PentestCode – New AI Agent That Automates Penetration Testing with 18 Specialized Tools

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Spread the love

A new open-source tool is bringing autonomous AI agents into offensive security workflows. PentestCode, a hard fork of OpenCode rebuilt specifically for penetration testing, runs security tools, analyzes their output, and makes tactical decisions all from a terminal interface, with minimal human intervention required.

The tool’s core pitch is methodology automation. A tester can input a single instruction, for example, targeting an IP with a goal of domain admin, and PentestCode’s coordinator agent takes over.

It runs an nmap -sS -p- scan, auto-parses results into a structured engagement state, and recognizes patterns like ports 88 and 389 signaling a Domain Controller.

PentestCode AI Penetration Testing Agent

From there, it spawns parallel enumeration subagents for SMB, LDAP, and HTTP, attempts an AS-REP roasting attack to harvest crackable Kerberos hashes, and sprays any resulting credentials across every discovered service: SMB, WinRM, LDAP, RDP.

A successful WinRM login triggers a post-exploitation agent that dumps SAM, LSA, and DPAPI secrets, with every step logged in an evidence chain.

PentestCode developed by Zhangir Ospanov uses a strategist-coordinator design based on HPTSA research, which its developers claim delivers a 4.3x improvement over single-agent approaches.

Thirteen agents handle distinct roles: recon, scanning, enumeration, exploitation, Active Directory/Kerberos identity attacks, infrastructure protocols like SNMP and IPMI, web application testing, post-exploitation, exploit development, false-positive filtering, and reporting, all sharing a unified engagement state in real time.

That shared state is arguably the project’s most distinctive feature. It tracks hosts, services, vulnerabilities (with confidence scores and status), credentials, access levels, and an entity relationship graph connecting findings via labels like EXPLOITED_VIA and PIVOT_TO.

An attack-path module uses cost-based Dijkstra and Yen’s K-shortest-paths algorithms to suggest routes through this graph. State persists across sessions, so testers can resume multi-day engagements without losing context.

Beyond generic shell access, PentestCode includes 18 tools tailored for offensive work. Parsers convert raw output from Nmap, Nuclei, NetExec, Gobuster, BloodHound, and sqlmap directly into structured state entries, and using them is mandatory, preventing findings from slipping through manual grep work.

Additional tools handle JWT analysis, XSS detection, credential-spray planning, scope validation, tunnel management, and report generation.

Nineteen on-demand “skill” packs, markdown-based knowledge files covering phase checklists, service-specific tactics, and playbooks for AD, web apps, and cloud, extend the agent’s domain knowledge without code changes.

The tool can be downloaded from GitHub and is described as “not stealthy,” ill-suited for red-team OPSEC scenarios, and prone to redundant tool runs.

Token costs for real engagements can run $5–50 depending on scope and LLM choice, with Claude Opus/Sonnet cited as outperforming GPT-4o and local models for multi-agent coordination.

Security teams evaluating AI-driven offensive tools should note PentestCode remains beta software with no GUI, no Burp Suite integration, and evolving APIs, positioning it as a force multiplier for methodical enumeration rather than a replacement for human-led complex exploit chains or creative attack development.

 Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.