## https://sploitus.com/exploit?id=437DC562-FE2B-5D55-902F-06F38E83D8EC
# autohack
Autonomous security research framework. Inspired by [Karpathy's autoresearch](https://github.com/karpathy/autoresearch).
Give an AI agent a target, a PoC, and a goal. Let it iterate overnight. Wake up to results.
## How It Works
Same loop as autoresearch, adapted for offensive security:
1. Agent modifies `exploit.py` (the only mutable file)
2. `harness.py` runs the exploit against an isolated target
3. Results are measured against defined success criteria
4. If improved: keep. If not: revert. Repeat.
```
βββββββββββββββ ββββββββββββββββ βββββββββββββββ
β program.md ββββββΆβ AI Agent ββββββΆβ exploit.py β
β (research β β (Claude, β β (modified) β
β directives)β β Codex) β β β
βββββββββββββββ ββββββββ¬ββββββββ ββββββββ¬βββββββ
β β
β ββββββββΌβββββββ
ββββββββΌββββββββ β harness.py β
β Experiment ββββββββ (run + β
β Log β β measure) β
ββββββββββββββββ ββββββββ¬βββββββ
β
ββββββββΌβββββββ
β Docker β
β Target β
βββββββββββββββ
```
## Structure
```
autohack/
βββ harness.py # Run loop: execute, measure, log (DO NOT MODIFY)
βββ targets/ # Target-specific labs
β βββ telnetd/ # CVE-2026-32746 (first target)
β βββ prepare.py # Lab setup (Docker build + start)
β βββ exploit.py # Agent modifies this
β βββ program.md # Research directives for agent
β βββ Dockerfile
β βββ results/ # Experiment logs
βββ README.md
βββ LICENSE
```
## Quick Start
```bash
# 1. Set up a target lab
python3 targets/telnetd/prepare.py
# 2. Point your agent at the target
# In Claude Code / Codex, open this repo and say:
# "Read targets/telnetd/program.md and start experimenting"
# 3. Or run the harness directly for manual iteration
python3 harness.py --target telnetd --iterations 20
```
## Targets
| Target | CVE | Starting Point | Goal |
|--------|-----|----------------|------|
| telnetd | CVE-2026-32746 | Crash PoC (buffer overflow) | Arbitrary write β RCE |
## Adding Targets
Create a directory in `targets/` with:
- `prepare.py` - builds and starts the isolated lab
- `exploit.py` - starting PoC (agent modifies this)
- `program.md` - research instructions for the agent
## Safety
- All targets run in Docker containers (fully isolated)
- No network access from targets to host
- Harness enforces time budgets per experiment
- Experiment log captures everything for review
## Credits
- Pattern: [Andrej Karpathy](https://github.com/karpathy/autoresearch)
- CVE-2026-32746: DREAM Security Research Team
## License
MIT