PenTest2.0: Advancing Ethical Hacking with GenAI-Driven Privilege Escalation
摘要
Ethical hacking remains time-consuming, difficult to scale, and prone to human error because it depends on experts manually executing complex command sequences. PenTest++, an AI-augmented system supporting key penetration-testing workflows, was proposed to address this, but it lacks privilege escalation. We present here PenTest2.0, a major evolution enabling multi-turn, automated privilege escalation powered by Large Language Model reasoning. It adds Retrieval-Augmented Generation, Chain-of-Thought prompting, PenTest Task Trees, and optional human hints to improve reasoning, context retention, and adaptability. We describe its design and a proof-of-concept implementation, and show it can perform adaptive privilege escalation. We also highlight limitations related to prompt sensitivity, execution context, and semantic drift. PenTest2.0 offers a practical step toward scalable AI-driven penetration testing, although further research is needed to ensure reliable and safe behaviour in security-critical settings.