Turn a patchwatch CVE report into a working proof-of-concept exploit automatically.
Automate the loop of writing, compiling, deploying, and testing exploit code against a Windows VM.
Verify whether a Windows kernel vulnerability is exploitable using a remote kernel debugger.
Accelerate authorized vulnerability research on systems you own or are permitted to test.
| originsec/pocsmith | alex72-py/aria-termux | anime0t4ku/gentleman | |
|---|---|---|---|
| Stars | 20 | 20 | 20 |
| Language | Python | Python | Python |
| Setup difficulty | hard | moderate | moderate |
| Complexity | 5/5 | 2/5 | 2/5 |
| Audience | researcher | developer | general |
Figures from each repo's GitHub metadata at analysis time.
Requires a Windows 11 Hyper-V host, Visual Studio 2022, Windows SDK, and Docker.
pocsmith is a Python-based security research tool that automates the process of writing and testing Windows exploit proof-of-concepts (POCs). A POC in security research is a demonstration that a software vulnerability can actually be exploited, it proves the bug is real and shows how an attacker might use it. pocsmith takes a vulnerability report (produced by a companion tool called patchwatch, which analyzes Windows patches to find what changed) and then uses an AI agent powered by Claude to automatically write exploit code, compile it, deploy it to a controlled virtual machine, run it, and verify whether it worked. The system connects several specialized tools together: a Hyper-V virtual machine manager for spinning up isolated Windows environments, a remote kernel debugger for inspecting what happens inside the Windows kernel during an exploit attempt, and Ghidra (a reverse-engineering tool) for analyzing the vulnerable binary. The AI agent works through these tools in a loop, reading the vulnerability context, generating code, compiling it using Visual Studio, running it inside the VM, checking whether it caused the expected crash or primitive, and adjusting its approach based on the results. This is designed for security researchers who are authorized to test Windows vulnerabilities on their own infrastructure. It runs entirely locally, the only external connection is to Anthropic's API for the AI reasoning. You would use it to accelerate the time-intensive work of turning a patch-diff into a working exploit demonstration. Prerequisites are significant: a Windows 11 host with Hyper-V, Visual Studio 2022, Windows SDK, and Docker. The full README is longer than what was provided.
An AI agent that automatically writes, builds, and verifies Windows exploit proof-of-concepts against a local test VM using CVE patch-diff reports.
Mainly Python. The stack also includes Python, Claude, Hyper-V.
Setup difficulty is rated hard, with roughly 1day+ to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.