PentestAgent

PentestAgent is an open-source Python framework built by GH05TCREW that brings AI-driven automation to black-box security testing, bug bounty, red-team, and penetration testing workflows. Released under the MIT license and hosted on GitHub, it reached version 0.2.0 with active development continuing through mid-2026. The project supports multiple LLM backends via LiteLLM, including OpenAI, Anthropic, and any OpenAI-compatible relay endpoint.

What It Is

PentestAgent is a CLI/TUI-based AI agent framework that orchestrates LLM-powered agents to perform security assessments autonomously. It wraps common pentesting tools — nmap, metasploit, sqlmap, hydra, and others — behind an agent loop that can plan, execute, and report on findings without constant human input. The framework is designed for security professionals who want to automate repetitive recon and exploitation workflows while retaining full control over scope and targets.

Modes and Workflow

The TUI exposes four distinct operating modes:

• Assist (/assist) — single-shot instruction with tool execution
• Agent (/agent) — autonomous execution of a scoped task
• Crew (/crew) — multi-agent mode where an orchestrator spawns specialized worker agents
• Interact (/interact) — guided conversational mode for step-by-step pentesting

Users set a target with /target, run playbooks via pentestagent run -t example.com --playbook thp3_web, and generate reports with /report. Conversation history is auto-saved and browsable via /conversations, with rewind and fork controls for branching sessions.

Multi-Agent Architecture

A standout feature is the spawn_mcp_agent built-in tool, which allows a running agent to spawn isolated child copies of itself as subordinate MCP servers connected over stdio. Each child has its own runtime, LLM client, conversation history, and notes store. The parent agent can delegate scoped subtasks to children in parallel — for example, running simultaneous port scans across multiple subnets — and collect results asynchronously using run_task_async and await_tasks. This enables hierarchical multi-agent workflows without external orchestration infrastructure.

MCP Integration

PentestAgent supports the Model Context Protocol (MCP) in both directions. As a client, it connects to external MCP servers (configured via mcp_servers.json) to pull in additional tools. As a server, it exposes itself over STDIO or SSE transports so external MCP clients — Claude Desktop, Cursor, and others — can submit tasks, inspect results, and control the agent remotely. When an MCP server exposes more than 128 tools, a built-in RAG optimizer automatically replaces the full catalogue with an embedding-based retrieval tool, keeping context windows manageable.

Knowledge and Memory System

The framework includes a RAG engine that ingests methodologies, CVEs, and wordlists from pentestagent/knowledge/sources/ for automatic context injection. Agents persist findings to loot/notes.json with structured categories (credential, vulnerability, finding, artifact), and notes survive across sessions. In Crew mode, an orchestrator builds a Shadow Graph — a knowledge graph derived from notes — to surface strategic insights such as credential reuse across hosts.

Deployment Options

PentestAgent runs locally or inside Docker for tool isolation. Two pre-built images are available via GitHub Container Registry: a base image with nmap, netcat, and curl, and a Kali image with metasploit, sqlmap, hydra, and the full Kali toolset. The --docker flag routes all terminal tool calls through the container runtime, keeping the host system clean while giving the agent access to a complete pentesting environment.