JSPM

pentesting

0.8.44
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 1399
  • Score
    100M100P100Q107595F
  • License MIT

Autonomous Penetration Testing AI Agent

Package Exports

  • pentesting
  • pentesting/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (pentesting) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

   ██████╗ ███████╗███╗   ██╗████████╗███████╗███████╗████████╗██╗███╗   ██╗ ██████╗ 
   ██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝██║████╗  ██║██╔════╝ 
   ██████╔╝█████╗  ██╔██╗ ██║   ██║   █████╗  ███████╗   ██║   ██║██╔██╗ ██║██║  ███╗
   ██╔═══╝ ██╔══╝  ██║╚██╗██║   ██║   ██╔══╝  ╚════██║   ██║   ██║██║╚██╗██║██║   ██║
   ██║     ███████╗██║ ╚████║   ██║   ███████╗███████║   ██║   ██║██║ ╚████║╚██████╔╝
   ╚═╝     ╚══════╝╚═╝  ╚═══╝   ╚═╝   ╚══════╝╚══════╝   ╚═╝   ╚═╝╚═╝  ╚═══╝ ╚═════╝ 

Autonomous AI Penetration Testing Agent

npm version License: MIT


Philosophy

Think → Plan → Collaborate → Execute → Reflect → Adapt

Pentesting is not just a tool execution agent. It aims for AGI-level autonomous thinking:

  • 🧠 Autonomous Decision - Decide and act without asking the user
  • 🎯 BFS First - Breadth over depth, map the attack surface first
  • 🤝 Agent Collaboration - 9 specialist agents share knowledge and collaborate
  • 🔄 Continuous Reflection - Learn from failures and adjust strategy
  • 💾 Shared Memory - All agents share discoveries

Quick Start

# Docker required for security tools
npm install -g pentesting

# Set API key
export PENTEST_API_KEY="your_api_key"

# Optional: Custom API endpoint
export PENTEST_BASE_URL="https://api.z.ai/api/anthropic"   
export PENTEST_MODEL="glm-4.7"                       

pentesting

Architecture

┌─────────────────────────────────────────────────────────────┐
│                    SUPERVISOR AGENT                          │
│              (Task Planning & Coordination)                  │
└─────────────────────────────────────────────────────────────┘
                            │
                            ▼
┌─────────────────────────────────────────────────────────────┐
│                     SHARED MEMORY                            │
│     Short-Term │ Long-Term │ Episodic │ Attack Surface      │
└─────────────────────────────────────────────────────────────┘
                            │
        ┌───────────────────┼───────────────────┐
        ▼                   ▼                   ▼
┌───────────────┐   ┌───────────────┐   ┌───────────────┐
│target-explorer│   │exploit-research│   │ privesc-master │
│   web-hacker  │   │ crypto-solver │   │forensics-analyst│
│reverse-engineer│  │attack-architect│  │finding-reviewer│
└───────────────┘   └───────────────┘   └───────────────┘

Core Components

Component Role
Supervisor Agent Task planning, agent selection, strategy adjustment
Shared Memory Cross-agent context sharing, failure recording
9 Specialists Domain expert agents
Orchestrator Parallel execution, result consolidation

Features

  • Multi-Agent Orchestration - 9 specialist agents collaborate
  • Shared Memory System - Cross-agent knowledge sharing
  • Strategic Planning - BFS-based attack surface mapping
  • Self-Reflection - Auto strategy change when stuck
  • Handoff Protocol - Context transfer between agents
  • 80%+ Confidence Filter - Report only high-confidence findings
  • 50+ Security Tools - nmap, sqlmap, gobuster, hydra...

Environment Variables

Variable Required Default Description
PENTEST_API_KEY - API key
PENTEST_BASE_URL - Custom API endpoint
PENTEST_MODEL claude-sonnet-4-20250514 LLM model
PENTEST_MAX_TOKENS 16384 Max response tokens

Commands

Command Description
/target <ip> Set target
/start [objective] Start autonomous pentest
/agent <name> Switch to specialist agent
/plan Show current attack plan
/memory Show shared memory state
/findings Show findings
/status Status
/yolo Toggle auto-approve
/help Help

Specialized Agents

Agent Specialty
target-explorer Recon, OSINT, Enumeration
exploit-researcher CVE, Exploit Development
privesc-master Linux/Windows Privilege Escalation
web-hacker Web Vulnerabilities, Injection
crypto-solver Hash Cracking, Cryptography
forensics-analyst Memory/File Analysis
reverse-engineer Binary Analysis, PWN
attack-architect Strategy, Attack Chains
finding-reviewer Validation, Confidence Scoring

Programmatic Usage

import { 
    getSupervisor, 
    getAgentMemory, 
    AutonomousHackingAgent 
} from 'pentesting';

// High-level: Supervisor orchestration
const supervisor = getSupervisor();
const plan = await supervisor.createPlan('Get root access', '10.10.10.5');
const findings = await supervisor.executePlan();

// Direct agent usage
const agent = new AutonomousHackingAgent();
await agent.start('Enumerate web application', 'http://target.com');

Documentation


Design Principles

  1. BFS Over DFS - Map attack surface completely first
  2. Fail Fast, Pivot Quick - Switch to alternative after 3 attempts
  3. Shared Context - All agents share discoveries
  4. Confidence-Based - Prioritize high-confidence findings
  5. AGI-like Autonomy - Decide without asking

License

MIT

⚠️ For authorized security testing only.