Package Exports
- pentesting
- pentesting/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (pentesting) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
██████╗ ███████╗███╗ ██╗████████╗███████╗███████╗████████╗██╗███╗ ██╗ ██████╗
██╔══██╗██╔════╝████╗ ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝██║████╗ ██║██╔════╝
██████╔╝█████╗ ██╔██╗ ██║ ██║ █████╗ ███████╗ ██║ ██║██╔██╗ ██║██║ ███╗
██╔═══╝ ██╔══╝ ██║╚██╗██║ ██║ ██╔══╝ ╚════██║ ██║ ██║██║╚██╗██║██║ ██║
██║ ███████╗██║ ╚████║ ██║ ███████╗███████║ ██║ ██║██║ ╚████║╚██████╔╝
╚═╝ ╚══════╝╚═╝ ╚═══╝ ╚═╝ ╚══════╝╚══════╝ ╚═╝ ╚═╝╚═╝ ╚═══╝ ╚═════╝
────────────────────────────────────────────────────────────────────────────────
A U T O N O M O U S S E C U R I T Y A G E N Tv0.12.10 | Multi-Agent System | 50+ Security Tools
⚠️ Requirements
This agent requires Kali Linux environment for full functionality.
Option 1: Native Kali Linux (Recommended)
# On Kali Linux
sudo apt update && sudo apt install -y kali-linux-headless nodejs npm
npm install -g pentesting
pentestingOption 2: Docker with Kali Image
# Pull official Kali Linux image
docker pull kalilinux/kali-rolling
# Run with full tools
docker run -it --rm --network host \
-e PENTEST_API_KEY="your_key" \
-e PENTEST_BASE_URL="https://api.openai.com/v1" \
-e PENTEST_MODEL="gpt-4-turbo" \
kalilinux/kali-rolling bash -c "
apt update && apt install -y nodejs npm kali-tools-top10 && \
npm install -g pentesting && \
pentesting
"Option 3: Kali on WSL2 (Windows)
# Install Kali from Microsoft Store, then:
sudo apt update && sudo apt install -y kali-linux-headless nodejs npm
sudo npm install -g pentesting
pentestingQuick Start
npm install -g pentesting
# requirements
export PENTEST_API_KEY="your_api_key"
export PENTEST_BASE_URL="https://api.z.ai/api/anthropic"
export PENTEST_MODEL="glm-4.7"
pentestingNote: If a security tool is not installed, the agent will automatically attempt to install it using apt.
Core Features
| Feature | Description |
|---|---|
| Multi-Agent System | 5 specialist agents (Recon, Web, Exploit, PrivEsc, Lateral) |
| Autonomous Orchestration | Strategic planning, self-diagnostics, quality gates |
| 50+ Security Tools | nmap, sqlmap, ffuf, gobuster, hydra, metasploit... |
| Auto-Install | Missing tools are automatically installed via apt |
| CTF Research | Writeup search (0xdf, IppSec), scenario-based research |
| Audit & Safety | Tool execution logging, risk scoring, approval system |
TUI Commands
/target <ip> Set target
/start Start autonomous pentest
/research <box> Search writeups & exploits
/findings Show findings
/yolo Toggle auto-approve
/help Show all commandsEnvironment
| Variable | Description |
|---|---|
PENTEST_API_KEY |
API key (required) |
PENTEST_BASE_URL |
Custom API endpoint |
PENTEST_MODEL |
LLM model (default: claude-sonnet-4-20250514) |
Supported Tools
The agent supports 50+ security tools. If a tool is missing, it will be installed automatically:
| Category | Tools |
|---|---|
| Reconnaissance | nmap, rustscan, masscan, subfinder, amass |
| Web | ffuf, gobuster, nikto, nuclei, sqlmap, whatweb |
| Exploitation | metasploit, searchsploit, msfvenom |
| Credential | hydra, john, hashcat, crackmapexec |
| Windows/AD | impacket-*, bloodhound, kerbrute, enum4linux |
| Utilities | netcat, socat, chisel, proxychains |
Web Research (Playwright)
The agent includes a powerful Playwright-based web research engine:
- CAPTCHA bypass - Headless browser avoids detection
- Deep search - Follows links and extracts content
- Multi-source - Google, DuckDuckGo, exploit-db, CVE databases
- CTF research - Searches 0xdf, ippsec, HackTheBox writeups
# Features available in autonomous mode:
# - searchGoogle(query)
# - deepSearch(query, { depth: 2 })
# - searchWriteups("htb box name")
# - ctfResearch("Lame", "linux")Documentation
- ARCHITECTURE.md - System architecture
License
MIT | ⚠️ For authorized security testing and CTF competitions only.