LogoAIAny
Icon for item

PentestGPT

PentestGPT is an open-source research prototype that uses large language models as autonomous agents to perform automated penetration testing. It supports Docker-first deployment, session persistence, multiple LLM backends (Anthropic/Claude/OpenAI/local), and a benchmark suite of vulnerability challenges.

Visit Website
Visit Website

Introduction

Overview

PentestGPT is an AI-powered, autonomous penetration testing agent and research prototype. The project demonstrates how modern LLMs can be orchestrated as intelligent agents to perform vulnerability discovery, exploit development, and CTF-style challenge solving. It was published alongside a USENIX Security 2024 paper that evaluates and contextualizes the approach.

Key Features
  • Autonomous agent pipeline: orchestrates LLM-driven reasoning and action steps for penetration testing tasks.
  • Docker-first design: pre-built Docker images with common security tools for reproducible testing environments.
  • Session persistence: save and resume testing sessions so long investigations can be continued later.
  • Multi-LLM support: integrations with Anthropic, Claude (OAuth), OpenAI, OpenRouter, and options for routing to local LLM servers (LM Studio, Ollama, text-generation-webui).
  • Benchmark suite: includes 100+ vulnerability challenges across categories like web, crypto, reversing, forensics, pwn, and privilege escalation to evaluate capabilities.
  • Extensible architecture: modular components for tool execution, background reasoning, and model routing.
Typical Usage
  1. Install and run via Docker (repository provides Makefile helpers and a Docker-first workflow).
  2. Configure an LLM provider or local LLM endpoint during first-time setup (Anthropic/OpenAI/Claude/local).
  3. Launch interactive or non-interactive pentest runs targeting an authorized host or benchmark challenge.
  4. Observe live walkthroughs and step-by-step actions as the agent searches, tests, and reports findings.
Technical Notes
  • The project routes different workloads to different models (e.g., "think" for reasoning-heavy tasks, "webSearch" for search-related tasks) and supports custom router configuration in CCR config files.
  • Local LLM support is provided by pointing PentestGPT at OpenAI-compatible endpoints exposed by tools such as LM Studio or Ollama.
  • Telemetry is anonymous by default and can be disabled; the maintainers emphasize that no sensitive command outputs or credentials are transmitted.
Ethics & Use Policy

PentestGPT is explicitly a research prototype for authorized security testing, evaluation, and education. The authors and repository disclaimers emphasize that it should only be used in legal, authorized contexts; misuse for unauthorized attacks is prohibited and unethical.

Citation & Origins

The tool is associated with a USENIX Security 2024 paper titled "PentestGPT: Evaluating and Harnessing Large Language Models for Automated Penetration Testing" and maintained in the GreyDGL GitHub organization. The repository contains demos, installation instructions, and a benchmark suite for reproducible research.

Back

Information

  • Websitegithub.com
  • AuthorsGelei Deng, Yi Liu, Víctor Mayoral-Vilches, Peng Liu, Yuekang Li, Yuan Xu, Tianwei Zhang, Yang Liu, Martin Pinzger, Stefan Rass, GreyDGL (GitHub repo owner / maintainer)
  • Published date2023/02/27

Categories

Tags

More Items

Icon for item

MemU

2025
NevaMind-AI

MemU is an agentic memory infrastructure for LLMs and AI agents. It ingests multimodal inputs (conversations, documents, images, audio, video), extracts structured memory, and organizes it into a three-layer hierarchical file system (Resource → Item → Category). MemU supports both embedding-based (RAG) and LLM-based retrieval, offers cloud APIs and a self-hosted Python library (requires Python 3.13+), and targets use cases like personal assistants, agent memory, knowledge management, and agent self-improvement.

LLMRAGai-agentai-librarygithub+1
Icon for item

ChatDev (DevAll)

2023
OpenBMB

ChatDev (DevAll) is a zero-code, LLM-powered multi-agent orchestration platform. It lets users design, configure and run custom multi-agent workflows (agents, tools, nodes) for complex scenarios such as software development, data visualization, 3D generation and deep research without writing code. Key features include a visual workflow canvas, a Web console, a Python SDK, ready-made workflow templates, and integrations of multi-agent techniques from associated preprints.

ai-agentLLMai-workflowai-toolsgithub+1
Icon for item

Superpowers

2025
obra (Jesse)

Superpowers is a skills library and end-to-end development workflow for coding agents. Built as a plugin/library for agent platforms (notably Claude Code), it provides composable skills that guide an agent through Socratic design refinement, plan generation, test-driven implementation, subagent-driven execution, and structured code review. The system emphasizes TDD, simplicity (YAGNI, DRY), and automated skill-triggering so a coding agent can run with minimal extra instructions.

claudepluginai-codingai-agentgithub+2