Abstract Penetration testing is a security technique used to simulate the actions of a malicious attacker, aiming to uncover weaknesses and assess potential consequences of cyber-attacks. However, conducting penetration tests can be challenging, requiring a deep understanding of vulnerabilities and ensuring that their exploitation does not disrupt business continuity. In particular, for exploiting vulnerabilities, security practitioners should reproduce the vulnerable system in a controlled environment, find “exploits”, i.e., software modules that allow the assessment of such vulnerabilities, configure the software modules by installing the required dependencies, and test the exploit. Despite several companies offering exploit databases containing many available exploits, there is no solution that automates all the setup steps in order to provide a collection of ready-to-use “zero-configuration” exploits. Current frameworks support a few manually curated exploits, whereas dependency resolution tools struggle to handle the complexity of real-world exploit code, which often contains ambiguous imports, version conflicts, and undocumented dependencies. Additionally, exploits are often released on public repositories by untrusted developers, which can lead to significant security risks. This paper presents ExploDox, a framework that combines knowledge graph-based dependency inference with lightweight and isolated containerization to enable scalable automation in the generation of sandboxed exploit environments. Our approach automatically resolves complex dependency relationships that traditional parsing methods cannot handle, while providing isolated, reproducible, and secure execution environments. ExploDox generated 2437 working exploits out of a total of 3346 Python exploits from Exploit-DB, achieving a 72.83% success rate and a median environment creation time of 1.88 s.
d’Ambrosio et al. (Fri,) studied this question.