@apivixtls: grok4.5 should be far ahead in security, right? (No censorship) I tested it today. I asked it to help me bug hunt. It directly logged into my HackerOne, scanned over 400 projects, chose a less popular one, and started hunting. It did almost everything by itself without my involvement…

X AI KOLs Timeline Models

Summary

The user tested Grok 4.5's security penetration capabilities and found that it could autonomously log into HackerOne, scan over 400 projects, and perform bug hunting, with almost no human involvement throughout, demonstrating powerful automation capabilities.

grok4.5 should be far ahead in security, right? (No censorship) I tested it today. I asked it to help me bug hunt. It directly logged into my HackerOne, scanned over 400 projects, chose a less popular one, and started hunting. It did almost everything by itself without my involvement, including browser interaction (used my Edge directly, not Playwright), handled captchas—wrote scripts for simple ones, gave "yes" for harder ones, and it decoded captcha verification on its own. I barely participated in the entire follow-up process. Although it only found one minor vulnerability in the end (web3 sites are really hard to bug hunt, so I later told it to skip all web3, haha). So if you're into penetration testing, reverse engineering, or CTF attack/defense, you should really try grok4.5. It's great and has plenty of quota. Premium+, used all night and only consumed 29%. #ReverseEngineering #PenetrationTesting #grok
Original Article
View Cached Full Text

Cached at: 07/10/26, 04:15 PM

Grok 4.5 should be far ahead in security, right? (No censorship) I tested it today. I asked it to help me find vulnerabilities, and it directly logged into my HackerOne account, scanned over 400 projects, picked a less popular one, and started hunting. It did almost everything itself—I barely participated, including browser interactions (it didn’t use Playwright; it directly controlled my Edge browser). For simple captchas, it wrote its own scripts to bypass them; for harder ones, I just gave it “yes,captcha” and it solved them on its own. I had virtually no involvement in all subsequent operations. In the end, it only found one small vulnerability (web3 websites are really hard to crack, haha, so later I told it to skip all web3). So, if you’re into penetration testing, reverse engineering, CTF attack/defense, you should really give Grok 4.5 a try. It works great, has generous credits, and after running it all night with Premium+, I only used 29%.

#ReverseEngineering #PenetrationTesting #grok

Similar Articles

@AdamShao: Officially open-sourcing my vulnerability discovery tool: http://flounders.xyz This is an AI Agent-based fully automated vulnerability discovery workflow. You just tell the AI which project's vulnerabilities you want to find, and it will automatically download code and documentation, deeply audit the code, discover suspicious vulnerabilities, automatically verify them locally and online…

X AI KOLs Timeline

Flounder is an open-source AI agent-based tool that automates vulnerability discovery in codebases. Users describe the target and the tool autonomously downloads code, conducts deep code audits, tests vulnerabilities locally and online, and generates reports.

@XAMTO_AI: If you've used traditional manual penetration testing, you know!! Juggling multiple tools like Burp, Nmap, Metasploit, switching back and forth, spending hours on recon and exploit, writing PoCs by hand, writing reports until you question your life, false positives everywhere, while real vulnerabilities slip through... One developer couldn't take it anymore and open-sourced a...

X AI KOLs Timeline

Strix is an open-source AI penetration testing tool that uses autonomous AI agents to perform real vulnerability discovery and exploitation, generating working PoCs and compliance-ready reports. It supports multi-agent orchestration, CI/CD integration, and various LLMs, aiming to replace manual pentesting with AI-driven automation.

@geekbb: Use Multi-Agent to automatically run the entire CVE mining process, from selecting projects, reviewing code, verifying vulnerabilities to generating ready-to-submit vulnerability reports. https://github.com/larlarua/AutoCVE…

X AI KOLs Timeline

AutoCVE is an open-source tool that uses multi-agent collaboration to automatically complete the entire process from project screening, code audit, vulnerability verification to generating CVE reports, supporting one-click CVE vulnerability mining.

@servasyy_ai: If you're maintaining a project alone without a security team and always feel uneasy before launch, this is basically a gift for you. To be honest, I don't trust most of the so-called "AI security scanners" on the market. After scanning, they give you a screen full of warnings, 90% of which are false positives – pure waste of time. That was until I looked into strix, which topped the GitHub daily leaderboard these past two days. It's different. Strix…

X AI KOLs Timeline

Strix is an open-source AI penetration testing tool that dynamically runs applications in Docker sandboxes, uses the Caido proxy to intercept traffic, and leverages a Python sandbox to write practical Proof-of-Concept exploits to discover and verify vulnerabilities. It supports multi-agent collaboration, automatic patch generation, and CI/CD integration, making it more practical than traditional scanners with high false positive rates.

@apivixtls: Now let me recommend an open-source project. If you're interested in web penetration and API packet capture, you can use this directly. This project boils down to one thing: helping you do less manual work and focus on results. What exactly does it do? Your usual packet capture goes like: Open Charles / mitmproxy → a bunch of requests → you slowly sift through them…

X AI KOLs Timeline

Recommend an open-source web penetration and API packet capture analysis tool that uses AI to automatically filter, analyze requests, handle encryption, and generate analysis summaries and reproduction steps, greatly improving reverse engineering efficiency.