Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
PamStealer Mimics Maccy, Silently Harvests Data
July 4, 2026
Critical FatFs Vulnerabilities Expose Millions of Embedded Devices
July 4, 2026
Critical Linux Kernel Vulnerability CVE-2023-0179 Grants Root Access
July 4, 2026
Home/CyberSecurity News/Pentest-AI Agents: 28 Claude Code Subagents for Penetration Testing
CyberSecurity News

Pentest-AI Agents: 28 Claude Code Subagents for Penetration Testing

Key Takeaways A new open-source toolkit, pentest-ai-agents, leverages Anthropic’s Claude Code to create a sophisticated AI assistant for penetration testing. The toolkit comprises 28...

Jennifer sherman
Jennifer sherman
April 27, 2026 3 Min Read
47 0

Key Takeaways

  • A new open-source toolkit, pentest-ai-agents, leverages Anthropic’s Claude Code to create a sophisticated AI assistant for penetration testing.
  • The toolkit comprises 28 specialized subagents, each focusing on specific domains within the pentesting lifecycle, from reconnaissance to report generation.
  • It features a two-tier execution model for safety, allowing users to choose between advisory mode and direct command execution with explicit approval.
  • The system includes a persistent findings database and can generate professional penetration test reports.

The landscape of cybersecurity is witnessing a significant evolution with the introduction of pentest-ai-agents, an open-source toolkit designed to revolutionize how security professionals conduct penetration tests. This innovative framework transforms Anthropic’s Claude Code into a highly specialized offensive security research assistant, powered by a collection of 28 domain-specific subagents.

Table Of Content

  • Key Takeaways
  • Pentest-AI-Agents Installation and Operation
  • Persistent Findings Database and Reporting

Security researcher 0xSteph spearheaded the release of pentest-ai-agents on GitHub. This comprehensive suite of 28 Claude Code subagents brings deep expertise to every stage of the penetration testing lifecycle, moving beyond the limitations of general-purpose AI models.

The toolkit’s capabilities span a wide array of critical security domains. These include reconnaissance, web application testing, Active Directory attacks, cloud security assessments, mobile pentesting, wireless network exploits, social engineering tactics, complex exploit chaining, detection engineering, digital forensics, malware analysis, and automated report generation.

A key innovation of this framework is its intelligent routing mechanism. Instead of relying on a single, monolithic AI, the system automatically directs each user query to the most appropriate specialist agent, ensuring highly targeted and efficient responses.

Pentest-AI-Agents Installation and Operation

Setting up pentest-ai-agents is designed for simplicity, requiring no external servers, dependencies, or intricate configurations. A single command streamlines the entire installation process:

curl -fsSL https://raw.githubusercontent.com/0xSteph/pentest-ai-agents/main/install.sh | bash

This script efficiently clones the repository, places all 28 agent files into the ~/.claude/agents/ directory, and completes its execution. The installation is fully idempotent, meaning it can be re-run safely to update existing agents without issues.

Further installation flexibility is provided through additional options, such as --project for project-specific deployments. A cost-optimized lite mode (--global --lite) is also available, which utilizes Claude Haiku for advisory agents, significantly reducing token consumption.

The toolkit employs a robust two-tier execution model to ensure both safety and operational flexibility. Tier 1 agents operate in an advisory capacity. Users input tool output, and the agents provide prioritized analysis, methodological guidance, and suggest subsequent commands.

Tier 2 agents offer more advanced functionality, capable of composing and executing commands directly within a pre-declared and authorized scope. Critically, Claude Code displays each command for explicit user approval before execution, maintaining user control over offensive actions. Tier 2 agents encompass tools like the Recon Advisor (utilizing nmap, whois, whatweb), Web Hunter (for ffuf, sqlmap, dalfox), AD Attacker (integrating BloodHound, Impacket, CrackMapExec, Certipy), Exploit Chainer, PoC Validator, and Business Logic Hunter. Every offensive action performed by these agents is meticulously mapped to MITRE ATT&CK identifiers and accompanied by relevant defensive context.

Persistent Findings Database and Reporting

A crucial feature for multi-day engagements is the built-in SQLite-backed findings database, accessed via findings.sh. This database ensures that engagement data persists across different Claude Code sessions, facilitating seamless handoffs and continuous operations. When findings.sh is included in the system PATH, Tier 2 agents automatically record their findings to this database. The dedicated Report Generator agent then leverages this data to produce professional penetration test reports, complete with executive summaries, CVSS scoring, and comprehensive remediation roadmaps.

For environments with strict air-gapped security or heightened privacy concerns, the toolkit offers an alternative: agents can be converted into OpenCode custom commands. This conversion, handled by the included opencode-setup.sh script, makes them compatible with local models run through platforms like Ollama, LM Studio, or any other local model setup.

Further extending the ecosystem is a companion MCP server, named pentest-ai. This server enhances the toolkit with over 150 tool wrappers, supports autonomous exploit chaining, and enables CI/CD pipeline integration for Claude Desktop, Cursor, and VS Code Copilot.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitMalwareSecurity

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Critical Nessus Agent Windows Flaw (CVE-2024-XXXX) Lets Attackers Run Code as SYSTEM

Next Post

New ‘fast16’ Malware Sabotages High-Value Targets

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Alibaba Bans Internal Use of Claude AI Over Backdoor Concerns
July 3, 2026
Apache ActiveMQ Critical Vulnerabilities Allow DoS Attacks, System Crashes
July 3, 2026
Scammers Impersonate Brands in Gambling Ads to Drive Casino Traffic
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us