pentest-ai-agents: 35 Claude Subagents for Offensive Security

What it pentest-ai-agents?

pentest-ai-agents is an open-source MIT-licensed toolkit that turns Claude Code into a specialized offensive security assistant—no servers, no Python deps, no complex setup.

Just 35 focused subagents, each an expert in one domain: recon, web app testing, Active Directory, cloud, mobile, wireless, social engineering, payload crafting, reverse engineering, exploit chaining, detection engineering, forensics, and more.

What it does!

Describe your task in plain language. Claude automatically routes to the right specialist agent.

• Need an AD pentest plan? → engagement-planner.
• Hunting for SSRF? → web-hunter. Crafting a beacon? → payload-crafter.
• Testing LLM apps? → llm-redteam.
• Agents produce actionable output: commands, scripts, findings, MITRE mappings—all grounded in real tools (nmap, nuclei, ffuf, Sliver, Ghidra, Evilginx, etc.).

Features

• 4 new agents: c2-operator, container-breakout, opsec-anonymizer, llm-redteam
• Multi-source OSINT: Domain, email, social, breach data aggregation via subfinder, amass, theHarvester, sherlock, holehe
• Smart target prioritization: Parses Nmap/Nessus/BloodHound output, recommends next-step commands
• Automated scanning: nmap, masscan, rustscan, httpx, nuclei, nikto, RouterSploit with result parsing
• Full-stack web testing: ffuf, gobuster, sqlmap, dalfox, Commix for discovery, fuzzing, injection, WAF detection
• API-focused attacks: REST/GraphQL/WebSocket testing, JWT/OAuth exploitation, OWASP API Top 10 coverage
• Business logic hunting: Price manipulation, workflow bypass, race conditions, authorization flaws
• Stricter safety guardrails: Hard-refusal list blocks DoS, mass scanning, false-flag ops
• Findings DB v2: Filter vulnerabilities by tool used; auto-migration included
• Slash commands: /recommend "task" routes you; /agents-for <tag> filters the catalog
• Tooling audit: db/doctor.sh checks your local setup; --tools flag installs deps via apt/brew/pipx
• End-to-end AD offensive: BloodHound pathing, Kerberos abuse, delegation attacks, ACL/cert exploitation via Impacket, Certipy, NetExec
• Credential operations: Hydra, Hashcat, John, CrackMapExec integration + smart wordlist generation (cupp, CeWL, Crunch, Mentalist)

Get started in 60 seconds

# Install agents
curl -fsSL https://raw.githubusercontent.com/0xSteph/pentest-ai-agents/main/install.sh | bash

# Then in Claude Code:
"Test my React app for auth bypass and IDOR."

That's it. Agents live in ~/.claude/agents/. Works with local or cloud Claude. Optional: install underlying CLI tools for execution-capable agents.

Download

→ GitHub: 0xSteph/pentest-ai-agents
→ License: MIT | Claude Code required

Specialized knowledge. Zero friction. Offensive security, amplified.

GitHub - 0xSteph/pentest-ai-agents: Turn Claude Code into your offensive security research assistant. Specialized AI subagents for authorized penetration testing plan engagements, analyze recon, research exploits, build detections, audit STIGs, and write reports.

Turn Claude Code into your offensive security research assistant. Specialized AI subagents for authorized penetration testing plan engagements, analyze recon, research exploits, build detections, a…

GitHub0xSteph

pentest-ai | Autonomous AI Pentesting CLI

Find it. Chain it. Prove it. Open-source autonomous pentest CLI.

pentest-ai