pentest-ai

Offensive Security Research Assistant for Claude Code

6 specialized AI subagents for every phase of authorized penetration testing

Get Started View on GitHub

What is pentest-ai?

pentest-ai turns Claude Code into a full offensive security research environment. Instead of one general-purpose assistant, you get six focused subagents -- each an expert in a specific phase of penetration testing. Ask Claude anything security-related and it automatically routes your request to the right specialist. Whether you are scoping your first engagement or writing a final report, every response is mapped to MITRE ATT&CK and paired with defensive guidance.

Automatic Routing

Claude delegates to the right specialist based on your task. No manual agent selection required -- just describe what you need.

MITRE ATT&CK Mapped

Every technique is cross-referenced with ATT&CK IDs. Know exactly where each finding sits in the adversary framework.

Dual Perspective

Offensive methodology paired with defensive detection in every response. Attack and defend in a single workflow.

The Agents

Six specialists, each tuned for a distinct phase of the engagement lifecycle.

engagement-planner

Scopes engagements, defines rules of engagement, and builds structured test plans.

Plan a web app pentest for a financial services API

recon-analyst

Analyzes reconnaissance data, maps attack surfaces, and identifies high-value targets.

Analyze this nmap scan and prioritize targets

exploit-researcher

Researches vulnerabilities, suggests exploit chains, and maps techniques to ATT&CK.

Research exploit options for Apache 2.4.49 path traversal

detection-engineer

Builds detection rules, writes Sigma/YARA signatures, and designs monitoring strategies.

Write a Sigma rule to detect Kerberoasting

stig-checker

Validates configurations against DISA STIGs and CIS benchmarks for compliance gaps.

Check this sshd_config against RHEL 9 STIG

report-writer

Generates professional pentest reports with findings, risk ratings, and remediation steps.

Write a finding for the SQL injection in /api/users

Engagement Workflow

A natural pipeline from scoping through delivery. Each phase maps to a dedicated agent.

Scope engagement-planner
Recon recon-analyst
Exploit exploit-researcher
Detect detection-engineer
Report report-writer

Before & After

What changes when you add pentest-ai to your Claude Code workflow.

Task Without pentest-ai With pentest-ai
Engagement scoping Manual checklist, easy to miss items Structured plan with RoE, scope boundaries, and methodology
Recon analysis Read raw tool output yourself Prioritized targets with attack surface mapping
Exploit research Search CVE databases manually Curated exploit chains mapped to ATT&CK with PoC guidance
Detection rules Write Sigma/YARA from scratch Auto-generated signatures with detection logic explained
STIG compliance Cross-reference configs vs. PDF checklists Automated check with fix commands and rationale
Reporting Start from a blank document Professional findings with CVSS, evidence, and remediation

Installation

Three ways to get started. Pick whichever fits your workflow.

Option 1 -- Clone the repository
git clone https://github.com/0xSteph/pentest-ai.git cd pentest-ai
Option 2 -- Install globally via npm
npm install -g pentest-ai
Option 3 -- Add to an existing project
npm install pentest-ai # Then add to your Claude Code configuration