PentestAgent

v1.0.0Securitystable

PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.

aiai-agentsai-assistantai-cybersecurityai-hacking
Share:
2,406
Stars
0
Downloads
0
Weekly
0/5

What is PentestAgent?

PentestAgent is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to pentestagent is an ai agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.

PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • PentestAgent is an AI agent framework for black-box security

Use Cases

AI agent framework for black-box security testing
Support bug bounty and red-team workflows
GH05TCREW

Maintainer

LicenseMIT
Languagepython
Versionv1.0.0
UpdatedMay 22, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx pentestagent

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use PentestAgent

PentestAgent is an open-source AI agent framework designed specifically for black-box security testing, supporting bug bounty hunting, red-team engagements, and penetration testing workflows. It connects to LLMs from Anthropic, OpenAI, or any OpenAI-compatible provider via LiteLLM and exposes a terminal UI plus four operating modes — assist, agent, crew (multi-agent), and interact — along with built-in tools for terminal access, browser automation, note-taking, and web search. Security researchers use it to automate reconnaissance, vulnerability enumeration, and exploitation chains against authorized targets, with optional hierarchical agent spawning for parallel task execution.

Prerequisites

  • Python 3.10+ and pip
  • Git to clone the repository
  • An LLM provider API key: ANTHROPIC_API_KEY for Claude models or OPENAI_API_KEY for GPT models
  • Playwright's Chromium browser for browser-based reconnaissance tools (installed via the setup script)
  • Optional: A Tavily API key (TAVILY_API_KEY) for web search tool support
1

Clone the repository

Clone the PentestAgent repository to your local machine.

git clone https://github.com/GH05TCREW/pentestagent.git
cd pentestagent
2

Run the setup script

Execute the platform-appropriate setup script to create a virtual environment, install dependencies, and configure Playwright's Chromium browser.

# Linux/macOS:
./scripts/setup.sh

# Windows:
.\scripts\setup.ps1
3

Configure your API credentials

Create a .env file in the project root and set your LLM provider API key and preferred model. Use Claude Sonnet for best results on complex security tasks.

# .env
ANTHROPIC_API_KEY=sk-ant-your-key-here
PENTESTAGENT_MODEL=claude-sonnet-4-20250514

# Optional for web search:
TAVILY_API_KEY=your-tavily-key
4

Run PentestAgent against a target

Launch the interactive terminal UI targeting an authorized host. Always ensure you have written permission before scanning any target.

pentestagent -t 192.168.1.100
5

Run a predefined attack playbook

Execute a structured penetration testing playbook for automated web application testing.

pentestagent run -t example.com --playbook thp3_web
6

Expose PentestAgent as an MCP server

Start PentestAgent in MCP server mode so an external MCP client can invoke its tools remotely.

pentestagent mcp_server --type sse --host 0.0.0.0 --port 8080

PentestAgent Examples

Client configuration

MCP client configuration to connect to a running PentestAgent MCP SSE server.

{
  "mcpServers": {
    "pentestagent": {
      "type": "sse",
      "url": "http://localhost:8080/sse",
      "env": {
        "ANTHROPIC_API_KEY": "sk-ant-your-key-here",
        "PENTESTAGENT_MODEL": "claude-sonnet-4-20250514"
      }
    }
  }
}

Prompts to try

Example prompts for authorized penetration testing engagements using PentestAgent.

- "Perform a port scan on 192.168.1.100 and identify open services."
- "Check example.com for common web vulnerabilities including XSS and SQL injection."
- "Enumerate subdomains for target.com and report which ones have active HTTP services."
- "Run a full web application assessment against https://testphp.vulnweb.com and produce a findings report."
- "/spawn 10.0.1.0/24 --scope 10.0.1.0/24 (spawn a child agent for parallel network recon)"

Troubleshooting PentestAgent

Setup script fails with Playwright installation errors

Run 'playwright install chromium' manually after activating the virtual environment. Ensure you have at least 500MB of free disk space for the Chromium browser binary.

API authentication errors when starting the agent

Verify that your .env file is in the project root directory and that the key variable matches your provider: ANTHROPIC_API_KEY for Claude or OPENAI_API_KEY for GPT models. The .env file is loaded automatically on startup.

Web search tool returns 'API key not configured' errors

Web search requires a Tavily account. Add TAVILY_API_KEY=your-key to your .env file. Without it, browser-based manual browsing still works but automated search queries will fail.

Frequently Asked Questions about PentestAgent

What is PentestAgent?

PentestAgent is a Model Context Protocol (MCP) server that pentestagent is an ai agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install PentestAgent?

Follow the installation instructions on the PentestAgent GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with PentestAgent?

PentestAgent works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is PentestAgent free to use?

Yes, PentestAgent is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

PentestAgent Alternatives — Similar Security Servers

Looking for alternatives to PentestAgent? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "pentestagent": { "command": "npx", "args": ["-y", "pentestagent"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use PentestAgent?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides