Open Source — MIT License

The Most Autonomous
Pentesting AI

Two powerful projects under one roof. A full MCP server with 150+ security tools and autonomous exploit chaining. Plus 28 Claude Code subagents for instant red teaming. Both free. Both open source.

Explore Both Projects View on GitHub
150+
Security Tools
10
Python Agents
28
Claude Agents
0
False Positives
MIT
License
Two Projects

Choose Your Weapon

Both projects are free and open source. They serve different needs — pick the one that fits your workflow, or use both together.

New — v1.0

pentest-ai

MCP Server + Python Agents — 150+ Security Tools

The next-generation pentesting platform. An MCP server that exposes 150+ security tools to any AI client. Autonomous exploit chaining turns low-severity findings into full compromise. Every finding validated with working PoCs.

  • 150+ security tools with intelligent output parsers
  • Autonomous exploit chaining — low-sev to full compromise
  • PoC-validated findings — zero false positives
  • 10 specialist Python agents (Recon, Web, AD, Cloud, Mobile, Wireless, Social Engineer, Exploit Chain, PoC Validator, Detection)
  • MCP protocol — works with Claude, GPT, Copilot, any MCP client
  • Persistent SQLite findings database across sessions
  • Auto-generated detection rules (Sigma, SPL, KQL)
  • Professional report generation
View on GitHub → See Features
Legacy
🤖

pentest-ai-agents

28 Claude Code Subagents — Zero Dependencies

The original project: 28 specialized AI subagents as plain Markdown files. Copy into any Claude Code project and start pentesting immediately. No setup, no build tools, no infrastructure.

  • 28 specialist agents (Offensive, Defense, Reporting, Learning)
  • Zero dependencies — just Markdown files
  • Works with Claude Code out of the box
  • 6 Tier 2 execution agents run tools with your approval
  • MITRE ATT&CK mapped
  • Plain Markdown — fork, modify, extend freely
  • One-command install
View on GitHub → See Features
pentest-ai — MCP Server

150+ Tools. Autonomous Chaining.
Zero False Positives.

A full pentesting platform built in Python with the Model Context Protocol. Connect any AI client and start assessing targets immediately.

🔧

150+ Security Tools

Network scanning (nmap, masscan, rustscan), web testing (sqlmap, nuclei, ffuf), AD attacks (BloodHound, Impacket, CrackMapExec), cloud (Prowler, Pacu, Trivy), binary analysis (Ghidra, radare2, GDB), OSINT, password cracking, and more. Each with intelligent output parsers.

⛓️

Autonomous Exploit Chaining

6 chain templates discover attack paths: Web→Shell, Subdomain Takeover→SSRF, AD Privilege Escalation, Cloud Metadata→Account Takeover, Container Escape, API→Database. Each step requires your approval.

PoC-Validated Findings

Every finding validated with a safe, non-destructive proof of concept. Unconfirmed bugs never reach your report. Batch-validates entire scan reports in priority order.

🤖

10 Specialist Agents

Recon (6-phase), Web (8-phase), AD (7-phase), Cloud (AWS/Azure/GCP), Mobile (Android/iOS), Wireless, Social Engineer, Exploit Chain, PoC Validator, and Detection Rule generation.

🔌

MCP Protocol

Connects to Claude Desktop, Cursor, VS Code Copilot, Roo Code, or any MCP-compatible client. 15 tool endpoints for engagements, findings, chains, reports, and detection rules.

🗄️

Persistent Findings DB

SQLite-backed storage survives across sessions. Tracks engagements, findings, attack chains, detection rules, and tool results with complex queries for chain discovery.

🛡️

Auto Detection Rules

Every offensive technique gets a corresponding detection rule. Auto-generates Sigma, Splunk SPL, and Elastic KQL rules for blue teams.

📊

Professional Reports

Markdown reports with executive summaries, technical findings sorted by severity, attack chains with step-by-step paths, PoCs, remediation guidance, and detection rules.

⚙️

Config System

YAML + .env configuration for LLM provider, model, agent behavior, database, and report settings. Human-in-the-loop mode with approval gates.

# Install and start the MCP server
$ pip install -e .
$ pentest-ai server start

# Then connect from Claude, GPT, Copilot, or any MCP client
# Every command requires your approval before execution
pentest-ai-agents — Claude Code Subagents

28 Specialists. Zero Setup.
Instant Red Team.

Plain Markdown files you drop into any Claude Code project. No dependencies, no build tools, no infrastructure. Describe your task and Claude routes to the right agent automatically.

🎯

Offensive Operations (17 Agents)

engagement-planner, osint-collector, recon-advisor [T2], exploit-guide, privesc-advisor, cloud-security, api-security, mobile-pentester, wireless-pentester, social-engineer, vuln-scanner [T2], web-hunter [T2], credential-tester, attack-planner, bug-bounty, ad-attacker [T2], exploit-chainer [T2]. Tier 2 agents execute tools directly.

🛡️

Defense & Analysis (5 Agents)

detection-engineer (Sigma/SPL/KQL rules), threat-modeler (STRIDE/DREAD), forensics-analyst (memory/disk analysis), malware-analyst (reverse engineering, YARA), stig-analyst (DISA STIG compliance).

📝

Reporting & Learning (6 Agents)

report-generator, poc-validator [T2], swarm-orchestrator, bizlogic-hunter [T2], cicd-redteam, ctf-solver. Professional reports, swarm coordination, business logic testing, CI/CD integration, and CTF solving.

🔀

Automatic Agent Routing

Claude reads each agent's description and routes your task to the right specialist automatically. "Scan 10.10.1.0/24" goes to recon-advisor. "Write a Sigma rule for DCSync" goes to detection-engineer.

Human-in-the-Loop Execution

6 Tier 2 agents execute tools directly, but every command goes through Claude Code's permission prompt first. You see the full command and approve or deny it.

📋

MITRE ATT&CK Mapped

Every technique is cross-referenced with ATT&CK IDs. Know exactly where each finding sits in the adversary framework. Maps offensive methodology to defensive detection.

🔗

Attack Chain Planning

The attack-planner correlates findings from all agents into scored multi-step attack paths. See the full chain from initial access to domain admin with stealth scoring and failure fallbacks.

🐛

Business Logic Testing

The bizlogic-hunter finds price manipulation, workflow bypasses, race conditions, and authorization logic flaws that standard scanners completely miss.

🚀

CI/CD Integration

The cicd-redteam agent generates ready-to-use pipeline configs for GitHub Actions, GitLab CI, and Jenkins. 3-tier scanning with configurable security gates.

# One command install
$ git clone https://github.com/0xSteph/pentest-ai-agents.git && cd pentest-ai-agents && ./install.sh --global

# Then in Claude Code, just describe your task
You: "Scan 10.10.1.0/24 and build me an attack chain to Domain Admin"
Routing to recon-advisor agent...
Comparison

Which One Should You Use?

Both are free. Both are open source. They serve different needs.

Feature pentest-ai (MCP) pentest-ai-agents
Security Tools 150+ with parsers Advisory only (6 T2 execute)
AI Client Support Claude, GPT, Copilot, any MCPClaude Code only
Exploit Chaining 6 chain templates, autonomous Manual via attack-planner
PoC Validation Automated, safe Via poc-validator agent
Findings Database Persistent SQLite Session-only
Detection Rules Auto-generated (Sigma/SPL/KQL) Via detection-engineer
Setup RequiredPython venv + tool installation Zero — just Markdown
Dependencies128 Python packages None
Best ForFull autonomous pentesting platformQuick engagements, learning, Claude Code users
LicenseMITMIT
PriceFreeFree
FAQ

Common Questions

Everything you need to know about both projects.

What's the difference between the two projects?
pentest-ai is a full MCP server with 150+ security tools, autonomous exploit chaining, and 10 Python agents. It connects to any AI client (Claude, GPT, Copilot). pentest-ai-agents is 28 Claude Code subagents as plain Markdown files — zero dependencies, instant setup. Use pentest-ai for a full autonomous platform, use pentest-ai-agents for quick Claude Code engagements.
Are both projects free?
Yes. Both are 100% free and open source under the MIT license. No paid tiers, no feature locks, no vendor lock-in. Use them, modify them, distribute them freely.
Does either project execute attacks without my approval?
No. pentest-ai runs in human-in-the-loop mode — every command requires approval. pentest-ai-agents' 6 Tier 2 agents also go through Claude Code's permission prompt. You see every command before it runs.
What is autonomous exploit chaining?
The exploit-chainer takes isolated, often low-severity findings and connects them into multi-step attack paths that demonstrate full compromise. For example: info disclosure + weak permission + credential reuse = Domain Admin. Each step requires your approval. 6 chain templates cover web, AD, cloud, containers, and API attacks.
Can I use these for bug bounty programs?
Yes, within the program's scope and rules. Both projects include dedicated bug bounty methodology. Always operate within the program's rules of engagement.
Do I need security certifications to use these?
No certifications are required to install and explore either project. For real engagements, you should have proper training and authorization. Both projects adapt to your skill level — beginners get explanations, experienced operators get exact command syntax.

Ready to Start Pentesting?

Both projects are free, open source, and ready to go. Pick one or use both.

⚡ pentest-ai (MCP Server) 🤖 pentest-ai-agents