PentestCode AI Agent Automates Pen Testing with 18 Specialized Tools
Key Takeaways A new open-source AI agent, PentestCode, has been released to automate penetration testing workflows. Developed as a hard fork of OpenCode, PentestCode employs a multi-agent...
Key Takeaways
- A new open-source AI agent, PentestCode, has been released to automate penetration testing workflows.
- Developed as a hard fork of OpenCode, PentestCode employs a multi-agent architecture to perform reconnaissance, scanning, enumeration, and exploitation with minimal human input.
- The tool integrates 18 specialized offensive security tools and maintains a unified, persistent engagement state across operations.
- While powerful for methodical enumeration, PentestCode is currently in beta, lacks a GUI, and is not designed for stealthy red team operations.
PentestCode: An AI Agent for Automated Penetration Testing
A novel open-source solution named PentestCode is revolutionizing offensive security by integrating autonomous AI agents directly into penetration testing methodologies. This tool, a specialized variant of OpenCode, is engineered to execute security utilities, process their outputs, and make strategic decisions from a command-line interface, significantly reducing the need for human intervention.
Table Of Content
The core innovation of PentestCode lies in its ability to automate entire penetration testing workflows. A security professional can initiate an operation with a simple directive, such as targeting a specific IP address with the objective of achieving domain administrator privileges. From this single instruction, PentestCode’s coordinator agent assumes control, orchestrating the entire engagement.
For instance, the system automatically performs an nmap -sS -p- scan, meticulously parsing the results into a structured engagement state. It intelligently identifies critical patterns, such as the presence of ports 88 and 389, indicating a potential Domain Controller.
Advanced Multi-Agent Architecture
Building on its initial reconnaissance, PentestCode deploys multiple parallel enumeration subagents dedicated to services like SMB, LDAP, and HTTP. It then attempts sophisticated attacks, such as AS-REP roasting, to harvest crackable Kerberos hashes. Any credentials successfully obtained are subsequently sprayed across all identified services, including SMB, WinRM, LDAP, and RDP.
A successful login via WinRM triggers a specialized post-exploitation agent. This agent proceeds to dump sensitive data, including SAM, LSA, and DPAPI secrets. Every action taken by the system is meticulously logged, creating a comprehensive evidence chain for review.
Zhangir Ospanov developed PentestCode, which leverages a strategist-coordinator design inspired by HPTSA research. Its creators assert that this multi-agent approach significantly enhances efficiency, delivering a 4.3x improvement over single-agent systems.
The architecture comprises thirteen distinct agents, each specializing in roles such as reconnaissance, scanning, enumeration, exploitation, Active Directory/Kerberos identity attacks, infrastructure protocols (SNMP, IPMI), web application testing, post-exploitation, exploit development, false-positive filtering, and reporting. All these agents contribute to and draw from a unified, real-time engagement state.
Unified Engagement State and Attack Pathing
The shared engagement state is perhaps PentestCode’s most distinguishing feature. It systematically tracks hosts, services, identified vulnerabilities (complete with confidence scores and status), credentials, and access levels. Furthermore, it constructs an entity relationship graph, linking findings through labels such as EXPLOITED_VIA and PIVOT_TO.
An integrated attack-path module employs Dijkstra’s algorithm and Yen’s K-shortest-paths algorithm to propose optimal routes through this complex relationship graph. The persistence of this state across sessions allows testers to seamlessly resume multi-day engagements without any loss of context.
Integrated Tooling and Knowledge Packs
Beyond generic shell access, PentestCode integrates 18 specialized tools specifically designed for offensive operations. These include parsers that convert raw output from Nmap, Nuclei, NetExec, Gobuster, BloodHound, and sqlmap directly into structured state entries. The mandatory use of these parsers ensures that no critical findings are overlooked due to manual review.
Additional functionalities encompass JWT analysis, XSS detection, credential-spray planning, scope validation, tunnel management, and automated report generation.
The agent’s domain knowledge is further expanded by nineteen on-demand “skill” packs. These markdown-based files contain comprehensive checklists for various phases, service-specific tactics, and playbooks for Active Directory, web applications, and cloud environments, all without requiring any code modifications.
The tool can be downloaded from GitHub. Developers note that PentestCode is “not stealthy,” making it less suitable for red-team operations requiring advanced OPSEC, and may occasionally perform redundant tool executions.
Operational costs for real engagements can range from $5 to $50, depending on the scope and the chosen Large Language Model (LLM). Claude Opus/Sonnet are cited as outperforming GPT-4o and local models for multi-agent coordination tasks.
Security teams considering AI-driven offensive tools should be aware that PentestCode is still in beta. It currently lacks a graphical user interface (GUI), Burp Suite integration, and features evolving APIs. This positions it as a powerful force multiplier for systematic enumeration and data gathering rather than a complete substitute for human expertise in complex exploit chain development or creative attack strategies.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.