Package Exports
- pentesting
- pentesting/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (pentesting) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
Pentesting
🎯 DEF CON-level Autonomous Penetration Testing AI Agent
Features
- 7-Phase Workflow: Recon → Enum → Vuln Analysis → Exploitation → PrivEsc → Lateral → Reporting
- Parallel Agent Orchestration: 2-4 specialized agents working simultaneously
- Ralph-Style Loops: Self-referential iteration until objective completion
- Confidence Scoring: Findings rated 0-100 to filter false positives
- MCP Integration: Model Context Protocol for extended tool capabilities
- Docker Toolkit: 50+ pre-installed pentesting tools
Quick Start
Install
npm install -g pentestingConfigure
export ANTHROPIC_API_KEY=your_api_keyRun
pentesting
# or
npx pentestingDocker Environment
# Pull pre-built toolkit (50+ tools)
docker pull agnusdei1207/pentesting-tools:latest
# Run with host network (required for target access)
docker run -d --name pentesting-tools --network host \
-v $(pwd)/workspace:/pentest \
agnusdei1207/pentesting-tools:latest
# Execute tools
docker exec -it pentesting-tools nmap -sCV 10.0.0.1Plugin System
Based on Claude-Code plugin architecture:
plugins/pentesting-core/
├── agents/ # 9 specialized AI agents
├── commands/ # 5 slash commands
├── hooks/ # Event handlers
└── skills/ # 9 domain skillsAgents
| Agent | Specialty |
|---|---|
| target-explorer | Reconnaissance |
| exploit-researcher | CVE/Exploit research |
| privesc-master | Privilege escalation |
| web-hacker | OWASP Top 10 |
| crypto-solver | Cryptography |
| forensics-analyst | Digital forensics |
| reverse-engineer | Binary analysis |
| attack-architect | Strategy planning |
| finding-reviewer | Validation |
Commands
/pentest-loop <target> <objective> # Autonomous attack loop
/scan <target> # Quick enumeration
/exploit <query> # Search/run exploits
/vuln-review # Review findingsArchitecture
┌──────────────────────────────────────────────────────────────┐
│ AutonomousHackingAgent │
├──────────────────────────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Claude │ │ Plugin │ │ MCP │ │
│ │ API │ │ System │ │ Client │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │ │ │ │
│ ┌──────┴────────────────┴────────────────┴───────┐ │
│ │ Tool Executor │ │
│ │ (bash, nmap, sqlmap, msfconsole, etc.) │ │
│ └─────────────────────────────────────────────────┘ │
├──────────────────────────────────────────────────────────────┤
│ Hook System │ Command Parser │ Web Search │ Agents │
└──────────────────────────────────────────────────────────────┘Configuration
MCP Servers
Create .pentest/mcp.json:
{
"mcpServers": {
"filesystem": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-filesystem", "/"]
},
"pentesting-tools": {
"command": "docker",
"args": ["exec", "-i", "pentesting-tools", "/bin/bash"]
}
}
}Environment Variables
| Variable | Description | Default |
|---|---|---|
| ANTHROPIC_API_KEY | Claude API key | Required |
| PENTEST_MODEL | Claude model | claude-sonnet-4-20250514 |
| PENTEST_MAX_TOKENS | Max response tokens | 8192 |
Development
# Clone
git clone https://github.com/agnusdei1207/pentesting.git
cd pentesting
# Install
npm install
# Build
npm run build
# Dev mode
npm run devLegal
⚠️ Only use on systems you own or have explicit permission to test.
This tool is for authorized penetration testing and CTF competitions only.
License
MIT