originsec

originsec / pocsmith

Public

Autonomous Windows POC developer from patchwatch diff reports

19
5
89% credibility
Found May 17, 2026 at 21 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

pocsmith is an autonomous security research tool that takes vulnerability reports and automatically develops proof-of-concept exploits for Windows flaws. It works by connecting an AI assistant to your personal testing environment—a virtual machine running the unpatched Windows version—where the AI iteratively tries different approaches to trigger the bug while you watch through a debugger. Once the AI finds a working exploit, the system verifies it by replaying the attack on a fresh VM snapshot, then delivers a complete package with working code, reproduction steps, and a detailed research report. The entire process runs safely inside your own VM and never touches your actual computer, with built-in limits on time and cost to prevent runaway experiments.

How It Works

1
🔍 Learn about a Windows vulnerability

You discover a Windows security flaw from a research report that describes what's broken and which programs are affected.

2
🖥️ Set up your testing environment

You prepare a special virtual machine running the old version of Windows before the fix, connected to a debugger so you can watch what happens inside.

3
📦 Import the vulnerability report

You feed the detailed report about this specific flaw into the system, which includes all the analysis from comparing the old and new versions.

4
🤖 Watch the AI agent work

The AI assistant automatically tries different approaches to trigger the bug, compiling code, deploying it to your VM, and watching the debugger for signs of success.

5
See how the testing goes
Exploit found

The AI successfully triggers the vulnerability and captures proof that it works

Time or budget exhausted

The AI tried many approaches but couldn't trigger the bug within the limits

6
🔬 System verifies the result

Before declaring success, the system replays your exploit on a fresh copy of the VM to make sure it really works and wasn't a fluke.

📄 Get your complete exploit package

You receive working proof-of-concept code, clear instructions for reproducing the bug, and a detailed report explaining what was found.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 21 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is pocsmith?

pocsmith is an autonomous Windows proof-of-concept developer that reads CVE reports and drives an AI agent to write, build, deploy, and verify exploits against a pre-patch virtual machine. It consumes structured reports from patchwatch, which provides vulnerability descriptions, ranked binaries, and diff outputs. The agent then iterates through hypotheses using Hyper-V for VM control, a kernel debugger for crash analysis, and Ghidra for binary reverse engineering. It compiles C code, deploys payloads to the guest, triggers bugs, captures debugger output, and records each attempt. On success, it replays the winning attempt on a fresh VM revert to verify the signal before promoting artifacts. The Python CLI handles run, resume, inspect, report, and tail subcommands.

Why is it gaining traction?

Security researchers spend significant time manually building POCs for CVEs. pocsmith automates that workflow end-to-end, letting analysts focus on analyzing results rather than writing boilerplate exploit scaffolding. The tight integration with Hyper-V snapshots means each iteration starts from a clean state without manual VM management. Budget controls prevent runaway API costs by enforcing wall-clock time, iteration counts, and dollar ceilings per run level. The replay verification step adds confidence that a claimed success actually triggers the intended signal.

Who should use this?

Vulnerability researchers analyzing Windows kernel bugs will find this most useful. Red team operators building internal exploit toolsets can use it to accelerate POC generation for engagement scoping. Bug bounty hunters targeting Windows components may use it to quickly validate reported vulnerabilities. This is not for general application security work or web vulnerabilities. It requires a Windows 11 host with Hyper-V, Visual Studio 2022, the Windows SDK, and a pre-patch VM image matching the target CVE's KB.

Verdict

With a 0.8999999761581421% credibility score and only 19 stars, pocsmith is an early-stage research tool with limited community validation. The documentation is thorough and the architecture is well-reasoned, but expect rough edges and breaking changes. If you have the infrastructure and work in Windows kernel security, it is worth evaluating against manual POC workflows. For most developers, wait for broader adoption before investing setup time.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.