PentestAgent, an open-source AI agent framework from developer Masic (GH05TCREW), has introduced enhanced capabilities, including prebuilt attack playbooks and seamless HexStrike integration.
Released on GitHub by a researcher with the alias GH05TCREW, this tool leverages large language models (LLMs) like Claude Sonnet or GPT-5 via LiteLLM to conduct sophisticated black-box security assessments.
PentestAgent operates through a terminal user interface (TUI), offering modes for assisted chats, autonomous agents, and multi-agent crews, making it accessible for pentesters seeking AI augmentation without sacrificing control. Legal use is emphasized: only test authorized systems, as unauthorized access violates laws.
Core Features and Playbooks
PentestAgent comes with its structured attack playbooks, predefined workflows for web app testing like THP3-style assessments. Users launch them via CLI: pentestagent run -t example.com --playbook thp3_web.
These playbooks guide the AI through reconnaissance, vulnerability scanning, and exploitation phases, injecting domain-specific knowledge from a Retrieval-Augmented Generation (RAG) system.
Notes captured during sessions categorized as credentials, vulnerabilities, findings, or artifacts persist in loot/notes.json and fuel a “shadow graph” in Crew mode, where an orchestrator spawns specialized workers for strategic insights.
The tool supports three operational modes, summarized below:
| Mode | Command | Description |
|---|---|---|
| Assist | (default) | Interactive chat; user directs flow. |
| Agent | /agent |
Autonomous single-task execution. |
| Crew | /crew |
Multi-agent orchestration. |
Built-in tools include a terminal (for nmap, sqlmap), a browser (via Playwright), notes, and web_search (Tavily API required). TUI commands like /target , /tools, /report, and Esc-to-stop provide intuitive control, with memory usage visible via /memory.
Setup is straightforward for Python 3.10+ environments. Clone the repo (git clone https://github.com/GH05TCREW/pentestagent.git), run setup scripts (.scriptssetup.ps1 on Windows or ./scripts/setup.sh on Linux/macOS), and configure .env with an API key (e.g., ANTHROPIC_API_KEY=sk-ant-... and PENTESTAGENT_MODEL=claude-sonnet-4-20250514). Install Chromium via playwright install chromium.
Docker isolation elevates usability: pull pre-built images like ghcr.io/gh05tcrew/pentestagent:kali (packed with Metasploit, Hydra) and run with docker run -it --rm -e ANTHROPIC_API_KEY=your-key ghcr.io/gh05tcrew/pentestagent:kali. Local builds use docker compose.
A standout update is HexStrike integration, vendored in third_party/hexstrike from GitHub. This MCP (Model Context Protocol) framework exposes advanced pentesting tools—scoring, workflows—via mcp_servers.json. Manually install via scripts/install_hexstrike_deps.sh, then add configs like pentestagent mcp add nmap "npx" "-y" "gc-nmap-mcp". CLI management (pentestagent tools list, mcp test) ensures extensibility. Recent TUI fixes improve stability for long-running tasks.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
