DEV.co
Open-Source Security · 0xSteph

pentest-ai-agents

pentest-ai-agents is a collection of 50 Claude Code subagents designed to assist with penetration testing tasks by routing requests to specialized AI agents. It bundles shell-based orchestration, scope enforcement, and integration with Claude Code's agent framework, licensed under MIT.

Source: GitHub — github.com/0xSteph/pentest-ai-agents
2k
GitHub stars
388
Forks
Shell
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repository0xSteph/pentest-ai-agents
Owner0xSteph
Primary languageShell
LicenseMIT — OSI-approved
Stars2k
Forks388
Open issues2
Latest releasev3.2.0 (2026-05-03)
Last updated2026-06-22
Sourcehttps://github.com/0xSteph/pentest-ai-agents

What pentest-ai-agents is

The project provides 50 domain-specialized agents (recon, web, AD, cloud, mobile, post-exploitation, detection engineering, forensics) implemented as Claude Code subagents. Agents are installed via shell script to ~/.claude/agents/ or registered as a Claude Code plugin; execution is scoped by a mandatory _scope-guard.md block on Tier 2 (Bash-capable) agents, with CI validation enforcing compliance.

Quickstart

Get the pentest-ai-agents source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/0xSteph/pentest-ai-agents.gitcd pentest-ai-agents# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Authorized penetration testing engagements

Route complex pentest tasks to the right specialist agent (e.g., web-hunter for web apps, ad-attacker for Active Directory) without manual tool selection or setup.

Red team planning and execution

Use engagement-planner, threat-modeler, and the post-exploitation cluster (c2-operator, container-breakout, lateral-movement) to orchestrate multi-phase attacks with MITRE ATT&CK context.

Detection and forensics review

Pair detection-engineer, malware-analyst, and forensics-analyst agents to map attack techniques to defensive detections and build STIG compliance audits.

Implementation considerations

  • Installation is straightforward (curl | bash or plugin marketplace), but requires Claude Code or Claude API credentials and a working Claude subscription with Code access.
  • Tier 2 agents (execution-capable) must be manually scoped via a required _scope-guard.md block; CI enforces this, but operators must declare and justify scope before execution.
  • The underlying tooling (nmap, nuclei, ffuf, Ghidra, Radare2, etc.) is not bundled; `install.sh --tools` is optional but recommended; absent tools will cause agent failures.
  • Agents assume Linux/macOS shells; Windows environments require WSL2 or container deployment (Dockerfile provided but minimal/packaging-only).
  • Token usage scales with task complexity; the project includes token-optimization guidance but no built-in cost controls or rate-limiting at the agent layer.

When to avoid it — and what to weigh

  • Unauthorized or unscoped testing — Project explicitly targets authorized engagements. Scope guards refuse DoS, mass scanning, unattended worms, and false-flag operations. Use only on systems you own or have written authorization for.
  • Zero Claude Code / Claude API setup — Agents require Claude Code (premium Claude feature) or direct Claude API integration. If your team does not use Claude or lacks API access, this is not deployable.
  • Offline / air-gapped networks without pre-staging — Agents call Claude API in real-time. A minimal offline Docker bundle exists but does not include bundled tooling; external tool installation is required regardless.
  • Single-tool or static-playbook workflows — The project is agent-centric and AI-driven. If your team needs deterministic, tool-specific playbooks or avoids LLM-based reasoning, this design may not fit.

License & commercial use

MIT License. Permits commercial use, modification, and distribution with attribution and no warranty. No patent grant; third-party tool licenses (nmap, Metasploit, Ghidra, Radare2, etc.) may impose additional restrictions depending on the underlying tool invoked.

The MIT license permits commercial use of the agent collection itself. However, operators must verify the commercial licensing of any underlying security tools (nmap, Metasploit Framework components, Ghidra, etc.) that agents invoke. Recommend legal review before commercial pentesting delivery using these agents, especially if MSF or proprietary tools are in scope.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

The project is designed for authorized offensive security work and includes a mandatory _scope-guard.md block on execution-capable agents that refuses DoS, mass scanning, unattended worms, false-flag operations, and safety-of-life system targeting. CI enforces this block. However, note: (1) operators must declare scope truthfully; the guard is policy, not technical sandboxing; (2) Claude API calls leak task context to Anthropic; consider data sensitivity; (3) underlying tools (nmap, metasploit, reverse-engineering suites) have known offensive capabilities and security implications when misused; (4) no built-in audit logging; recommend external logging of agent execution and findings export. Requires review of your threat model and compliance obligations before use.

Alternatives to consider

Metasploit Framework / Metasploit Pro

Standalone, deterministic exploitation framework; no LLM dependency; deeper tool integrations. Downsides: manual routing, higher operational overhead, steep learning curve, commercial licensing for Pro.

Burp Suite Enterprise + custom integrations

Web-focused, mature, enterprise SLA and reporting. Downsides: expensive, not multi-domain, does not cover AD/cloud/mobile/post-ex as comprehensively; requires scripting for LLM routing.

Custom Python/Go pentest orchestration (DIY)

Full control, no third-party LLM, deterministic. Downsides: months of development, ongoing maintenance, no domain-specialist AI routing, requires deep security expertise in-house.

Software development agency

Build on pentest-ai-agents with DEV.co software developers

Install pentest-ai-agents with one line (curl | bash) or add it as a Claude Code plugin. Review scope-guard requirements and underlying tool licensing before first use on authorized engagements.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

pentest-ai-agents FAQ

Do I need to install all 50 agents?
No. The installer copies all agents to ~/.claude/agents/, but Claude Code routes only to the agent relevant to your task. You can selectively delete agent files if you prefer a smaller surface.
What happens if an underlying tool (e.g., nmap) is not installed?
The agent will fail at runtime. Use `install.sh --tools` to opt-in to apt/brew/pipx/cargo installation of 80+ underlying tools. Alternatively, run agents in the provided Docker container.
Are findings exported for integration with ticketing systems?
Yes. The findings database (vulns.* schema) supports export. Integration is DIY; no native connectors for Jira, ServiceNow, etc. are mentioned in the excerpt.
Is this compliant with legal/ethical penetration testing standards?
The scope-guard block is mandatory on Tier 2 agents and enforced by CI. Operators must declare authorization scope. However, the tool is policy-driven, not technically sandboxed. Legal and contract review is essential before any pentest delivery.

Software developers & web developers for hire

DEV.co helps companies turn open-source tools like pentest-ai-agents into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source security stack.

Ready to integrate AI-driven pentesting into your workflow?

Install pentest-ai-agents with one line (curl | bash) or add it as a Claude Code plugin. Review scope-guard requirements and underlying tool licensing before first use on authorized engagements.