JSPM

pentesting

0.1.0
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 1399
  • Score
    100M100P100Q107729F
  • License MIT

Autonomous Penetration Testing AI Agent powered by Claude

Package Exports

  • pentesting
  • pentesting/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (pentesting) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Pentest

Autonomous Penetration Testing AI Agent.

██████╗ ███████╗███╗   ██╗████████╗███████╗███████╗████████╗
██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝
██████╔╝█████╗  ██╔██╗ ██║   ██║   █████╗  ███████╗   ██║   
██╔═══╝ ██╔══╝  ██║╚██╗██║   ██║   ██╔══╝  ╚════██║   ██║   
██║     ███████╗██║ ╚████║   ██║   ███████╗███████║   ██║   
╚═╝     ╚══════╝╚═╝  ╚═══╝   ╚═╝   ╚══════╝╚══════╝   ╚═╝   

Features

  • Autonomous AI Agent: Analyzes, plans, executes tools, and interprets results automatically
  • PTES Methodology: Systematic penetration testing following industry standards
  • 30+ Integrated Tools: Nmap, SQLmap, Metasploit, Burp Suite, and more
  • Privilege Escalation: Built-in Linux/Windows rooting techniques
  • Rabbit Hole Detection: Self-reflection when stuck, tries alternative approaches
  • Real-time Thinking Display: Watch the agent's thought process in TUI

Requirements

  • Node.js 18+
  • Anthropic API Key
  • Kali Linux or macOS (for pentesting tools)

Installation

1. Clone and Install

git clone https://github.com/agnusdei1207/pentesting.git
cd pentesting
npm install

2. Install SecLists and Wordlists

# SecLists (required for directory bruteforce, fuzzing, etc.)
git clone --depth 1 https://github.com/danielmiessler/SecLists.git /opt/SecLists

# Alternative: Using apt (Kali/Debian)
sudo apt install -y seclists

# RockYou wordlist (for password cracking)
sudo apt install -y wordlists
sudo gunzip /usr/share/wordlists/rockyou.txt.gz 2>/dev/null || true

3. Install Pentest Tools

# Core tools
sudo apt install -y nmap masscan gobuster nikto sqlmap hydra john hashcat

# Web tools
sudo apt install -y ffuf nuclei whatweb wfuzz

# Exploitation
sudo apt install -y metasploit-framework exploitdb

# Post-exploitation
sudo apt install -y crackmapexec evil-winrm impacket-scripts chisel

# Browser automation
npm install -g playwright
npx playwright install chromium

4. Set API Key

export ANTHROPIC_API_KEY="your-api-key"

Build

npm run build

Global Installation

npm run build
npm link

Now you can run pentesting from anywhere.

Usage

Quick Start

# Interactive mode
pentesting

# With target
pentesting -t 192.168.1.1

# Auto-approve all tools (dangerous!)
pentesting --dangerously-skip-permissions

CLI Commands

Command Description
pentesting Start interactive TUI
pentesting -t <ip> Start with target
pentesting --dangerously-skip-permissions Auto-approve all tool executions
pentesting run <objective> Run single objective
pentesting scan <target> Quick scan target

Interactive Commands

Command Description
/target <ip> Set target IP or hostname
/start Start autonomous mode
/start <objective> Start with specific objective
/hint <text> Provide hint to agent
/pause Pause execution
/resume Resume execution
/findings Show discovered vulnerabilities
/reset Reset session

Keyboard Shortcuts

Key Action
T Toggle thought display
P Pause
R Resume
Ctrl+C Exit

Examples

# Full autonomous mode (auto-approve everything)
pentesting --dangerously-skip-permissions -t 10.10.10.5

# Run specific objective
pentesting run "Find SQL injection vulnerabilities" -t http://target.com -o report.json

# Quick vulnerability scan
pentesting scan 192.168.1.1 -s vuln

Attack Phases

  1. Reconnaissance - OSINT, DNS, subdomain enumeration
  2. Scanning - Port scanning, service detection
  3. Enumeration - Deep service enumeration, user discovery
  4. Vulnerability Analysis - CVE mapping, vulnerability scanning
  5. Exploitation - Initial access, web attacks
  6. Privilege Escalation - Linux/Windows rooting
  7. Pivoting - Internal network discovery, tunneling
  8. Persistence - Backdoor installation
  9. Data Exfiltration - Sensitive data extraction
  10. Reporting - Findings documentation

Project Structure

pentesting/
├── src/
│   ├── cli/                    # TUI components
│   ├── config/                 # Constants, theme
│   ├── core/
│   │   ├── agent/              # Autonomous agent
│   │   ├── prompts/            # AI prompts
│   │   └── tools/              # Tool definitions
│   └── mcp/                    # MCP server config
├── skills/                     # Pentest skill files
└── dist/                       # Build output

Integrated Tools

Category Tools
Reconnaissance nmap, masscan, rustscan, theHarvester, amass
Web gobuster, ffuf, nikto, sqlmap, nuclei
Exploitation metasploit, searchsploit, hydra
PrivEsc linpeas, winpeas, mimikatz, bloodhound
Post-Exploit chisel, impacket, crackmapexec

Environment Variables

Variable Description
ANTHROPIC_API_KEY Anthropic API key (required)
PENTEST_MODEL Model override (default: claude-sonnet-4-20250514)

Disclaimer

This tool is for authorized penetration testing and security research only.

  • Always obtain written permission before testing
  • Unauthorized testing is illegal
  • Developers are not responsible for misuse

License

MIT License