- by x32x01 ||
AI Tools Hackers Are Using in 2025 (Red-Team & Blue-Team POV)Slide 1 - Hook
AI isn’t just generating images anymore - it’s accelerating hacking.From automated recon to payload crafting and even full pentest reporting, here’s how attackers (and defenders) are using AI in 2025 - with real examples & how to defend.
Slide 2 - WRAITH (AI-Powered Recon Automation)
What it doesAuto-discovers assets, subdomains, tech stack, open ports.
Prioritizes targets using LLM reasoning.
Generates recon → exploit hypotheses.
Example workflow
wraith --target example.com --out recon.json# Feed recon.json to LLM:
“Suggest top 5 exploit paths from this recon. Rank by impact & ease.”
Why it’s scary: Recon that took hours now happens in minutes, with smarter prioritization.
Slide 3 - PentestGPT (LLM for Pentest Planning & Reporting)
Use-casesTurn raw notes into a structured methodology (OWASP, PTES).
Suggest payloads per finding (SQLi, SSTI, XXE, etc.).
Generate executive + technical reports fast.
Example prompt
You are my senior pentester. Target:
api.example.comStack: Node.js, GraphQL
Give me:
1) Attack surface checklist
2) High-probability vulns to test
3) Example payloads per vuln
4) Reporting template with risk ratings (CVSS)
Slide 4 - BurpGPT (Burp Suite + LLM Payload Brain)
What it doesReads intercepted requests
Suggests custom payloads (WAF-aware, context-aware)
Helps craft polyglot, obfuscated, or blind-exploitation payloads
Example
Request:
POST /search {"q": "john"}Prompt to BurpGPT:
“Generate 10 WAF-bypassing SQLi payloads for JSON body with parameter ‘q’. DB type unknown. Also give time-based blind variants.”
Slide 5 - X-Bow / Autonomous Pentest Engines
What they doChain recon → exploit → validate → write report
Can iterate on responses (e.g., WAF blocks)
Can run multi-step campaigns (dir brute force → SSRF → metadata steal → privilege escalation)
Example high-level flow (pseudo)
xbow --scope scope.txt→ Asset discovery
→ LFI found → RCE candidate path suggested
→ Exploit validated
→ Draft report with PoC + risk score auto-generated
Slide 6 - ShellGPT / Terminal + AI = Lethal
Why it’s usefulWrites bash one-liners for recon, fuzzing, log triage
Summarizes verbose tool output (nmap, nuclei, logs)
Example prompt
I have a wordlist
subdomains.txt and want to resolve only live subdomains to alive.txt using httpx. Write a one-liner and explain each flag.Bonus: Ask it to “fix this exploit script that’s failing on Python 3.12” - instant debugging.
Slide 7 - AI-Driven Phishing & MFA Fatigue Campaigns (Defense POV)
Attackers use AI toClone writing styles from leaked emails
Auto-generate reverse proxy phishing kits (Evilginx2-like)
Craft localized, hyper-personalized lures
Automate MFA fatigue (“push bombing”) scripts with social engineering scripts
Defend with
FIDO2/WebAuthn (phish-resistant MFA)
Conditional access + impossible travel policies
User-behavior baselines + anomaly detection
Slide 8 - AI for Exploit Dev & Patch Diffing
Use-casesTurn a PoC into a Metasploit module
Explain complex deserialization chains
Diff two versions of source code/binary and ask “What vuln was patched?”
Prompt example
Here’s a failing PoC for
CVE-XXXX-YYYY. Fix it for Python 3.12, add argparse, and explain the root cause + exploitation path in comments.Slide 9 - Blue-Team: How to Defend Against AI-Augmented Attackers
1. Phish-resistant MFA (FIDO2, hardware keys).2. Attack surface monitoring - your own “Wraith” for blue team.
3. LLM-assisted log analysis (explain spikes, rare sequences, failed OAuth flows).
4. Prompt-hardened AI apps - sanitize model inputs, enforce allowlists.
5. Rate-limit & anomaly-detect AI-driven brute-force / fuzzing.
6. Automatic report diffing for repeated exploit vectors from bug bounty submissions.
Slide 10 - Ethics, Compliance & Reality
These tools can be weaponized.Use only on assets you own or have written authorization for.
Always document consent, scope, and reporting responsibly.
LLMs hallucinate - validate every payload & claim.