PentestGPT
PentestGPT is an open-source Python framework that automates penetration testing using large language models. It can autonomously identify vulnerabilities, run exploits, and solve security challenges with minimal human input, achieving 86.5% success on benchmark tests.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | GreyDGL/PentestGPT |
| Owner | GreyDGL |
| Primary language | Python |
| License | MIT — OSI-approved |
| Stars | 14.1k |
| Forks | 2.5k |
| Open issues | 68 |
| Latest release | v1.0.0 (2025-12-24) |
| Last updated | 2026-06-07 |
| Source | https://github.com/GreyDGL/PentestGPT |
What PentestGPT is
An agentic LLM framework that orchestrates autonomous penetration testing workflows via iterative loops, maintaining context across sessions. Built on Claude Code CLI with multi-LLM support (OpenAI, Anthropic, Google, DeepSeek, xAI, Qwen, Ollama) in legacy interactive mode, and published as peer-reviewed research at USENIX Security 2024.
Get the PentestGPT source
Clone the repository and explore it locally.
git clone https://github.com/GreyDGL/PentestGPT.gitcd PentestGPT# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Python 3.12+, uv package manager, and Claude Code CLI installed and authenticated; setup is non-trivial for teams unfamiliar with modern Python tooling.
- Anonymous telemetry sent to Langfuse by default (session metadata, tool patterns, flag detection events); disable via `--no-telemetry` or `LANGFUSE_ENABLED=false` if required by policy.
- Agent behavior depends heavily on target clarity and instruction context; vague targets may cause inefficient iterations or misaligned exploitation attempts.
- Agentic mode (v1.0+) is Claude-only; multi-model support available only in legacy interactive mode, introducing feature fragmentation.
- Session persistence relies on local context files; no built-in distributed state management, complicating multi-agent or team collaboration scenarios.
When to avoid it — and what to weigh
- Unapproved or Production Networks — Do not deploy against systems without explicit written authorization. Tool is designed for authorized security testing only; misuse is illegal and unethical.
- Highly Regulated Compliance Contexts — Autonomous agents introduce audit trail complexity and may not meet strict compliance logging requirements (e.g., PCI-DSS, HIPAA). Legal and compliance review required before use.
- Low LLM Token Budget — Agent iterates with default max 10 loops, each consuming significant tokens across reasoning, parsing, and generation phases. High cumulative API cost; unsuitable for teams with severe token constraints.
- Offline or Air-Gapped Environments — Requires active LLM API access (Claude Code CLI or multi-provider in legacy mode). Local Ollama support exists but still needs continuous inference capacity; not designed for fully offline operation.
License & commercial use
MIT License—permissive, allows commercial use, modification, and distribution with no copyleft obligation. Requires attribution and includes no warranty.
MIT permits commercial use without restrictions. However, tool is dual-purposed (penetration testing): deployment in commercial security services or products should be reviewed by legal counsel to ensure compliance with local wiretapping, computer fraud, and cybercrime statutes. Liability disclaimer in README advises use at user's risk.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Possible |
| Assessment confidence | High |
Tool is designed to perform offensive security operations. Key considerations: (1) It is for authorized testing only—unauthorized use is illegal; (2) Telemetry sends session metadata and tool patterns to Langfuse; review data handling if regulated environment; (3) LLM agent output is non-deterministic and may attempt unintended or risky actions; always run in isolated lab; (4) No built-in execution sandboxing—relies on target isolation and human oversight; (5) Credentials and outputs cached in local context files; secure filesystem permissions required.
Alternatives to consider
Metasploit Framework (+ AI plugins)
Mature, battle-tested penetration testing platform with extensive exploit database and community support. Less autonomous but more predictable; better for regulated environments requiring audit trails.
OpenHands / Devin (Code-generation AI agents)
General-purpose LLM agent frameworks capable of security tasks. Broader flexibility but lack domain-specific pentesting optimization, benchmarking, and research validation.
Custom LLM-powered tools (in-house)
Build proprietary agent architecture tailored to your compliance posture, model choices, and team workflows. Higher upfront cost but avoids telemetry and third-party dependencies.
Build on PentestGPT with DEV.co software developers
Explore autonomous penetration testing powered by LLMs. Ideal for CTFs, red team workflows, and security research. Deploy in your lab today or contact our team for integration guidance.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
PentestGPT FAQ
Can I use PentestGPT on production systems?
What LLM models can I use?
How much does it cost to run?
Is my telemetry data private?
Software development & web development with DEV.co
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If PentestGPT is part of your ai frameworks roadmap, our team can implement, customize, migrate, and maintain it.
Accelerate Your Security Testing with PentestGPT
Explore autonomous penetration testing powered by LLMs. Ideal for CTFs, red team workflows, and security research. Deploy in your lab today or contact our team for integration guidance.