Weaponizing AI in Cyberattacks A Comparative Study of AI powered Tools for Offensive Security

Fatima Anis; Mohammad Hammoudeh

doi:10.1145/3726122.3726164

Weaponizing AI in Cyberattacks A Comparative Study of AI powered Tools for Offensive Security

Fatima Anis
, Mohammad Hammoudeh^*

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Offensive security, a critical aspect of modern cybersecurity, involves simulating cyberattacks to proactively identify and address vulnerabilities before they can be exploited. However, many tasks, such as network scanning and subdomain enumeration, are time-consuming and inefficient without automation, especially as cyberattacks grow increasingly sophisticated. Recent incidents, such as attacks targeting legacy communication systems like pagers and walkie-talkies, further underscore the urgency to automate offensive security operations. This paper presents a comparative study of automated tools, specifically WebCopilot and Sublist3r for subdomain enumeration, and RustScan combined with Nmap compared to Nmap alone for network scanning. The results demonstrate that automation significantly reduces the time required for these tasks, enhancing both efficiency and effectiveness in offensive security practices. Additionally, this study explores the potential of artificial intelligence (AI) to further transform offensive security by automating more complex tasks, such as simulating attack scenarios and adapting dynamically to defenses. Positioned as a proposal, this research advocates for the integration of AI into the attack life cycle, highlighting the future potential of fully automating offensive security processes to create more intelligent, adaptive, and effective tools.

Original language	English
Title of host publication	Proceedings of 2024 the 8th International Conference on Future Networks and Distributed Systems, ICFNDS 2024
Publisher	Association for Computing Machinery
Pages	283-290
Number of pages	8
ISBN (Electronic)	9798400711701
DOIs	https://doi.org/10.1145/3726122.3726164
State	Published - 2 Jul 2025
Externally published	Yes
Event	8th International Conference on Future Networks and Distributed Systems, ICFNDS 2024 - Marrakech, Morocco Duration: 11 Dec 2024 → 12 Dec 2024

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	8th International Conference on Future Networks and Distributed Systems, ICFNDS 2024
Country/Territory	Morocco
City	Marrakech
Period	11/12/24 → 12/12/24

Bibliographical note

Publisher Copyright:
© 2024 Copyright held by the owner/author(s)

Keywords

automated attacks
automation
offensive security

ASJC Scopus subject areas

Human-Computer Interaction
Computer Networks and Communications
Computer Vision and Pattern Recognition
Software

Access to Document

10.1145/3726122.3726164

Cite this

Anis, F., & Hammoudeh, M. (2025). Weaponizing AI in Cyberattacks A Comparative Study of AI powered Tools for Offensive Security. In Proceedings of 2024 the 8th International Conference on Future Networks and Distributed Systems, ICFNDS 2024 (pp. 283-290). (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3726122.3726164

@inproceedings{19f8a5996a96493eafbfcadb14dc9678,

title = "Weaponizing AI in Cyberattacks A Comparative Study of AI powered Tools for Offensive Security",

abstract = "Offensive security, a critical aspect of modern cybersecurity, involves simulating cyberattacks to proactively identify and address vulnerabilities before they can be exploited. However, many tasks, such as network scanning and subdomain enumeration, are time-consuming and inefficient without automation, especially as cyberattacks grow increasingly sophisticated. Recent incidents, such as attacks targeting legacy communication systems like pagers and walkie-talkies, further underscore the urgency to automate offensive security operations. This paper presents a comparative study of automated tools, specifically WebCopilot and Sublist3r for subdomain enumeration, and RustScan combined with Nmap compared to Nmap alone for network scanning. The results demonstrate that automation significantly reduces the time required for these tasks, enhancing both efficiency and effectiveness in offensive security practices. Additionally, this study explores the potential of artificial intelligence (AI) to further transform offensive security by automating more complex tasks, such as simulating attack scenarios and adapting dynamically to defenses. Positioned as a proposal, this research advocates for the integration of AI into the attack life cycle, highlighting the future potential of fully automating offensive security processes to create more intelligent, adaptive, and effective tools.",

keywords = "automated attacks, automation, offensive security",

author = "Fatima Anis and Mohammad Hammoudeh",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s); 8th International Conference on Future Networks and Distributed Systems, ICFNDS 2024 ; Conference date: 11-12-2024 Through 12-12-2024",

year = "2025",

month = jul,

day = "2",

doi = "10.1145/3726122.3726164",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "283--290",

booktitle = "Proceedings of 2024 the 8th International Conference on Future Networks and Distributed Systems, ICFNDS 2024",

}

Anis, F & Hammoudeh, M 2025, Weaponizing AI in Cyberattacks A Comparative Study of AI powered Tools for Offensive Security. in Proceedings of 2024 the 8th International Conference on Future Networks and Distributed Systems, ICFNDS 2024. ACM International Conference Proceeding Series, Association for Computing Machinery, pp. 283-290, 8th International Conference on Future Networks and Distributed Systems, ICFNDS 2024, Marrakech, Morocco, 11/12/24. https://doi.org/10.1145/3726122.3726164

Weaponizing AI in Cyberattacks A Comparative Study of AI powered Tools for Offensive Security. / Anis, Fatima; Hammoudeh, Mohammad.
Proceedings of 2024 the 8th International Conference on Future Networks and Distributed Systems, ICFNDS 2024. Association for Computing Machinery, 2025. p. 283-290 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Weaponizing AI in Cyberattacks A Comparative Study of AI powered Tools for Offensive Security

AU - Anis, Fatima

AU - Hammoudeh, Mohammad

PY - 2025/7/2

Y1 - 2025/7/2

N2 - Offensive security, a critical aspect of modern cybersecurity, involves simulating cyberattacks to proactively identify and address vulnerabilities before they can be exploited. However, many tasks, such as network scanning and subdomain enumeration, are time-consuming and inefficient without automation, especially as cyberattacks grow increasingly sophisticated. Recent incidents, such as attacks targeting legacy communication systems like pagers and walkie-talkies, further underscore the urgency to automate offensive security operations. This paper presents a comparative study of automated tools, specifically WebCopilot and Sublist3r for subdomain enumeration, and RustScan combined with Nmap compared to Nmap alone for network scanning. The results demonstrate that automation significantly reduces the time required for these tasks, enhancing both efficiency and effectiveness in offensive security practices. Additionally, this study explores the potential of artificial intelligence (AI) to further transform offensive security by automating more complex tasks, such as simulating attack scenarios and adapting dynamically to defenses. Positioned as a proposal, this research advocates for the integration of AI into the attack life cycle, highlighting the future potential of fully automating offensive security processes to create more intelligent, adaptive, and effective tools.

AB - Offensive security, a critical aspect of modern cybersecurity, involves simulating cyberattacks to proactively identify and address vulnerabilities before they can be exploited. However, many tasks, such as network scanning and subdomain enumeration, are time-consuming and inefficient without automation, especially as cyberattacks grow increasingly sophisticated. Recent incidents, such as attacks targeting legacy communication systems like pagers and walkie-talkies, further underscore the urgency to automate offensive security operations. This paper presents a comparative study of automated tools, specifically WebCopilot and Sublist3r for subdomain enumeration, and RustScan combined with Nmap compared to Nmap alone for network scanning. The results demonstrate that automation significantly reduces the time required for these tasks, enhancing both efficiency and effectiveness in offensive security practices. Additionally, this study explores the potential of artificial intelligence (AI) to further transform offensive security by automating more complex tasks, such as simulating attack scenarios and adapting dynamically to defenses. Positioned as a proposal, this research advocates for the integration of AI into the attack life cycle, highlighting the future potential of fully automating offensive security processes to create more intelligent, adaptive, and effective tools.

KW - automated attacks

KW - automation

KW - offensive security

UR - https://www.scopus.com/pages/publications/105011950359

U2 - 10.1145/3726122.3726164

DO - 10.1145/3726122.3726164

M3 - Conference contribution

AN - SCOPUS:105011950359

T3 - ACM International Conference Proceeding Series

SP - 283

EP - 290

BT - Proceedings of 2024 the 8th International Conference on Future Networks and Distributed Systems, ICFNDS 2024

PB - Association for Computing Machinery

T2 - 8th International Conference on Future Networks and Distributed Systems, ICFNDS 2024

Y2 - 11 December 2024 through 12 December 2024

ER -

Weaponizing AI in Cyberattacks A Comparative Study of AI powered Tools for Offensive Security

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this