Why evidence matters more than model memory in AI pentesting
Why evidence matters more than model memory in AI pentesting
为什么在 AI 渗透测试中,证据比模型记忆更重要
An AI finding you cannot reproduce is a liability, not a result. Darkmoon attaches the exact commands and raw tool output to every finding so a human can peer review it. 如果你无法复现 AI 的发现,那它就是一种负担,而非成果。Darkmoon 会将确切的命令和原始工具输出附加到每一项发现中,以便人工进行同行评审。
The trust problem: Most AI security tools return a confidence score and a paragraph. In offensive security that is not enough. If you cannot show the command that proved a vulnerability, you cannot defend it in a report or a remediation meeting. 信任问题:大多数 AI 安全工具只会返回一个置信度分数和一段文字描述。在攻防安全领域,这远远不够。如果你无法展示证明漏洞存在的具体命令,你就无法在报告或修复会议中为其辩护。
What an evidence trail actually contains: For every finding Darkmoon keeps the executed command, the raw output, and the reasoning that connected them. The finding is a reproducible artifact, not a claim you have to take on faith. 证据链实际包含的内容:对于每一项发现,Darkmoon 都会保留执行的命令、原始输出以及将它们关联起来的推理过程。该发现是一个可复现的证据,而不是一个你必须盲目相信的断言。
Why this beats a bigger model: A larger model reduces some errors but never removes them. The evidence trail is what lets a human catch the ones that remain, which is exactly why we made it the core of the design rather than an afterthought. 为什么这比更大的模型更好:更大的模型可以减少一些错误,但永远无法完全消除它们。证据链让人们能够捕捉到残留的错误,这正是我们将其作为设计核心而非事后补充的原因。
How it changes the workflow: Reviewers stop re-verifying everything by hand and start spot checking the trail. Reports write themselves from real data instead of paraphrased model output. 它如何改变工作流程:审核人员无需再手动重新验证所有内容,而是开始抽查证据链。报告直接由真实数据生成,而不是由模型转述的输出生成。
Try it: If you want to see the evidence trail on a live target, clone the Community Edition and point it at a lab. 试用一下:如果你想在真实目标上查看证据链,请克隆社区版(Community Edition)并将其指向一个实验环境。
Repo (GPLv3): https://github.com/ASCIT31/Dark-Moon 仓库 (GPLv3): https://github.com/ASCIT31/Dark-Moon
Docs: https://docs.dark-moon.org/ 文档: https://docs.dark-moon.org/
Demo: https://youtu.be/1bFRVuMkZzY 演示: https://youtu.be/1bFRVuMkZzY
Built by pentesters, open sourced for pentesters. Feedback on the methodology and the evidence trail is genuinely welcome. 由渗透测试人员构建,并为渗透测试人员开源。我们真诚欢迎对该方法论和证据链提出反馈意见。