explaingit

originsec/pocsmith

Analysis updated 2026-05-18

20PythonAudience · researcherComplexity · 5/5Setup · hard

TLDR

An AI agent that automatically writes, builds, and verifies Windows exploit proof-of-concepts against a local test VM using CVE patch-diff reports.

Mindmap

mindmap
  root((pocsmith))
    What it does
      Writes exploit POCs
      Verifies vulnerabilities
      Uses AI agent loop
    Tech stack
      Python
      Claude
      Hyper-V
      Ghidra
    Requirements
      Windows 11 host
      Visual Studio 2022
      Windows SDK
    Use cases
      Authorized research
      Patch diff analysis
      CVE verification

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Turn a patchwatch CVE report into a working proof-of-concept exploit automatically.

USE CASE 2

Automate the loop of writing, compiling, deploying, and testing exploit code against a Windows VM.

USE CASE 3

Verify whether a Windows kernel vulnerability is exploitable using a remote kernel debugger.

USE CASE 4

Accelerate authorized vulnerability research on systems you own or are permitted to test.

What is it built with?

PythonClaudeHyper-VGhidraMCP

How does it compare?

originsec/pocsmithalex72-py/aria-termuxanime0t4ku/gentleman
Stars202020
LanguagePythonPythonPython
Setup difficultyhardmoderatemoderate
Complexity5/52/52/5
Audienceresearcherdevelopergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Requires a Windows 11 Hyper-V host, Visual Studio 2022, Windows SDK, and Docker.

In plain English

pocsmith is a Python-based security research tool that automates the process of writing and testing Windows exploit proof-of-concepts (POCs). A POC in security research is a demonstration that a software vulnerability can actually be exploited, it proves the bug is real and shows how an attacker might use it. pocsmith takes a vulnerability report (produced by a companion tool called patchwatch, which analyzes Windows patches to find what changed) and then uses an AI agent powered by Claude to automatically write exploit code, compile it, deploy it to a controlled virtual machine, run it, and verify whether it worked. The system connects several specialized tools together: a Hyper-V virtual machine manager for spinning up isolated Windows environments, a remote kernel debugger for inspecting what happens inside the Windows kernel during an exploit attempt, and Ghidra (a reverse-engineering tool) for analyzing the vulnerable binary. The AI agent works through these tools in a loop, reading the vulnerability context, generating code, compiling it using Visual Studio, running it inside the VM, checking whether it caused the expected crash or primitive, and adjusting its approach based on the results. This is designed for security researchers who are authorized to test Windows vulnerabilities on their own infrastructure. It runs entirely locally, the only external connection is to Anthropic's API for the AI reasoning. You would use it to accelerate the time-intensive work of turning a patch-diff into a working exploit demonstration. Prerequisites are significant: a Windows 11 host with Hyper-V, Visual Studio 2022, Windows SDK, and Docker. The full README is longer than what was provided.

Copy-paste prompts

Prompt 1
Explain how pocsmith uses patchwatch reports to start building a proof-of-concept.
Prompt 2
Walk me through setting up the Hyper-V, Visual Studio, and Windows SDK prerequisites for this tool.
Prompt 3
Explain the role of each MCP server this project connects together.
Prompt 4
Help me understand the safety restrictions this project places on where exploit code can run.

Frequently asked questions

What is pocsmith?

An AI agent that automatically writes, builds, and verifies Windows exploit proof-of-concepts against a local test VM using CVE patch-diff reports.

What language is pocsmith written in?

Mainly Python. The stack also includes Python, Claude, Hyper-V.

How hard is pocsmith to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is pocsmith for?

Mainly researcher.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.