Traditional penetration testing is labor-intensive, costly, and poorly scalable; existing automation approaches lack flexibility, while LLM-based solutions suffer from insufficient domain knowledge in penetration testing and limited end-to-end automation capability. This paper proposes the first RAG-enhanced, multi-LLM agent collaboration framework for red-teaming, enabling fully automated information gathering, vulnerability analysis, and exploitation via task decomposition, dynamic decision-making, and integration with established red-team toolchains. Key contributions are: (i) RAG-enabled real-time injection of authoritative penetration knowledge to mitigate LLM hallucination; and (ii) a multi-agent coordination mechanism that overcomes semantic understanding and action-planning bottlenecks inherent in single-model LLMs. In comprehensive benchmarking, our framework achieves a 42% improvement in task completion rate and reduces average execution time by 58%, significantly outperforming state-of-the-art automated tools and single-agent LLM baselines.

Penetration testing is a critical technique for identifying security vulnerabilities, traditionally performed manually by skilled security specialists. This complex process involves gathering information about the target system, identifying entry points, exploiting the system, and reporting findings. Despite its effectiveness, manual penetration testing is time-consuming and expensive, often requiring significant expertise and resources that many organizations cannot afford. While automated penetration testing methods have been proposed, they often fall short in real-world applications due to limitations in flexibility, adaptability, and implementation. Recent advancements in large language models (LLMs) offer new opportunities for enhancing penetration testing through increased intelligence and automation. However, current LLM-based approaches still face significant challenges, including limited penetration testing knowledge and a lack of comprehensive automation capabilities. To address these gaps, we propose PentestAgent, a novel LLM-based automated penetration testing framework that leverages the power of LLMs and various LLM-based techniques like Retrieval Augmented Generation (RAG) to enhance penetration testing knowledge and automate various tasks. Our framework leverages multi-agent collaboration to automate intelligence gathering, vulnerability analysis, and exploitation stages, reducing manual intervention. We evaluate PentestAgent using a comprehensive benchmark, demonstrating superior performance in task completion and overall efficiency. This work significantly advances the practical applicability of automated penetration testing systems.