Skip to content

dinhvaren/PentestAI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
pentestai
pentestai
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config.yaml
config.yaml
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

PentestAI

PentestAI is a CLI-first, AI-assisted penetration testing framework for Linux.

It combines real-world pentest tools with multiple LLM providers to assist with analysis, triage, validation, and reporting — without replacing the pentester.

Human-in-the-loop by design.

What PentestAI Is (and Is Not)

PentestAI IS

  • A CLI tool for authorized penetration testing
  • AI-assisted analysis, validation, triage, and reporting
  • Built on real tools: subfinder, httpx, nmap, nuclei
  • Safe-by-default, scope-aware

PentestAI IS NOT

  • An auto-exploitation framework
  • A payload generator
  • A replacement for human decision-making

Requirements

  • Linux (Parrot / Kali / Ubuntu recommended)
  • Python 3.12+
  • The following tools available in $PATH:
    • subfinder
    • httpx
    • nmap
    • nuclei

Installation (Recommended)

pip install pentestai-cli

Verify installation:

pentestai --help

API Keys Configuration (REQUIRED)

PentestAI uses environment variables for AI providers.

You must export at least one API key before running.

OpenAI (default)

export OPENAI_API_KEY="sk-..."

(Optional – persist across sessions)

echo 'export OPENAI_API_KEY="sk-..."' >> ~/.bashrc
source ~/.bashrc

Optional Providers

export ANTHROPIC_API_KEY="sk-ant-..."
export GEMINI_API_KEY="AIza..."
export DEEPSEEK_API_KEY="sk-..."

PentestAI will automatically route AI requests based on availability.

Workspace Behavior (Automatic)

PentestAI automatically creates a workspace directory per target.

Default location:

/home/<user>/workspaces/

Example:

/home/user/workspaces/example.com/
├── recon/
├── scan/
├── validate/
└── reports/

You do not need to create this manually.

Quick Start

PentestAI can be run from any directory.

Reconnaissance

pentestai recon run --target example.com

AI Attack Surface Analysis

pentestai surface analyze --target example.com

Vulnerability Scanning

pentestai scan run --target example.com

Validation & Triage (AI-assisted)

pentestai validate run --target example.com

Report Generation

pentestai report build --target example.com

Reports are written to:

~/workspaces/example.com/reports/report.md

Required External Tools

Ensure the following tools are installed:

which subfinder httpx nmap nuclei

Design Philosophy

  • CLI-first
  • Human-in-the-loop
  • Safe-by-default
  • AI assists analysis — never auto-exploits
  • Works anywhere on the filesystem

Legal & Ethical Use

PentestAI must only be used on systems you own or have explicit authorization to test.

Notes for Advanced Users

  • No config.yaml required for default usage
  • Workspace paths are auto-resolved per user
  • AI provider routing is handled internally
  • Future versions may expose optional configuration overrides

Contributing

Contributions are welcome.

You can contribute by:

  • Adding tool integrations
  • Improving AI prompts
  • Improving reports
  • Improving documentation

License

MIT License See LICENSE.

Why PentestAI?

PentestAI is built for:

  • Students learning real pentest workflows
  • Security interns & junior pentesters
  • Professionals who want faster analysis and cleaner reports
  • Open-source contributors interested in AI + security

If PentestAI helps you, consider starring the project

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Contributing

Contributing

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

10 tags

Packages

 
 
 

Contributors

Languages