success criteria
4. If improved: keep. If not: revert. Repeat.

```
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  program.md │────▢│  AI Agent    │────▢│ exploit.py  β”‚
β”‚ (research   β”‚     β”‚  (Claude,    β”‚     β”‚ (modified)  β”‚
β”‚  directives)β”‚     β”‚   Codex)     β”‚     β”‚             β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”˜
                           β”‚                     β”‚
                           β”‚              β”Œβ”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”
                    β”Œβ”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”      β”‚  harness.py β”‚
                    β”‚  Experiment  │◀─────│  (run +     β”‚
                    β”‚  Log         β”‚      β”‚   measure)  β”‚
                    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜      β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”˜
                                                 β”‚
                                          β”Œβ”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”
                                          β”‚   Docker    β”‚
                                          β”‚   Target    β”‚
                                          β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
```

## Structure

```
autohack/
β”œβ”€β”€ harness.py          # Run loop: execute, measure, log (DO NOT MODIFY)
β”œβ”€β”€ targets/            # Target-specific labs
β”‚   └── telnetd/        # CVE-2026-32746 (first target)
β”‚       β”œβ”€β”€ prepare.py  # Lab setup (Docker build + start)
β”‚       β”œβ”€β”€ exploit.py  # Agent modifies this
β”‚       β”œβ”€β”€ program.md  # Research directives for agent
β”‚       β”œβ”€β”€ Dockerfile
β”‚       └── results/    # Experiment logs
β”œβ”€β”€ README.md
└── LICENSE
```

## Quick Start

```bash
# 1. Set up a target lab
python3 targets/telnetd/prepare.py

# 2. Point your agent at the target
# In Claude Code / Codex, open this repo and say:
#   "Read targets/telnetd/program.md and start experimenting"

# 3. Or run the harness directly for manual iteration
python3 harness.py --target telnetd --iterations 20
```

## Targets

| Target | CVE | Starting Point | Goal |
|--------|-----|----------------|------|
| telnetd | CVE-2026-32746 | Crash PoC (buffer overflow) | Arbitrary write β†’ RCE |

## Adding Targets

Create a directory in `targets/` with:
- `prepare.py` - builds and starts the isolated lab
- `exploit.py` - starting PoC (agent modifies this)
- `program.md` - research instructions for the agent

## Safety

- All targets run in Docker containers (fully isolated)
- No network access from targets to host
- Harness enforces time budgets per experiment
- Experiment log captures everything for review

## Credits

- Pattern: [Andrej Karpathy](https://github.com/karpathy/autoresearch)
- CVE-2026-32746: DREAM Security Research Team

## License

MIT