DEV.co
MCP Servers · 0xSteph

pentest-ai

pentest-ai is an AI-driven penetration testing tool that combines 205 wrapped security tools, 17 specialist agents, and 60 SPA-aware probes to identify OWASP Top 10 vulnerabilities. Its core innovation is an oracle verification system that re-runs each exploit to confirm findings before reporting, eliminating false positives.

Source: GitHub — github.com/0xSteph/pentest-ai
1.3k
GitHub stars
245
Forks
Python
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repository0xSteph/pentest-ai
Owner0xSteph
Primary languagePython
LicenseMIT — OSI-approved
Stars1.3k
Forks245
Open issues2
Latest releasev1.1.0 (2026-06-29)
Last updated2026-07-05
Sourcehttps://github.com/0xSteph/pentest-ai

What pentest-ai is

Built in Python 3.10+, pentest-ai exposes MCP (Model Context Protocol) endpoints for integration with Claude Code, Cursor, and other compatible clients, or runs standalone via CLI. It chains multi-step attack paths, manages engagement records, and produces portable proof capsules (replayed via `ptai replay`) that demonstrate vulnerabilities without requiring trust in the tool's assertions.

Quickstart

Get the pentest-ai source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/0xSteph/pentest-ai.gitcd pentest-ai# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

High-precision vulnerability reporting for compliance and audit

Oracle verification removes false positives by re-proving each finding. Reports contain only vulnerabilities confirmed by machine execution, suitable for executives, auditors, and stakeholders who need evidence-backed risk quantification.

Automated penetration testing in CI/CD pipelines

Runs locally with no telemetry, integrates via `--fail-on verified` gate, and produces portable proof capsules for replay. Ideal for staging/pre-prod security gates where reproducibility is non-negotiable.

Bug bounty and red-team reconnaissance coordination

MCP integration with Claude Code enables hands-free prompt-driven testing; 60 probes cover common web attack vectors (IDOR, XSS, SQLi, XXE, etc.). Specialist agents coordinate recon, login chains, and exploit reasoning without manual tool orchestration.

Implementation considerations

  • Requires Python 3.10+ and pip installation; minimal setup via `pip install ptai` and `ptai setup --mcp` for auto-client detection.
  • MCP integration with Claude Code requires no API key if you already have Claude Pro/Max/Team subscription; all tool execution is local, only prompts and results traverse Anthropic API.
  • Scope safety enforced: active tools (sqlmap, dalfox) are host-locked to engagement target to prevent third-party URL injection from scraped content.
  • Oracle verification introduces latency: each finding must be re-proven N out of N times before earning VERIFIED badge; lightweight targets (Juice Shop) report 12 verified findings, but complex apps may require iterative tuning.
  • Engagement records and proof capsules are portable; findings can be replayed and shared with non-technical stakeholders via `ptai replay` TUI.

When to avoid it — and what to weigh

  • You need zero-day or novel vulnerability detection — Coverage is limited to 60+ curated web probes and 14 oracle-verified vulnerability classes. Against novel targets, catch rate depends entirely on probe library coverage; the LLM coordinates but does not replace the probes.
  • You require detection of complex infrastructure vulnerabilities — pentest-ai focuses on OWASP Top 10 and web-application attack surfaces. It does not appear to handle cloud-native, container, or advanced supply-chain attacks in detail.
  • Your organization requires vendor SLA or commercial support — MIT license grants use rights, but no explicit commercial support, SLA, or indemnification is documented. Single maintainer (0xSteph) with 2 open issues as of the snapshot.
  • You operate in air-gapped environments without pre-cached LLM — Standalone CLI requires an external LLM (Claude API, OpenAI, or local Ollama). MCP path avoids API key but still requires Claude Code / Cursor / compatible client.

License & commercial use

MIT License. Grants permission to use, modify, and distribute in commercial and private contexts without restriction, provided the license and copyright notice are included.

MIT permits commercial use. However, the README includes an Acceptable Use Policy (AUP) and Terms linked at pentestai.xyz that must be reviewed before use; these may impose contractual restrictions beyond the MIT license. Verify your use case against AUP and Terms before deployment. No explicit commercial support, indemnification, or SLA documented.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

pentest-ai is offensive-security tooling designed for authorized testing only. Users must comply with the AUP and Terms at pentestai.xyz. Tool execution is local; in MCP mode, only prompts and results cross the network to Anthropic API. No telemetry is collected in any mode. Scope safety enforces host-locking on active tools (sqlmap, dalfox) to prevent off-target fuzzing. Oracle verification reduces false positives by enforcing machine re-proof, but this does not guarantee absence of vulnerabilities; it only guarantees findings reported are reproducible. Users are responsible for authorization before deployment and for compliance with applicable law.

Alternatives to consider

OWASP ZAP

Mature, widely-adopted DAST scanner with strong community support, but produces higher false-positive rates; ZAP does not include oracle verification or proof capsules. Better for breadth of detection; ptai trades breadth for precision.

Nuclei (by ProjectDiscovery)

Fast, template-driven scanner with large probe library, but no verification layer; third-party output in ptai is withheld until re-proven. Nuclei is more suitable for high-volume reconnaissance than for high-confidence reporting.

Burp Suite Pro

Commercial, integrated web proxy and scanner with enterprise support and SLA. Burp is stronger for interactive testing and remediation workflows; ptai is stronger for automated CI/CD gates and evidence-backed reporting.

Software development agency

Build on pentest-ai with DEV.co software developers

Install pentest-ai and scan a bundled vulnerable app in two minutes: `pip install ptai && ptai demo`. See 4 findings oracle-verified with zero false positives. No API key, no target required.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

pentest-ai FAQ

Do I need an API key to use pentest-ai?
Not if you use the MCP path with Claude Code or Cursor (Path 1/2). Your existing Claude subscription IS the LLM. Standalone CLI (Path 3) requires an API key (Claude, OpenAI) or a local Ollama instance.
What does 'oracle-verified' mean?
A finding is re-run automatically N out of N times to confirm it reproduces. Only findings that re-prove consistently earn a VERIFIED badge. This eliminates false positives by enforcing machine evidence, not LLM assertion.
Can I use this in production?
pentest-ai is designed for authorized testing (staging, pre-prod, controlled targets). It runs locally with no telemetry. Check the AUP at pentestai.xyz before deployment to ensure your use case is compliant.
How many vulnerabilities does it detect?
14 oracle-verified vulnerability classes (SQLi, XSS, IDOR, XXE, SSRF, open redirect, etc.) and 60+ SPA-aware probes. On OWASP Juice Shop, 12 findings verify in one scan. On a deliberately-vulnerable honeypot (23 bugs), all 23 verify at 100% precision. Coverage is limited to curated probes; novel targets may see lower catch rates.

Work with a software development agency

Adopting pentest-ai is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate mcp servers software in production.

Run Your First Verified Penetration Test

Install pentest-ai and scan a bundled vulnerable app in two minutes: `pip install ptai && ptai demo`. See 4 findings oracle-verified with zero false positives. No API key, no target required.