JSPM

pentesting

0.12.13
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 1399
  • Score
    100M100P100Q107915F
  • License MIT

Autonomous Penetration Testing AI Agent

Package Exports

  • pentesting
  • pentesting/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (pentesting) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

  ██████╗ ███████╗███╗   ██╗████████╗███████╗███████╗████████╗██╗███╗   ██╗ ██████╗ 
  ██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝██║████╗  ██║██╔════╝ 
  ██████╔╝█████╗  ██╔██╗ ██║   ██║   █████╗  ███████╗   ██║   ██║██╔██╗ ██║██║  ███╗
  ██╔═══╝ ██╔══╝  ██║╚██╗██║   ██║   ██╔══╝  ╚════██║   ██║   ██║██║╚██╗██║██║   ██║
  ██║     ███████╗██║ ╚████║   ██║   ███████╗███████║   ██║   ██║██║ ╚████║╚██████╔╝
  ╚═╝     ╚══════╝╚═╝  ╚═══╝   ╚═╝   ╚══════╝╚══════╝   ╚═╝   ╚═╝╚═╝  ╚═══╝ ╚═════╝ 
  ────────────────────────────────────────────────────────────────────────────────
                  A U T O N O M O U S   S E C U R I T Y   A G E N T

v0.12.10 | Multi-Agent System | 50+ Security Tools

npm Docker License: MIT


⚠️ Requirements

This agent requires Kali Linux environment for full functionality.

# On Kali Linux
sudo apt update && sudo apt install -y kali-linux-headless nodejs npm
npm install -g pentesting
pentesting

Option 2: Docker with Kali Image

# Pull official Kali Linux image
docker pull kalilinux/kali-rolling

# Run with full tools
docker run -it --rm --network host \
  -e PENTEST_API_KEY="your_key" \
  -e PENTEST_BASE_URL="https://api.openai.com/v1" \
  -e PENTEST_MODEL="gpt-4-turbo" \
  kalilinux/kali-rolling bash -c "
    apt update && apt install -y nodejs npm kali-tools-top10 && \
    npm install -g pentesting && \
    pentesting
  "

Option 3: Kali on WSL2 (Windows)

# Install Kali from Microsoft Store, then:
sudo apt update && sudo apt install -y kali-linux-headless nodejs npm
sudo npm install -g pentesting
pentesting

Quick Start

npm install -g pentesting

# requirements
export PENTEST_API_KEY="your_api_key"
export PENTEST_BASE_URL="https://api.z.ai/api/anthropic"
export PENTEST_MODEL="glm-4.7"

pentesting

Note: If a security tool is not installed, the agent will automatically attempt to install it using apt.


Core Features

Feature Description
Multi-Agent System 5 specialist agents (Recon, Web, Exploit, PrivEsc, Lateral)
Autonomous Orchestration Strategic planning, self-diagnostics, quality gates
50+ Security Tools nmap, sqlmap, ffuf, gobuster, hydra, metasploit...
Auto-Install Missing tools are automatically installed via apt
CTF Research Writeup search (0xdf, IppSec), scenario-based research
Audit & Safety Tool execution logging, risk scoring, approval system

TUI Commands

/target <ip>      Set target
/start            Start autonomous pentest
/research <box>   Search writeups & exploits  
/findings         Show findings
/yolo             Toggle auto-approve
/help             Show all commands

Environment

Variable Description
PENTEST_API_KEY API key (required)
PENTEST_BASE_URL Custom API endpoint
PENTEST_MODEL LLM model (default: claude-sonnet-4-20250514)

Supported Tools

The agent supports 50+ security tools. If a tool is missing, it will be installed automatically:

Category Tools
Reconnaissance nmap, rustscan, masscan, subfinder, amass
Web ffuf, gobuster, nikto, nuclei, sqlmap, whatweb
Exploitation metasploit, searchsploit, msfvenom
Credential hydra, john, hashcat, crackmapexec
Windows/AD impacket-*, bloodhound, kerbrute, enum4linux
Utilities netcat, socat, chisel, proxychains

Web Research (Playwright)

The agent includes a powerful Playwright-based web research engine:

  • CAPTCHA bypass - Headless browser avoids detection
  • Deep search - Follows links and extracts content
  • Multi-source - Google, DuckDuckGo, exploit-db, CVE databases
  • CTF research - Searches 0xdf, ippsec, HackTheBox writeups
# Features available in autonomous mode:
# - searchGoogle(query)
# - deepSearch(query, { depth: 2 })
# - searchWriteups("htb box name")
# - ctfResearch("Lame", "linux")

Documentation


License

MIT | ⚠️ For authorized security testing and CTF competitions only.