Download
PentestGPT is an AI-powered autonomous penetration testing agent designed to perform intelligent, end-to-end security assessments using large language models. Published at USENIX Security 2024, it combines advanced reasoning with an agentic workflow to automate tasks traditionally handled by human pentesters. The platform supports multiple penetration testing categories, including web security, cryptography, reversing, forensics, privilege escalation, and binary exploitation. PentestGPT runs in a Docker-first environment, providing a secure, reproducible setup with built-in tooling and session persistence. It offers real-time feedback and live walkthroughs, allowing users to observe each step of the testing process as it unfolds. Built with a modular and extensible architecture, PentestGPT supports cloud and local LLMs, making it suitable for research, education, and authorized security testing.
Features
- Autonomous Agentic Workflow – Executes end-to-end penetration testing with minimal human input using an intelligent, self-directed agent pipeline.
- LLM-Powered Reasoning Engine – Leverages advanced large language models to analyze targets, plan attacks, and adapt strategies dynamically.
- Multi-Domain Testing Support – Covers web, crypto, reversing, forensics, binary exploitation (PWN), and privilege escalation scenarios.
- Real-Time Walkthrough & Feedback – Displays live progress and reasoning steps as the agent performs each testing action.
- Docker-First, Reproducible Environment – Runs in an isolated container with preinstalled security tools for consistent and secure execution.
- Extensible & Multi-Model Architecture – Designed for easy customization with support for cloud-based and local LLM providers.
Project Samples
