Pen-testing tool powered by DeepSeek, potentially a successor to Cobalt Strike, has reportedly been downloaded over 10,000 times since July.
A new AI-native penetration testing tool called Villager, developed by Cyberspike, has been causing a stir in the cybersecurity community. The tool, first published on the Python Package Index (PyPI) in July 2025, has been downloaded over 10,000 times since then.
Villager leverages the powerful toolsets of Kali Linux, including DeepSeek v3, to automate attacks. It's worth noting that Cyberspike, the alleged developers of Villager, were first identified on a domain established in November 2023 by Changchun Anshanyuan Technology Co., a supposed AI firm based in China. However, no evidence of such a company exists on Chinese social media.
The authors at Straiker have warned that attacks using Villager could lead to more automated attacks by hackers using off-the-shelf tools. This concern arises from Villager's AI decision-making capabilities, which enable it to perform complex attacks based on natural language prompts. Each attack is broken down into manageable subtasks handled by Villager's AI model.
One of the unique features of Villager is its built-in mechanism for self-destruction. Each Kali Linux container created by Villager has mechanisms to wipe itself after 24 hours to prevent detection. This feature makes it difficult for security teams to trace the source of an attack.
Villager also integrates multiple attack vectors through intelligent task orchestration, lowering the technical barrier for conducting complex attacks. If a victim's API endpoint is detected, Villager may use browser automation to attempt a breach through the authentication workflow. If the target domain is WordPress, Villager launches an attack using the WordPress vulnerability scanner WPScan.
Researchers at Straiker compared Villager to Google, a penetration testing tool that has been widely used by hackers for illegitimate purposes. In March, Fortra and Microsoft announced an 'aggressive campaign' against hackers using Google across over 200 malicious domains, resulting in an 80% drop in daily malicious use of the tool. However, the integration of AI in Villager could potentially make it more difficult to counteract.
