JSPM

pentesting

0.1.3
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 1399
  • Score
    100M100P100Q107385F
  • License MIT

Autonomous Penetration Testing AI Agent

Package Exports

  • pentesting
  • pentesting/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (pentesting) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Pentesting

🎯 DEF CON-level Autonomous Penetration Testing AI Agent

Pentesting Logo

npm version Docker

Features

  • 7-Phase Workflow: Recon → Enum → Vuln Analysis → Exploitation → PrivEsc → Lateral → Reporting
  • Parallel Agent Orchestration: 2-4 specialized agents working simultaneously
  • Ralph-Style Loops: Self-referential iteration until objective completion
  • Confidence Scoring: Findings rated 0-100 to filter false positives
  • MCP Integration: Model Context Protocol for extended tool capabilities
  • Docker Toolkit: 50+ pre-installed pentesting tools

Quick Start

Install

npm install -g pentesting

Configure

export ANTHROPIC_API_KEY=your_api_key

Run

pentesting
# or
npx pentesting

Docker Environment

# Pull pre-built toolkit (50+ tools)
docker pull agnusdei1207/pentesting-tools:latest

# Run with host network (required for target access)
docker run -d --name pentesting-tools --network host \
  -v $(pwd)/workspace:/pentest \
  agnusdei1207/pentesting-tools:latest

# Execute tools
docker exec -it pentesting-tools nmap -sCV 10.0.0.1

Plugin System

Based on Claude-Code plugin architecture:

plugins/pentesting-core/
├── agents/           # 9 specialized AI agents
├── commands/         # 5 slash commands
├── hooks/            # Event handlers
└── skills/           # 9 domain skills

Agents

Agent Specialty
target-explorer Reconnaissance
exploit-researcher CVE/Exploit research
privesc-master Privilege escalation
web-hacker OWASP Top 10
crypto-solver Cryptography
forensics-analyst Digital forensics
reverse-engineer Binary analysis
attack-architect Strategy planning
finding-reviewer Validation

Commands

/pentest-loop <target> <objective>    # Autonomous attack loop
/scan <target>                         # Quick enumeration
/exploit <query>                       # Search/run exploits
/vuln-review                          # Review findings

Architecture

┌──────────────────────────────────────────────────────────────┐
│                  AutonomousHackingAgent                      │
├──────────────────────────────────────────────────────────────┤
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐          │
│  │   Claude    │  │   Plugin    │  │    MCP      │          │
│  │    API      │  │   System    │  │   Client    │          │
│  └─────────────┘  └─────────────┘  └─────────────┘          │
│         │                │                │                  │
│  ┌──────┴────────────────┴────────────────┴───────┐         │
│  │              Tool Executor                       │         │
│  │  (bash, nmap, sqlmap, msfconsole, etc.)        │         │
│  └─────────────────────────────────────────────────┘         │
├──────────────────────────────────────────────────────────────┤
│  Hook System │ Command Parser │ Web Search │ Agents         │
└──────────────────────────────────────────────────────────────┘

Configuration

MCP Servers

Create .pentest/mcp.json:

{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/"]
    },
    "pentesting-tools": {
      "command": "docker",
      "args": ["exec", "-i", "pentesting-tools", "/bin/bash"]
    }
  }
}

Environment Variables

Variable Description Default
ANTHROPIC_API_KEY Claude API key Required
PENTEST_MODEL Claude model claude-sonnet-4-20250514
PENTEST_MAX_TOKENS Max response tokens 8192

Development

# Clone
git clone https://github.com/agnusdei1207/pentesting.git
cd pentesting

# Install
npm install

# Build
npm run build

# Dev mode
npm run dev

⚠️ Only use on systems you own or have explicit permission to test.

This tool is for authorized penetration testing and CTF competitions only.

License

MIT