ptai 0.8.0

Autonomous AI pentesting with 150+ tools, exploit chaining, and PoC validation

pentest-ai

MCP server + 10 AI agents + 150+ security tools. One command.

Website · Quick Start · Agents · 150+ Tools · Claude Code Agents

---

pentest-ai connects AI to 150+ real security tools through the Model Context Protocol. It works with Claude Desktop, Cursor, VS Code Copilot, Windsurf, or any MCP-compatible client.

Point it at a target. It runs recon, finds vulnerabilities, chains them into full compromise paths, validates every finding with a working proof of concept, and generates professional reports with detection rules for your blue team.

No vendor lock-in. No cloud dependency. Runs locally.

How It Works

You: "Run a full assessment against staging.example.com"

pentest-ai:
  1. Recon       > nmap, subfinder, amass, DNS enum, OSINT
  2. Web scan    > nuclei, sqlmap, nikto, ffuf, dalfox
  3. Cloud audit > prowler, ScoutSuite, pacu
  4. AD attack   > BloodHound, Impacket, CrackMapExec
  5. Chaining    > Links 3 medium findings into domain admin
  6. Validation  > Generates safe PoC for each finding
  7. Detection   > Sigma + SPL + KQL rules for every attack
  8. Report      > Professional markdown/HTML/PDF with CVSS scores

Quick Start

pip install -e .
pentest-ai start target.example.com

That starts the MCP server. Connect from your AI client and start talking to it.

Connect to Claude Desktop

Add this to your Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "pentest-ai": {
      "command": "pentest-ai",
      "args": ["server", "start"]
    }
  }
}

Connect to Cursor / VS Code Copilot

Add the same MCP server config in your editor's settings. Any client that speaks MCP will work.

Agents

10 specialist agents, each focused on a specific attack surface.

Agent	What It Does
Recon	Port scanning, service fingerprinting, subdomain enum, OSINT
Web	SQLi, XSS, SSRF, IDOR, auth bypass, API testing, business logic
AD	BloodHound, Kerberoasting, AS-REP, delegation abuse, DCSync
Cloud	AWS/Azure/GCP misconfigs, IAM escalation, exposed services
Mobile	Android/iOS app analysis, API interception, SSL pinning bypass
Wireless	WPA/WPA2/WPA3, evil twin, rogue AP, Bluetooth
Social Engineer	Phishing campaign design, pretexting, vishing frameworks
Exploit Chain	Correlates findings across agents into multi-step attack paths
PoC Validator	Auto-generates safe, non-destructive proofs of concept
Report + Detection	Professional reports with Sigma, SPL, and KQL rules

Every agent stores findings in a local SQLite database. Findings persist across sessions and feed into the chaining engine.

Tools

158 security tools organized into 6 categories. pentest-ai wraps each tool with structured output parsing so findings flow directly into the database.

Network (30+ tools)

nmap, masscan, rustscan, netcat, hping3, arping, tcpdump, Wireshark (tshark), responder, mitm6, bettercap, ettercap, arpwatch, nbtscan, enum4linux, smbclient, rpcclient, ldapsearch, snmpwalk, onesixtyone, fierce, dnsrecon, dnsenum, dig, whois, traceroute, mtr, ping, netdiscover, fping

Web (40+ tools)

nuclei, sqlmap, nikto, gobuster, ffuf, feroxbuster, dirb, dirbuster, wfuzz, dalfox, xsstrike, commix, ssrfmap, tplmap, arjun, paramspider, waybackurls, gau, httpx, httprobe, whatweb, wappalyzer, wafw00f, burpsuite, zaproxy, w3af, arachni, skipfish, wpscan, joomscan, droopescan, cmsmap, testssl, sslscan, sslyze, jwt_tool, graphqlmap, postman, curl, wget

Password (20+ tools)

hydra, hashcat, john, medusa, ncrack, patator, cewl, crunch, cupp, mentalist, ophcrack, fcrackzip, pdfcrack, rarcrack, aircrack-ng, cowpatty, hash-identifier, haiti, name-that-hash, kerbrute

Binary (15+ tools)

checksec, gdb, radare2, ghidra, objdump, strace, ltrace, file, strings, binwalk, foremost, volatility, ropper, ROPgadget, pwntools

Cloud (20+ tools)

prowler, ScoutSuite, pacu, enumerate-iam, cloudfox, cloudsplaining, pmapper, steampipe, trivy, grype, syft, kube-hunter, kubeaudit, kubectl, docker, crane, cosign, falco, tracee, tetragon

OSINT (25+ tools)

theHarvester, sherlock, recon-ng, maltego, spiderfoot, amass, subfinder, assetfinder, findomain, massdns, puredns, shuffledns, crt.sh, shodan, censys, zoomeye, hunter.io, phonebook, dehashed, h8mail, trufflehog, gitleaks, git-secrets, gitrob, shhgit

Built-in Scanners (Zero Dependencies)

Don't have nmap installed? pentest-ai includes built-in scanners that work immediately:

• Port scanner (async TCP connect)
• HTTP header analyzer (missing security headers, CORS, cookies)
• SSL/TLS checker (expiry, weak ciphers, deprecated protocols)
• Path discovery (admin panels, backups, .env files, .git exposure)
• DNS enumerator (A records, subdomain brute-force)
• Secret scanner (AWS keys, GitHub tokens, JWTs, connection strings in responses)

# Works with zero external tools installed
pentest-ai start target.example.com --scope recon

Exploit Chaining

Most scanners give you a list of isolated findings. pentest-ai connects them.

Example: 5 medium-severity findings individually look minor. The chaining engine discovers they connect into a path from unauthenticated user to domain admin.

SSRF in /api/internal > Read cloud metadata > AWS keys
  > Lateral move to staging DB > Extract AD service account creds
    > Kerberoast > Crack hash > Domain Admin

Each chain is validated with a working PoC before it shows up in your report.

Architecture

pentest-ai/
├── mcp_server/       # FastMCP server, exposes all tools via MCP protocol
├── agents/           # 10 specialist Python agents
├── tools/            # 158 tool wrappers with output parsers
├── engine/           # Orchestrator + findings DB + built-in scanners
├── cli/              # CLI interface (Typer + Rich)
├── config/           # YAML config
└── tests/            # Test suite

Configuration

# config/pentest-ai.yaml
llm:
  provider: openai        # or anthropic, ollama
  model: gpt-4o
  temperature: 0.0

agent:
  auto_chain: true
  auto_validate_pocs: true
  auto_generate_detections: true
  hitl_mode: true          # Human approval before exploitation

scope:
  allowed_targets: []
  excluded_targets: []
  max_depth: 3

MCP Tools Reference

Tool	Description
start_engagement	Begin a full pentest against a target
run_recon	Reconnaissance (passive, standard, deep)
test_web_app	Web application security testing
test_active_directory	AD security assessment
test_cloud	Cloud provider security audit
run_tool	Run any of the 158 tools directly
discover_attack_chains	Find exploit chains from existing findings
validate_finding	Generate a safe PoC for a specific finding
generate_detection_rules	Create Sigma/SPL/KQL rules
generate_report	Professional report (markdown, HTML, PDF, JSON)
builtin_scan	Run built-in scans (no external tools needed)
get_findings	Query findings by severity, status, engagement

Claude Code Agents

Looking for the Claude Code version? pentest-ai-agents has 28 specialized Claude Code subagents for penetration testing. No server, no dependencies. Copy .md files into Claude Code and go.

	pentest-ai (this repo)	pentest-ai-agents
Type	MCP server + Python agents	Claude Code subagents
Works with	Any MCP client (Claude, Cursor, Copilot, etc.)	Claude Code only
Tools	158 tool wrappers with output parsing	Uses whatever tools are on your system
Install	pip install -e .	Copy .md files
Best for	Automated assessments, CI/CD integration	Interactive pentesting, learning, CTFs

Requirements

• Python 3.10+
• An MCP-compatible AI client (Claude Desktop, Cursor, VS Code Copilot, etc.)
• Security tools you want to use (optional, built-in scanners work without any)

Development

git clone https://github.com/0xSteph/pentest-ai.git
cd pentest-ai
pip install -e ".[dev]"
pytest tests/ -v

FAQ

Does this replace manual pentesting? No. It accelerates it. The agents handle recon, scanning, and correlation. You make the decisions about what to exploit and how deep to go. Human-in-the-loop is on by default.

Is my data sent to the cloud? No. Everything runs locally. The only external calls are to whatever LLM provider you configure (OpenAI, Anthropic, or a local model via Ollama).

Can I add my own tools? Yes. Add a SecurityTool entry in tools/registry.py with a command template and output parser. The tool is immediately available through the MCP server.

What about false positives? The PoC validator generates a safe proof of concept for every finding. If the PoC fails, the finding is flagged as unconfirmed. Only validated findings appear in the final report.

For Teams: pentest-ai Enterprise

pentest-ai is fully open source. Every feature runs locally, no auth required. If you're an individual or a small team comfortable with the CLI, you're done — you have everything.

pentest-ai Enterprise ($499/mo) is a hosted dashboard for security teams, MSSPs, and consultancies that need:

• Shared team workspace with role-based access (Owner, Admin, Member)
• SSO / OIDC (Okta, Azure AD, Google Workspace)
• Compliance mapping (SOC 2, ISO 27001, PCI DSS, HIPAA, NIST)
• Audit logs for regulated environments
• Scheduled and recurring scans
• Executive and technical PDF reports
• MITRE ATT&CK coverage dashboards
• Attack surface monitoring
• Integrations (Jira, Slack, GitHub, Teams)
• White-label branding

Everything the CLI does is free forever. Enterprise exists for teams that need to collaborate at scale.

Start a trial at app.pentestai.xyz · Contact sales

Legal

This tool is for authorized security testing only. Always get written permission before testing any system you don't own. See LICENSE for the MIT license.

---

Built by 0xSteph · pentestai.xyz · Claude Code Agents