Finally, an AI that doesn’t just tell you to run security scans—it actually executes them. PentestAgent combines LLMs with real pentesting tools like nmap, Metasploit, and sqlmap, creating an autonomous security testing framework that can conduct actual black-box assessments. Instead of copy-pasting commands from ChatGPT, you get an agent that runs the tools, analyzes results, and chains attacks together.
The framework offers three distinct modes: Assist for guided testing, Agent for autonomous single-task execution, and Crew for multi-agent collaborative attacks. It runs everything in Docker containers (including a full Kali image) for safety, supports any LiteLLM model, and includes specialized tools for browser automation and network reconnaissance. The knowledge graph integration means it learns from each engagement, building institutional memory across assessments.
Perfect for bug bounty hunters who want to automate reconnaissance, red teamers scaling their engagements, or penetration testers looking to augment their workflows. With 1600+ stars and active development, this isn’t just another security chatbot—it’s a legitimate AI agent that does the actual work of security testing.
⭐ Stars: 1614
💻 Language: Python
🔗 Repository: GH05TCREW/pentestagent