exploit_bot

Autonomous pentesting on Apple Silicon

Website • Features • Install • Models • Tools

---

AI-powered penetration testing toolkit with local LLM inference. No cloud dependency, runs entirely on Apple Silicon.

exploitbot runs local models on Apple Silicon via MLX, integrates real pentesting tools, and generates professional pentest reports from findings.

Features

Local AI Inference — vMLX-based models run on-device via Apple Silicon, with no API keys required.

Ops System — Named persistent workspaces for each engagement. Switch between targets without losing context. The LLM remembers evidence and findings across tabs.

3 Interaction Modes

• Autopilot — Give a target, watch it work. Full autonomous recon → exploitation → reporting.
• Copilot — AI suggests tools, you approve. Each action explained with risk level.
• Manual — You drive, AI advises. Full tool controls with chat-based guidance.

42 integrated tool schemas — from recon and web to exploit, OSINT, report, and supply-chain workflows. Callback tools (search_cve, lookup_cve, search_context) and run_shell are part of the same tool surface so you can mix operator-invoked and context tools per tab.

Stash — Cross-op artifact sharing. Drop credentials, hosts, payloads from any engagement, pull them into any other.

Findings → Reports — The endgame. Confirmed vulnerabilities auto-capture attack chains, evidence, and impact. Generate professional pentest reports in PDF, Markdown, HTML, or JSON.

CVE Knowledge Base + Import — Local CVE database with semantic search plus list import support (CSV/JSON) and include filters.

Supply-Chain + CVE Ops — Supply-chain discovery and CVE lifecycle workflows now include trufflehog, syft, grype, and osv_scanner action coverage in the same tool/agent state system as other recon modules.

5 Languages — Full interface and report generation in English, 한국어, 中文, Español, 日本語.

Live Tool Telemetry — Tool execution status updates are emitted per button/tab (queued, running, done, error), written to logs, and tracked in chat/panel history with CVE and stash workflow visibility.

Beta Readiness (May 26, 2026)

Done in the current beta lane

• Autonomous agent loop: deployed agents run in autopilot mode, inherit model/settings state, expose live tool status, and can request the full registered tool schema set instead of only the active tab subset.
• Broad tool surface: the in-app model tool catalogue covers recon, web, network, credentials, exploit, post-exploit, OSINT, supply-chain, CVE, context, and shell execution.
• Supply-chain + CVE workflow: first-class supply-chain tab, CVE search/import actions, SBOM/dependency/secrets actions, CLI routing, installer taxonomy, and per-action status state are wired.
• Runtime packaging path: release packaging bundles the vMLX Python engine, selects a valid bundled/runtime interpreter, verifies required modules, signs the app/DMG, and records manifest evidence.
• Qwen + MiniMax cache proofs: live/release harnesses cover Qwen hybrid SSM attention, MiniMax full-KV attention, TurboQuant KV cache, prefix cache, paged/block L2 cache, and repeat-prompt cache hits.
• Visual model path: ZAYA1-VL has a real narrow MLX-VLM loader path and release proof; Qwen text bundles that carry vision metadata stay on the text path.
• Settings and persistence: parser, generation, reasoning, engine cache, KV quantization, model path, session, terminal/tool path, and result-store state have QA proof coverage.
• UI status coverage: chat, sidebar, active agent lists, supply-chain actions, CVE import/search, terminal path state, and visual proof screenshots have checkpoint coverage.

Needs more work before public beta

• Notarization/stapling: packaging is signed, but notarization is still profile-gated (EXPLOITBOT_NOTARY_PROFILE and --notary-profile).
• Qwen multimodal promotion: Qwen-specific VL/multimodal runtime, multimodal prefix cache, and multimodal context-routing proofs are still pending.
• General chat quality: broad reasoning/tool-call quality beyond bounded smoke prompts still needs longer realistic runs, especially JANGTQ first-turn exact prompt-following.
• Full manual UI pass: source/API/proof coverage is broad, but a final hands-on visual pass across every tab, status indicator, hover/detail state, and release build window is still required before calling it polished.
• Security review: supply-chain/pentest features are wired, but the release still needs a deliberate abuse-boundary, logging, and command-safety review before wider distribution.

Screenshots

Web vulnerability scanner with CVSS cards	Metasploit module browser + payload config
GPU-accelerated hash cracking via Metal	Username OSINT across 400+ platforms

Install

Download

Download the DMG from Releases. Packaging defaults to unsigned output unless notarization is enabled.

Requires macOS 14+ and Apple Silicon (M1/M2/M3/M4).

Build from Source

git clone https://github.com/jjang-ai/exploitbot.git
cd exploitbot

# Build and run local verification app
./script/build_and_run.sh --verify

# Package unsigned DMG for beta distribution
./script/package_release.sh --skip-notarize

# Optional notarized DMG (requires local keychain profile)
# EXPLOITBOT_NOTARY_PROFILE=<profile> ./script/package_release.sh --notary-profile "$EXPLOITBOT_NOTARY_PROFILE" --notarize

Prerequisites:

• macOS 14+ on Apple Silicon
• Xcode 16+ (Swift toolchain)
• A vMLX-compatible model running on localhost:8000 (see vMLX)
• Pentesting tools installed via homebrew/pip for tool execution

Models

exploitbot is model-folder driven and currently supports:

• Qwen text (qwen) with JANG/JANGTQ/MXFP4 folders.
• MiniMax text (minimax).
• ZAYA1-VL (zaya1/zaya1-vl).

Use local folders from:

export EXPLOITBOT_MODELS=/Users/eric/models
export EXPLOITBOT_RELEASE_QWEN_MODEL=${EXPLOITBOT_MODELS}/JANGQ/Qwen3.6-27B-JANG_4M-MTP

# Smallest local Qwen smoke target (lower RAM)
${EXPLOITBOT_MODELS}/JANGQ/Qwen3.6-27B-JANG_4M-MTP

# JANGTQ and MXFP4 variants
${EXPLOITBOT_MODELS}/dealign.ai/Qwen3.6-35B-A3B-JANGTQ-CRACK
${EXPLOITBOT_MODELS}/JANGQ/Qwen3.6-35B-A3B-MXFP4-MTP

# Compact visual model
${EXPLOITBOT_MODELS}/JANGQ/ZAYA1-VL-8B-JANGTQ4

For runtime checks, start with the smallest Qwen target first to keep RAM pressure low. The command examples below also default to this model.

Tools

42 tool definitions across 8 operational areas:

Category	Tools
Recon	subfinder, dnsx, nmap, masscan, httpx, katana, theharvester
Web	nuclei, sqlmap, dalfox, feroxbuster, ffuf, arjun, wpscan, testssl, graphqlmap, jwt_tool
Network	netexec, snmpwalk, tshark, bettercap, chisel
Credentials	hashcat, hydra, haiti, trufflehog
Exploit	metasploit, pwncat, sliver
Post-Exploit	linpeas, impacket
OSINT	sherlock, holehe, exiftool, gowitness
Supply-Chain	trufflehog, syft, grype, osv_scanner
General / Report / Stash	search_cve (local CVE DB), lookup_cve, search_context, run_shell

Lightweight tools are bundled in the app. Heavy tools are installed on first use via homebrew/pip.

Architecture

• UI: SwiftUI (native macOS 14+)
• Inference: vMLX engine (MLX on Apple Silicon) — localhost server, OpenAI-compatible API
• IPC: HTTP + SSE streaming to local vMLX server
• Persistence: SQLite (GRDB.swift) with WAL mode
• Terminal: SwiftTerm (embedded pty)
• Reports: HTML → PDF via WKWebView
• CVE DB: SQLite + sqlite-vec (semantic search with nomic-embed-text)
• Packaging: Hardened runtime and DMG signing path (notarization remains optional/profile-gated)

Documentation

• Design Document — Product and UX design
• Technical Specification — 29 technical decisions with rationale
• Feature Matrix — 1,307 checkable items for QA
• Tool Definitions — 42 tool schemas in-app
• Tool Registry — external CLI mappings for supported binaries (39 entries)
• System Prompts — Base + per-tab LLM instruction templates

Runtime Verification

• swift build --package-path ExploitBot -c debug
• python3 scripts/release-readiness-proof.py
• python3 scripts/verify-live-models.py --qwen ${EXPLOITBOT_MODELS}/JANGQ/Qwen3.6-27B-JANG_4M-MTP --metadata-only
• python3 scripts/verify-live-models.py --qwen ${EXPLOITBOT_RELEASE_QWEN_MODEL} --restart-replay --require-ssm-companion-hit
• python3 scripts/release-app-live-qwen-proof.py
• EXPLOITBOT_RELEASE_QWEN_MODEL=${EXPLOITBOT_RELEASE_QWEN_MODEL} python3 scripts/release-app-qwen-cross-restart-cache-proof.py
• python3 scripts/release-app-live-minimax-proof.py
• python3 scripts/zaya-visual-live-proof.py
• python3 scripts/agent-live-tool-status-proof.py
• python3 scripts/supply-chain-cve-ui-proof.py
• python3 scripts/cve-settings-actions-proof.py
• python3 scripts/terminal-tool-paths-proof.py
• python3 scripts/tool-flow-coverage-proof.py

License

Open source. License TBD.

Disclaimer

exploitbot is designed for authorized security testing, penetration testing engagements, CTF competitions, and security research. Always obtain proper authorization before testing any system you do not own. The developers are not responsible for misuse.

---

exploit.bot · Powered by vMLX engine · Built for Apple Silicon