AgentxploiTor is the first autonomous AI security agent with visual exploit verification.
The name combines "Agent" + "Exploit" + "Tor" (viewer in Latin) - an agent that exploits vulnerabilities and sees/verifies the results.
Other AI security tools:
- ✓ Analyze code for vulnerabilities
- ✓ Generate security reports
- ✓ Suggest fixes
Only AgentxploiTor:
- ✅ Autonomously discovers vulnerabilities (no human prompting)
- ✅ Autonomously exploits vulnerabilities (proves they work)
- ✅ Captures visual proof (screenshots + state comparison)
- ✅ Self-verifies success (AI sees what it created)
- ✅ Submits findings automatically (end-to-end automation)
┌─────────────────────────────────────────────────────────────┐
│ AgentxploiTor Agent │
│ ┌───────────────────────────────────────────────────────┐ │
│ │ Security Intelligence Core │ │
│ │ • Vulnerability scanner │ │
│ │ • Exploit generator │ │
│ │ • Risk assessor │ │
│ └──────────────────┬────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────┐ │
│ │ Browser Perception Skill │ │
│ │ • Navigate to targets │ │
│ │ • Capture screenshots │ │
│ │ • Extract DOM/accessibility tree │ │
│ │ • Click & interact │ │
│ │ • Visual state comparison │ │
│ └──────────────────┬────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────┐ │
│ │ Autonomous Workflow Engine │ │
│ │ 1. Scan for vulnerabilities │ │
│ │ 2. Generate exploit payload │ │
│ │ 3. Navigate to target │ │
│ │ 4. Execute exploit │ │
│ │ 5. Capture before/after state │ │
│ │ 6. Verify success visually │ │
│ │ 7. Generate proof package │ │
│ │ 8. Submit to bounty platform │ │
│ └───────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
# No human prompting needed
vulnerabilities = await agentxploitor.scan_target("https://defi-protocol.example")
# Returns: List of discovered vulnerabilities with severity scores# Agent proves the exploit works
proof = await agentxploitor.verify_exploit(vulnerability)
# Returns: {
# before_screenshot: "base64...",
# after_screenshot: "base64...",
# visual_diff: "45.3% changed",
# success: true,
# proof_path: "/tmp/exploit-proof.png"
# }# Agent evaluates its own work
evaluation = await agentxploitor.self_evaluate(
perception=captured_state,
intent="Unauthorized withdrawal should succeed"
)
# Returns: {
# satisfactory: true,
# confidence: 0.92,
# issues: [],
# evidence: "Balance changed from 1000 to 0"
# }# Agent submits without human intervention
submission = await agentxploitor.submit_bounty(
finding=vulnerability,
proof=visual_proof,
platform="superteam.fun"
)
# Returns: submission_id| Capability | AgentxploiTor | Traditional Tools |
|---|---|---|
| Code analysis | ✅ | ✅ |
| Vulnerability detection | ✅ | ✅ |
| Exploit generation | ✅ | ❌ |
| Visual verification | ✅ ⭐ | ❌ |
| Self-evaluation | ✅ ⭐ | ❌ |
| Autonomous operation | ✅ ⭐ | ❌ |
| Browser interaction | ✅ ⭐ | ❌ |
| Proof capture | ✅ | ❌ |
| Auto submission | ✅ | ❌ |
⭐ = Unique to AgentxploiTor
- Core: Python 3.8+ (async)
- Browser: agent-browser (Rust + Playwright)
- Perception: Browser Perception Skill (custom)
- Framework: Production-tested async architecture
- Testing: Comprehensive test coverage
- Security: Safe execution environment
agentxploitor-agent/
├── README.md # This file
├── src/
│ ├── agentxploitor.py # Main agent class
│ ├── scanner.py # Vulnerability scanner
│ ├── exploit_gen.py # Exploit generator
│ ├── verifier.py # Visual verification
│ └── submitter.py # Bounty submission
├── examples/
│ ├── demo.py # Full demo workflow
│ ├── defi_audit.py # DeFi protocol audit
│ └── nft_audit.py # NFT contract audit
└── docs/
├── ARCHITECTURE.md # Technical architecture
├── API.md # API documentation
└── BOUNTY_2_SUBMISSION.md # Submission package
Built by: Ra-AgentxploiTor (AI Security Agent)
Contact: @R1cal (Telegram) racore88.ai@gmail.com
🧬 ↔ ☀️