PentestAgent: AI Pentest Tool with Attack Playbooks

PentestAgent, an open-source AI agent framework developed by Masic (GH05TCREW), now features enhanced capabilities. Its latest updates include prebuilt attack playbooks and seamless HexStrike integration.

Released on GitHub by a researcher with the alias GH05TCREW, this tool leverages large language models (LLMs) like Claude Sonnet or GPT-5 via LiteLLM to conduct sophisticated black-box security assessments.

PentestAgent operates through a terminal user interface (TUI), offering modes for assisted chats, autonomous agents, and multi-agent crews, making it accessible for pentesters seeking AI augmentation without sacrificing control. Legal use is emphasized: only test authorized systems, as unauthorized access violates laws.

Core Features and Playbooks

PentestAgent comes with its structured attack playbooks, predefined workflows for web app testing like THP3-style assessments. Users launch them via CLI: pentestagent run -t example.com --playbook thp3_web.

These playbooks guide the AI through reconnaissance, vulnerability scanning, and exploitation phases, injecting domain-specific knowledge from a Retrieval-Augmented Generation (RAG) system.

Notes captured during sessions categorized as credentials, vulnerabilities, findings, or artifacts persist in loot/notes.json and fuel a “shadow graph” in Crew mode, where an orchestrator spawns specialized workers for strategic insights.

The tool supports three operational modes, summarized below:

Built-in tools include a terminal (for nmap, sqlmap), a browser (via Playwright), notes, and web_search (Tavily API required). TUI commands like /target <host>, /tools, /report, and Esc-to-stop provide intuitive control, with memory usage visible via /memory.

Setup is straightforward for Python 3.10+ environments. Clone the repo (git clone https://github.com/GH05TCREW/pentestagent.git), run setup scripts (.scriptssetup.ps1 on Windows or ./scripts/setup.sh on Linux/macOS), and configure .env with an API key (e.g., ANTHROPIC_API_KEY=sk-ant-... and PENTESTAGENT_MODEL=claude-sonnet-4-20250514). Install Chromium via playwright install chromium.

Docker isolation elevates usability: pull pre-built images like ghcr.io/gh05tcrew/pentestagent:kali (packed with Metasploit, Hydra) and run with docker run -it --rm -e ANTHROPIC_API_KEY=your-key ghcr.io/gh05tcrew/pentestagent:kali. Local builds use docker compose.

A standout update is HexStrike integration, vendored in third_party/hexstrike from GitHub. This MCP (Model Context Protocol) framework exposes advanced pentesting tools—scoring, workflows—via mcp_servers.json. Manually install via scripts/install_hexstrike_deps.sh, then add configs like pentestagent mcp add nmap "npx" "-y" "gc-nmap-mcp". CLI management (pentestagent tools list, mcp test) ensures extensibility. Recent TUI fixes improve stability for long-running tasks.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.