Why this matters
Automating penetration testing workflows is becoming practical as LLMs gain tool-calling and orchestration capabilities. This project pairs an LLM-driven agent with a Model Context Protocol (MCP) toolchain and a library of pen‑test skills to convert natural-language intents into a reproducible pipeline: collect facts, propose intents, execute tools, validate evidence, and produce runnable PoC code and human-readable reports.
What Sets It Apart
- Evidence-first completion: conclusions (flags/PoC) are only accepted when they appear verbatim in real tool outputs recorded by the system, reducing hallucination-driven false positives.
- Goal-driven solver: replaces fixed-round loops with a Fact/Intent blackboard search that stops on target completion, frontier exhaustion, or safety budget limits to avoid endless repetition.
- Integrated MCP tooling and Skill registry: local fetch/memory plus optional Chrome DevTools and Burp MCP integrations enable browser automation, HTTP replay, and plugin-based vulnerability checks; 21 built-in skills (core + specialties) drive contextual tactics.
- Report + PoC automation: generates structured Markdown reports and runnable Python PoC scripts to reproduce findings and speed handoff to developers or red‑team operators.
Who it's for and tradeoffs
Great fit if you run authorized security assessments, CTF automation, security teaching, or red-team workflows and want an agent to orchestrate reconnaissance→discovery→exploit→report at scale. It reduces manual orchestration but requires careful operational controls: API keys, MCP connectors (Chrome/Burp) and clear legal authorization. Not ideal when strict manual audit trails or compliance‑only workflows mandate human‑only execution, or when you cannot deploy required MCP services or give the tool network access to targets.
