pentest-ai
pentest-ai is an AI-driven penetration testing tool that combines 205 wrapped security tools, 17 specialist agents, and 60 SPA-aware probes to identify OWASP Top 10 vulnerabilities. Its core innovation is an oracle verification system that re-runs each exploit to confirm findings before reporting, eliminating false positives.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | 0xSteph/pentest-ai |
| Owner | 0xSteph |
| Primary language | Python |
| License | MIT — OSI-approved |
| Stars | 1.3k |
| Forks | 245 |
| Open issues | 2 |
| Latest release | v1.1.0 (2026-06-29) |
| Last updated | 2026-07-05 |
| Source | https://github.com/0xSteph/pentest-ai |
What pentest-ai is
Built in Python 3.10+, pentest-ai exposes MCP (Model Context Protocol) endpoints for integration with Claude Code, Cursor, and other compatible clients, or runs standalone via CLI. It chains multi-step attack paths, manages engagement records, and produces portable proof capsules (replayed via `ptai replay`) that demonstrate vulnerabilities without requiring trust in the tool's assertions.
Get the pentest-ai source
Clone the repository and explore it locally.
git clone https://github.com/0xSteph/pentest-ai.gitcd pentest-ai# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Python 3.10+ and pip installation; minimal setup via `pip install ptai` and `ptai setup --mcp` for auto-client detection.
- MCP integration with Claude Code requires no API key if you already have Claude Pro/Max/Team subscription; all tool execution is local, only prompts and results traverse Anthropic API.
- Scope safety enforced: active tools (sqlmap, dalfox) are host-locked to engagement target to prevent third-party URL injection from scraped content.
- Oracle verification introduces latency: each finding must be re-proven N out of N times before earning VERIFIED badge; lightweight targets (Juice Shop) report 12 verified findings, but complex apps may require iterative tuning.
- Engagement records and proof capsules are portable; findings can be replayed and shared with non-technical stakeholders via `ptai replay` TUI.
When to avoid it — and what to weigh
- You need zero-day or novel vulnerability detection — Coverage is limited to 60+ curated web probes and 14 oracle-verified vulnerability classes. Against novel targets, catch rate depends entirely on probe library coverage; the LLM coordinates but does not replace the probes.
- You require detection of complex infrastructure vulnerabilities — pentest-ai focuses on OWASP Top 10 and web-application attack surfaces. It does not appear to handle cloud-native, container, or advanced supply-chain attacks in detail.
- Your organization requires vendor SLA or commercial support — MIT license grants use rights, but no explicit commercial support, SLA, or indemnification is documented. Single maintainer (0xSteph) with 2 open issues as of the snapshot.
- You operate in air-gapped environments without pre-cached LLM — Standalone CLI requires an external LLM (Claude API, OpenAI, or local Ollama). MCP path avoids API key but still requires Claude Code / Cursor / compatible client.
License & commercial use
MIT License. Grants permission to use, modify, and distribute in commercial and private contexts without restriction, provided the license and copyright notice are included.
MIT permits commercial use. However, the README includes an Acceptable Use Policy (AUP) and Terms linked at pentestai.xyz that must be reviewed before use; these may impose contractual restrictions beyond the MIT license. Verify your use case against AUP and Terms before deployment. No explicit commercial support, indemnification, or SLA documented.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
pentest-ai is offensive-security tooling designed for authorized testing only. Users must comply with the AUP and Terms at pentestai.xyz. Tool execution is local; in MCP mode, only prompts and results cross the network to Anthropic API. No telemetry is collected in any mode. Scope safety enforces host-locking on active tools (sqlmap, dalfox) to prevent off-target fuzzing. Oracle verification reduces false positives by enforcing machine re-proof, but this does not guarantee absence of vulnerabilities; it only guarantees findings reported are reproducible. Users are responsible for authorization before deployment and for compliance with applicable law.
Alternatives to consider
OWASP ZAP
Mature, widely-adopted DAST scanner with strong community support, but produces higher false-positive rates; ZAP does not include oracle verification or proof capsules. Better for breadth of detection; ptai trades breadth for precision.
Nuclei (by ProjectDiscovery)
Fast, template-driven scanner with large probe library, but no verification layer; third-party output in ptai is withheld until re-proven. Nuclei is more suitable for high-volume reconnaissance than for high-confidence reporting.
Burp Suite Pro
Commercial, integrated web proxy and scanner with enterprise support and SLA. Burp is stronger for interactive testing and remediation workflows; ptai is stronger for automated CI/CD gates and evidence-backed reporting.
Build on pentest-ai with DEV.co software developers
Install pentest-ai and scan a bundled vulnerable app in two minutes: `pip install ptai && ptai demo`. See 4 findings oracle-verified with zero false positives. No API key, no target required.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
pentest-ai FAQ
Do I need an API key to use pentest-ai?
What does 'oracle-verified' mean?
Can I use this in production?
How many vulnerabilities does it detect?
Work with a software development agency
Adopting pentest-ai is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate mcp servers software in production.
Run Your First Verified Penetration Test
Install pentest-ai and scan a bundled vulnerable app in two minutes: `pip install ptai && ptai demo`. See 4 findings oracle-verified with zero false positives. No API key, no target required.