This work addresses the inefficiency of traditional manual penetration testing and limitations of existing large language model (LLM)-based multi-agent systems—such as reliance on parametric knowledge, fragmented memory, and insufficient payload validation—by proposing a novel multi-agent framework for automated penetration testing. The framework integrates a Shared Recurrent Memory Mechanism (SRMM) for persistent state management, a two-stage reflection process for long-horizon reasoning, and retrieval-augmented generation (RAG) to enhance external knowledge interaction, enabling adaptive optimization of attack payloads. Evaluated on the XBOW benchmark, the system achieves an overall success rate of 86.0% and a subtask completion rate of 93.99%, significantly outperforming baseline approaches including PentestAgent, AutoPT, and VulnBot.

Web applications remain the dominant attack surface in cybersecurity, where vulnerabilities such as SQL injection, XSS, and business logic flaws continue to cause significant data breaches. While penetration testing is effective for identifying these weaknesses, traditional manual approaches are time-consuming and heavily dependent on scarce expert knowledge. Recent Large Language Models (LLM)-based multi-agent systems have shown promise in automating penetration testing, yet they still suffer from critical limitations: over-reliance on parametric knowledge, fragmented session memory, and insufficient validation of attack payloads and responses. This paper proposes Red-MIRROR, a novel multi-agent automated penetration testing system that introduces a tightly coupled memory-reflection backbone to explicitly govern inter-agent reasoning. By synthesizing Retrieval-Augmented Generation (RAG) for external knowledge augmentation, a Shared Recurrent Memory Mechanism (SRMM) for persistent state management, and a Dual-Phase Reflection mechanism for adaptive validation, Red-MIRROR provides a robust solution for complex web exploitation. Empirical evaluation on the XBOW benchmark and Vulhub CVEs shows that Red-MIRROR achieves performance comparable to state-of-the-art agents on Vulhub scenarios, while demonstrating a clear advantage on the XBOW benchmark. On the XBOW benchmark, Red-MIRROR attains an overall success rate of 86.0 percent, outperforming PentestAgent (50.0 percent), AutoPT (46.0 percent), and the VulnBot baseline (6.0 percent). Furthermore, the system achieves a 93.99 percent subtask completion rate, indicating strong long-horizon reasoning and payload refinement capability. Finally, we discuss ethical implications and propose safeguards to mitigate misuse risks.