live · v0.8.0 · MIT licensed

Find it. Chain it. Prove it.

Autonomous AI pentesting. 180 security tools, 11 specialist agents, exploit chaining, PoC validation, SARIF + CI/CD native. Run it locally. Own every byte.

get started
$ pip install ptai copied
0 security tools 0 specialist agents 0 chain templates SARIF + CI/CD native MCP protocol
the difference

Scanners flag findings. pentest-ai weaponizes them.

Burp, Nessus, and Nuclei give you a flat list of issues. We connect them into multi-step attack paths, score every chain, and validate each step with a safe proof-of-concept.

scanner output · 47 findings flat
MED/api/proxy?url= · external fetch5.4
MEDIMDSv1 metadata reachable6.1
LOWIAM node-role over-privileged4.3
HIGHaws-auth ConfigMap: cluster-admin7.8
MEDsecrets readable in prod ns5.9
pentest-ai chain · CRITICAL 9.8 chained
01SSRF: /api/proxy?url=entry
02→ IMDSv1 · role STS credspivot
03→ assume node role · eks-nodelateral
04→ aws-auth: cluster-adminescalate
05→ kubectl * · prod compromiseobjective
signature moment

Every attack chain, drawn for you

Nodes, edges, proof-of-concept per step. No more copy-pasting between tools.

01
entry
SSRF via image proxy
02
pivot
IMDSv1 → STS creds
03
lateral
assume node role
04
escalate
aws-auth: cluster-admin
05
objective
prod EKS compromise
0%
drawn
live output

Watch a real engagement in motion

Recon, exploit, chain, validate, report. Fully auditable. Human approval at every risky step.

pentest-ai — staging
chain.yaml
recon.log
pentest-ai@ops:~/engagements/0x4f3b2a ssh · 00:00:00
LIVE ·CRITICAL 3 ·PoC VALIDATED ·S3 RW [ctrl+c to stop]
capabilities

Everything runs locally.
You own every byte.

MCP server exposing 180 tools to any AI client. 11 autonomous agents, cross-agent context sharing, CVSS v3.1 scoring, and PoC validation per finding.

tools_per_engagement
0

Security tooling, wrapped

nmap · nuclei · ffuf · sqlmap · trivy · kube-hunter · BloodHound · impacket · and 170 more, all via one MCP endpoint.

webnetworkcloudADmobilewirelessCI/CD
11_specialists

Agents with context sharing

Each agent streams findings to the shared engagement graph. No duplicate work, no lost signal.

recon-agent scanning subdomains
web-hunter testing 47 endpoints
cloud-agent enumerating IAM
ad-attacker mapping ACLs
exploit-chainer building paths
poc-validator confirming findings
chain_engine
0

Templates

Web → cloud, AD → domain admin, K8s lateral, supply chain, CI → prod, bug bounty.

proof_of_concept

Every finding ships a safe PoC

Non-destructive reproducers, captured HAR, screenshot, request/response trace. False positives get filtered before your report.

[poc] blind SQLi confirmed · time-based · sleep(5) verified 3×
[poc] safe bucket listing · no mutation, 12 objects enumerated
[poc] XSS fires in sandbox · screenshot captured → evidence/f-014.png
ci_cd_native

Ships SARIF + JUnit + PDF

Drop pentest-ai into GitHub Actions. Breaks the build on severity gate. Posts findings as PR comments.

SARIF 2.1.0GitHub ActionsGitLab CIJiraSlack
detection_output

Blue-team ready

Auto-generates Sigma, Splunk SPL, and KQL for every offensive technique used during the engagement.

llm_red_team

OWASP LLM Top 10

Prompt injection, training-data leakage, insecure output, model DoS — covered as first-class assessment targets.

data_sovereignty

Local-first, zero telemetry

Your engagement never leaves your machine. MIT licensed. Self-hosted. Deterministic.

pricing

Three ways to use pentest-ai

Free OSS for individuals. Enterprise dashboard for teams. Managed Assessment delivered.

open_source
The CLI
Free · forever
Full CLI + MCP server, no auth, no limits
  • 180 security tools
  • 11 specialist agents
  • Autonomous exploit chaining
  • PoC validation
  • CVSS v3.1 + MITRE ATT&CK mapping
  • SARIF + JUnit + PDF reports
  • CI/CD pipeline mode
  • Checkpoint + resume
  • MIT license
view on github
enterprise · most popular
Team dashboard
$499 /mo
Hosted platform for security teams
  • Everything in Open Source
  • Shared team workspaces
  • SSO / OIDC / SAML
  • Scheduled + recurring scans
  • Executive PDF reports
  • MITRE ATT&CK coverage dashboard
  • Attack surface monitoring
  • REST API + webhooks
  • Jira / Slack / GitHub integrations
  • 99.9% uptime SLA · audit log
contact sales
managed · limited
Full assessment
$9,500 · one-time
Full pentest engagement, delivered for you
includes 3 months Enterprise ($1,497 value)
  • Complete autonomous pentest
  • Pre-engagement scoping
  • Exploit chain validation + PoCs
  • Executive + technical reports
  • Compliance framework mapping
  • Remediation priorities
  • 30-min findings walkthrough
  • 90-day retest window
  • Dedicated Slack channel
book assessment
faq

Common questions

Yes. All 180 tools, 11 agents, exploit chaining, PoC validation, CVSS, SARIF export, CI/CD mode, compliance mapping, Sigma/KQL generation, checkpoint-resume. Free under MIT, no auth, no API key. Enterprise ($499/mo) is a separate hosted dashboard for teams.
No. Every risky command runs in human-in-the-loop mode. You see the full command and approve or deny before execution. Set --auto at your own risk for sandboxed targets.
We take isolated low-severity findings and connect them into multi-step attack paths. Info disclosure + weak permission + credential reuse = Domain Admin. Each step requires your approval. Six templates cover web, AD, cloud, containers, supply chain, and API attacks.
A full pentest engagement delivered at $9,500 one-time. Scoping, autonomous pentest, exploit-chain validation with PoCs, executive + technical reports, 30-minute findings walkthrough, 90-day retest, 3 months of Enterprise. Limited to five engagements per quarter.
Yes, within the program's scope and rules. Both projects include dedicated bug-bounty methodology presets.

Start finding what scanners miss.

Open source. Run it locally. Own your data.

get started book assessment

Enterprise? Email sales@pentestai.xyz