pentest-ai-agents
pentest-ai-agents is a collection of 50 Claude Code subagents designed to assist with penetration testing tasks by routing requests to specialized AI agents. It bundles shell-based orchestration, scope enforcement, and integration with Claude Code's agent framework, licensed under MIT.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | 0xSteph/pentest-ai-agents |
| Owner | 0xSteph |
| Primary language | Shell |
| License | MIT — OSI-approved |
| Stars | 2k |
| Forks | 388 |
| Open issues | 2 |
| Latest release | v3.2.0 (2026-05-03) |
| Last updated | 2026-06-22 |
| Source | https://github.com/0xSteph/pentest-ai-agents |
What pentest-ai-agents is
The project provides 50 domain-specialized agents (recon, web, AD, cloud, mobile, post-exploitation, detection engineering, forensics) implemented as Claude Code subagents. Agents are installed via shell script to ~/.claude/agents/ or registered as a Claude Code plugin; execution is scoped by a mandatory _scope-guard.md block on Tier 2 (Bash-capable) agents, with CI validation enforcing compliance.
Get the pentest-ai-agents source
Clone the repository and explore it locally.
git clone https://github.com/0xSteph/pentest-ai-agents.gitcd pentest-ai-agents# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Installation is straightforward (curl | bash or plugin marketplace), but requires Claude Code or Claude API credentials and a working Claude subscription with Code access.
- Tier 2 agents (execution-capable) must be manually scoped via a required _scope-guard.md block; CI enforces this, but operators must declare and justify scope before execution.
- The underlying tooling (nmap, nuclei, ffuf, Ghidra, Radare2, etc.) is not bundled; `install.sh --tools` is optional but recommended; absent tools will cause agent failures.
- Agents assume Linux/macOS shells; Windows environments require WSL2 or container deployment (Dockerfile provided but minimal/packaging-only).
- Token usage scales with task complexity; the project includes token-optimization guidance but no built-in cost controls or rate-limiting at the agent layer.
When to avoid it — and what to weigh
- Unauthorized or unscoped testing — Project explicitly targets authorized engagements. Scope guards refuse DoS, mass scanning, unattended worms, and false-flag operations. Use only on systems you own or have written authorization for.
- Zero Claude Code / Claude API setup — Agents require Claude Code (premium Claude feature) or direct Claude API integration. If your team does not use Claude or lacks API access, this is not deployable.
- Offline / air-gapped networks without pre-staging — Agents call Claude API in real-time. A minimal offline Docker bundle exists but does not include bundled tooling; external tool installation is required regardless.
- Single-tool or static-playbook workflows — The project is agent-centric and AI-driven. If your team needs deterministic, tool-specific playbooks or avoids LLM-based reasoning, this design may not fit.
License & commercial use
MIT License. Permits commercial use, modification, and distribution with attribution and no warranty. No patent grant; third-party tool licenses (nmap, Metasploit, Ghidra, Radare2, etc.) may impose additional restrictions depending on the underlying tool invoked.
The MIT license permits commercial use of the agent collection itself. However, operators must verify the commercial licensing of any underlying security tools (nmap, Metasploit Framework components, Ghidra, etc.) that agents invoke. Recommend legal review before commercial pentesting delivery using these agents, especially if MSF or proprietary tools are in scope.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
The project is designed for authorized offensive security work and includes a mandatory _scope-guard.md block on execution-capable agents that refuses DoS, mass scanning, unattended worms, false-flag operations, and safety-of-life system targeting. CI enforces this block. However, note: (1) operators must declare scope truthfully; the guard is policy, not technical sandboxing; (2) Claude API calls leak task context to Anthropic; consider data sensitivity; (3) underlying tools (nmap, metasploit, reverse-engineering suites) have known offensive capabilities and security implications when misused; (4) no built-in audit logging; recommend external logging of agent execution and findings export. Requires review of your threat model and compliance obligations before use.
Alternatives to consider
Metasploit Framework / Metasploit Pro
Standalone, deterministic exploitation framework; no LLM dependency; deeper tool integrations. Downsides: manual routing, higher operational overhead, steep learning curve, commercial licensing for Pro.
Burp Suite Enterprise + custom integrations
Web-focused, mature, enterprise SLA and reporting. Downsides: expensive, not multi-domain, does not cover AD/cloud/mobile/post-ex as comprehensively; requires scripting for LLM routing.
Custom Python/Go pentest orchestration (DIY)
Full control, no third-party LLM, deterministic. Downsides: months of development, ongoing maintenance, no domain-specialist AI routing, requires deep security expertise in-house.
Build on pentest-ai-agents with DEV.co software developers
Install pentest-ai-agents with one line (curl | bash) or add it as a Claude Code plugin. Review scope-guard requirements and underlying tool licensing before first use on authorized engagements.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
pentest-ai-agents FAQ
Do I need to install all 50 agents?
What happens if an underlying tool (e.g., nmap) is not installed?
Are findings exported for integration with ticketing systems?
Is this compliant with legal/ethical penetration testing standards?
Software developers & web developers for hire
DEV.co helps companies turn open-source tools like pentest-ai-agents into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source security stack.
Ready to integrate AI-driven pentesting into your workflow?
Install pentest-ai-agents with one line (curl | bash) or add it as a Claude Code plugin. Review scope-guard requirements and underlying tool licensing before first use on authorized engagements.