AIAny
AI Agent2023
Icon for item

PentestGPT

Drives autonomous penetration testing and CTF solving via cooperating LLM sessions that track a pentest task tree. Scored 86.5% on the XBOW benchmark suite at ~$1.11 per solved task, and works with OpenAI, Claude, Gemini, and local Ollama models.

Introduction

Most "AI hacker" demos collapse the moment a task outlives the model's context window — the agent simply forgets what it already tried. The real contribution here is structural: work is split across cooperating LLM sessions that maintain an explicit Pentesting Task Tree, so the agent keeps a coherent plan and can restart with prior knowledge after hitting token limits. It also grew out of peer-reviewed research (USENIX Security 2024, Distinguished Artifact Award) rather than a weekend prototype.

What Sets It Apart
  • A task tree, not a chat log — separate reasoning, generation, and parsing sessions share a structured tree of subtasks, which is why long engagements don't drift into incoherence the way single-prompt agents do.
  • Measured, not hand-waved — 86.5% on the XBOW validation suite (90/104 benchmarks), median 3.3 minutes and ~$1.11 per solved task, so you can reason about cost before pointing it at a target.
  • Model-agnostic — the autonomous pipeline and a human-in-the-loop legacy mode both run across OpenAI, Anthropic, Gemini, DeepSeek, xAI, Qwen, Moonshot, and local Ollama, avoiding lock-in to one vendor.
Great Fit / Look Elsewhere

Great fit if you're a security researcher or CTF player who wants an agent to triage web, crypto, reversing, and privilege-escalation challenges, or a reproducible benchmark for studying LLM offensive-security capability. Look elsewhere if you expect a turnkey, hands-off pentest of production systems: outputs still need expert validation, scoping, and legal authorization, and this remains a research tool rather than a managed product.

Information

  • Websitegithub.com
  • OrganizationsNanyang Technological University, Quantstamp
  • AuthorsGelei Deng, Yi Liu, Víctor Mayoral-Vilches, Peng Liu, Yuekang Li, Yuan Xu, Tianwei Zhang, Yang Liu, Martin Pinzger, Stefan Rass
  • Published date2023/02/27

Categories

More Items

Turns fragile, implicit search progress into explicit, persistent, shared state for multi-agent information seeking — externalizes progress as Frontier Task, Evidence Graph, Coverage Map and Failure Memory, and uses pipeline-parallel scheduling plus a middleware harness to avoid repeated failed searches and improve utilization and throughput.

GitHub
AI Agent2026

Provides a lightweight Python harness that turns LLMs into working agents with tool-use, skills, persistent memory, permission controls and multi-agent coordination. Ships with a CLI/React TUI, 43+ built-in tools, a plugin/skill system and the ohmo personal-agent for chat gateways. Best for developers prototyping agent workflows and multi-agent experiments.

GitHub
AI Client2025

Turns Chromium into a local-first AI browser with an embedded assistant that can summarise pages, extract structured data, automate web tasks, and run scheduled agents. Built as an open-source Chromium fork with 53+ built-in browser tools, 40+ app integrations, and support for BYO AI keys or fully local models (Ollama / LM Studio).