MCPcopy
hub / github.com/GreyDGL/PentestGPT

github.com/GreyDGL/PentestGPT @v1.0.0 sqlite

repository ↗ · DeepWiki ↗ · release v1.0.0 ↗
732 symbols 2,586 edges 111 files 502 documented · 69%
README

Contributors Forks Stargazers Issues MIT License Discord

PentestGPT

AI-Powered Autonomous Penetration Testing Agent



<strong>Published at USENIX Security 2024</strong>






<a href="https://www.usenix.org/conference/usenixsecurity24/presentation/deng">Research Paper</a>
·
<a href="https://github.com/GreyDGL/PentestGPT/issues">Report Bug</a>
·
<a href="https://github.com/GreyDGL/PentestGPT/issues">Request Feature</a>

GreyDGL%2FPentestGPT | Trendshift

[!WARNING] PentestGPT is a research prototype only

PentestGPT is a research prototype that pioneered the use of GenAI in cybersecurity. Please be aware of third-party services claiming to offer paid PentestGPT products - the original project is free and open-source.


Demo

Installation

Installation Demo

Watch on YouTube

PentestGPT in Action

PentestGPT Demo

Watch on YouTube


What's New in v1.0 (Agentic Upgrade)

  • Autonomous Agent - Agentic pipeline for intelligent, autonomous penetration testing
  • Session Persistence - Save and resume penetration testing sessions
  • Docker-First - Isolated, reproducible environment with security tools pre-installed

In Progress: Multi-model support for OpenAI, Gemini, and other LLM providers


Features

  • AI-Powered Challenge Solver - Leverages LLM advanced reasoning to perform penetration testing and CTFs
  • Live Walkthrough - Tracks steps in real-time as the agent works through challenges
  • Multi-Category Support - Web, Crypto, Reversing, Forensics, PWN, Privilege Escalation
  • Real-Time Feedback - Watch the AI work with live activity updates
  • Extensible Architecture - Clean, modular design ready for future enhancements

Quick Start

Prerequisites

Installation

# Clone and build
git clone --recurse-submodules https://github.com/GreyDGL/PentestGPT.git
cd PentestGPT
make install

# Configure authentication (first time only)
make config

# Connect to container
make connect

Note: The --recurse-submodules flag downloads the benchmark suite. If you already cloned without it, run: git submodule update --init --recursive

Try a Benchmark

uv run pentestgpt-benchmark start XBEN-037-24 

Then connect into the container and run:

pentestgpt --target http://host.docker.internal:8000

Commands Reference

Command Description
make install Build the Docker image
make config Configure API key (first-time setup)
make connect Connect to container (main entry point)
make stop Stop container (config persists)
make clean-docker Remove everything including config

Usage

# Interactive TUI mode (default)
pentestgpt --target 10.10.11.234

# Non-interactive mode
pentestgpt --target 10.10.11.100 --non-interactive

# With challenge context
pentestgpt --target 10.10.11.50 --instruction "WordPress site, focus on plugin vulnerabilities"

Keyboard Shortcuts: F1 Help | Ctrl+P Pause/Resume | Ctrl+Q Quit


Using Local LLMs

PentestGPT supports routing requests to local LLM servers (LM Studio, Ollama, text-generation-webui, etc.) running on your host machine.

Prerequisites

  • Local LLM server with an OpenAI-compatible API endpoint
  • LM Studio: Enable server mode (default port 1234)
  • Ollama: Run ollama serve (default port 11434)

Setup

# Configure PentestGPT for local LLM
make config
# Select option 4: Local LLM

# Start your local LLM server on the host machine
# Then connect to the container
make connect

Customizing Models

Edit scripts/ccr-config-template.json to customize:

  • localLLM.api_base_url: Your LLM server URL (default: host.docker.internal:1234)
  • localLLM.models: Available model names on your server
  • Router section: Which models handle which operations
Route Purpose Default Model
default General tasks openai/gpt-oss-20b
background Background operations openai/gpt-oss-20b
think Reasoning-heavy tasks qwen/qwen3-coder-30b
longContext Large context handling qwen/qwen3-coder-30b
webSearch Web search operations openai/gpt-oss-20b

Troubleshooting

  • Connection refused: Ensure your LLM server is running and listening on the configured port
  • Docker networking: Use host.docker.internal (not localhost) to access host services from Docker
  • Check CCR logs: Inside the container, run cat /tmp/ccr.log

Telemetry

PentestGPT collects anonymous usage data to help improve the tool. This data is sent to our Langfuse project and includes: - Session metadata (target type, duration, completion status) - Tool execution patterns (which tools are used, not the actual commands) - Flag detection events (that a flag was found, not the flag content)

No sensitive data is collected - command outputs, credentials, or actual flag values are never transmitted.

Opting Out

# Via command line flag
pentestgpt --target 10.10.11.234 --no-telemetry

# Via environment variable
export LANGFUSE_ENABLED=false

Benchmarks

PentestGPT includes 100+ vulnerability challenges for testing and development.

pentestgpt-benchmark list                    # List all benchmarks
pentestgpt-benchmark list --levels 1         # Filter by difficulty
pentestgpt-benchmark list --tags sqli        # Filter by vulnerability type
pentestgpt-benchmark start XBEN-037-24       # Start a benchmark
pentestgpt-benchmark status                  # Check running benchmarks
pentestgpt-benchmark stop XBEN-037-24        # Stop a benchmark

Available Tags: sqli, xss, idor, ssti, ssrf, lfi, rce


Development

Prerequisites

Local Development

uv sync                                      # Install dependencies
uv run pentestgpt --target 10.10.11.234      # Run locally

Project Commands

make test          # Run pytest
make lint          # Run ruff linter
make typecheck     # Run mypy
make ci            # Run full CI simulation (lint, format, typecheck, test, build)
make ci-quick      # Quick CI without build step

Legacy Version

The previous multi-LLM version (v0.15) supporting OpenAI, Gemini, Deepseek, and Ollama is archived in legacy/:

cd legacy && pip install -e . && pentestgpt --reasoning gpt-4o

Citation

If you use PentestGPT in your research, please cite our paper:

@inproceedings{299699,
  author = {Gelei Deng and Yi Liu and Víctor Mayoral-Vilches and Peng Liu and Yuekang Li and Yuan Xu and Tianwei Zhang and Yang Liu and Martin Pinzger and Stefan Rass},
  title = {{PentestGPT}: Evaluating and Harnessing Large Language Models for Automated Penetration Testing},
  booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
  year = {2024},
  isbn = {978-1-939133-44-1},
  address = {Philadelphia, PA},
  pages = {847--864},
  url = {https://www.usenix.org/conference/usenixsecurity24/presentation/deng},
  publisher = {USENIX Association},
  month = aug
}

License

Distributed under the MIT License. See LICENSE.md for more information.

Disclaimer: This tool is for educational purposes and authorized security testing only. The authors do not condone any illegal use. Use at your own risk.


Contact

  • Gelei Deng - LinkedIn - gelei.deng@ntu.edu.sg
  • Yi Liu - yi009@e.ntu.edu.sg
  • Yuekang Li - yuekang.li@unsw.edu.au
  • Víctor Mayoral Vilches - LinkedIn - v.mayoralv@gmail.com
  • Peng Liu - liu_peng@i2r.a-star.edu.sg

Acknowledgments

(back to top)

Core symbols most depended-on inside this repo

get
called by 131
pentestgpt/core/events.py
create
called by 33
pentestgpt/core/session.py
subscribe
called by 26
pentestgpt/core/events.py
get
called by 24
pentestgpt/benchmark/registry.py
send_message
called by 21
legacy/pentestgpt/utils/llm_api.py
prompt_ask
called by 17
legacy/pentestgpt/utils/prompt_select.py
run
called by 16
pentestgpt/core/controller.py
run
called by 15
legacy/tasks/example_sqlmap.py

Shape

Method 489
Class 130
Function 107
Route 6

Languages

Python100%

Modules by API surface

pentestgpt/interface/tui.py32 symbols
tests/unit/test_backend_interface.py23 symbols
legacy/pentestgpt/utils/chatgpt.py22 symbols
tests/integration/test_benchmark_cli.py21 symbols
tests/unit/test_flag_detection.py20 symbols
legacy/benchmark/evaluator.py20 symbols
pentestgpt/core/session.py19 symbols
pentestgpt/core/backend.py19 symbols
legacy/benchmark/pentestTarget.py19 symbols
tests/unit/test_events.py18 symbols
tests/docker/test_container_health.py17 symbols
tests/integration/test_controller.py16 symbols

Dependencies from manifests, versioned

aiohappyeyeballs2.4.3 · 1×
aiohttp3.10.10 · 1×
aiosignal1.3.1 · 1×
annotated-types0.7.0 · 1×
anthropic0.75.0 · 1×
anyio4.6.2.post1 · 1×
async-timeout4.0.3 · 1×
attrs24.2.0 · 1×
backoff2.2.1 · 1×
beautifulsoup44.11.2 · 1×
black24.10.0 · 1×
cachetools5.5.0 · 1×

For agents

$ claude mcp add PentestGPT \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact