Guardian AI Penetration Testing Framework Launches with Multi-LLM Agent Architecture

Guardian delivers enterprise-grade AI penetration testing automation. The open-source framework orchestrates GPT-4, Claude, Gemini, and OpenRouter across 19 security tools. Four specialized agents handle planning, tool selection, analysis, and reporting for adaptive assessments.

Zakir Kun developed Guardian to replace manual pentesting workflows. Agents collaborate like human teams. Planner sets strategy. Tool Selector picks optimal tools. Analyst filters false positives. Reporter generates executive documentation. Evidence chains every finding to raw outputs.

The framework adapts dynamically to discovered vulnerabilities. Asynchronous execution runs three tools parallel by default. YAML workflows customize Recon, Web, Network, and Autonomous modes. Reports export Markdown, HTML, or JSON with 2000-character evidence snippets.

Agent Architecture

Four agents execute coordinated workflows.

Agent	Role	Key Functions
Planner	Strategy	Scope analysis, attack path planning, phase sequencing
Tool Selector	Execution	Tool selection from 19 options, parameter optimization
Analyst	Intelligence	False positive suppression, risk prioritization, chaining
Reporter	Documentation	Executive summaries, evidence linking, remediation

Pipeline simulates senior pentester decision-making. Each agent specializes while sharing context.

19-Tool Arsenal

Comprehensive coverage across security domains.

Network Scanning

• Nmap: Service detection, OS fingerprinting
• Masscan: Large-scale port discovery

Web Reconnaissance

• httpx: HTTP probing, status analysis
• WhatWeb: Technology fingerprinting
• Wafw00f: Firewall detection

Subdomain Discovery

• Subfinder: Passive enumeration
• Amass: Active/passive mapping
• DNSRecon: DNS brute force, zone transfers

Vulnerability Scanning

• Nuclei: Template-based scanning
• Nikto: Web server checks
• SQLMap: SQL injection automation
• WPScan: WordPress enumeration

SSL/TLS Analysis

• TestSSL: Cipher suite grading
• SSLyze: Protocol configuration

Content Discovery

• Gobuster: Directory brute force
• FFuf: Advanced fuzzing
• Arjun: Parameter discovery

Advanced Analysis

• XSStrike: XSS detection
• GitLeaks: Secret scanning
• CMSeeK: CMS identification

Workflow Customization

YAML priority hierarchy enables parallel engagements.

Workflow YAML > Global config > Tool defaults

Predefined modes:

• Recon: Passive mapping + subdomain enum
• Web: App scanning + parameter fuzzing
• Network: Port scanning + service enum
• Autonomous: Full-chain adaptive testing

Safety and Compliance

Built-in controls prevent unauthorized use.

• RFC-1918 blacklisting: No private network scanning
• Safe mode default: Blocks destructive operations
• Human-in-loop prompts: Sensitive action confirmation
• Audit logging: Complete AI decision trace
• Scope validation: Automatic target validation

Technical Requirements

Cross-platform deployment with minimal dependencies.

Python 3.11+
1+ AI provider API key
Subset of 19 tools (adapts to availability)
Linux/macOS/Windows

Environment variable key management. Version 2.0.0 ships with parallel execution.

Performance Optimization

Asynchronous tool execution cuts assessment time.

• Default: 3 parallel tools
• Configurable concurrency limits
• Intelligent tool chaining
• False positive suppression accelerates analysis

Reporting Capabilities

Multi-format outputs with full provenance.

Format	Use Case	Features
Markdown	Technical teams	Syntax highlighting, evidence snippets
HTML	Executives	Visual dashboards, risk heatmaps
JSON	Automation	SIEM integration, API consumption

Every finding links to originating command with 2000-character context.

Roadmap Priorities

Version 3.0 development targets enterprise scale.

• Web dashboard visualization
• PostgreSQL multi-session tracking
• MITRE ATT&CK mapping
• CI/CD pipeline integration
• Plugin architecture
• Llama/Mistral model support

Enterprise Integration

Security teams gain immediate operational impact.

Immediate deployment:

1. Clone GitHub repository
2. Configure AI provider keys
3. Select target workflow
4. Install available tools
5. Execute assessment


Production hardening:

• Centralized API key vault
• Results database aggregation
• Custom workflow library
• Team access controls

Strategic Value Proposition

Guardian compresses weeks of manual testing into hours. Multi-LLM approach mitigates single-provider risks. Evidence capture satisfies compliance audits. Adaptive workflows handle diverse targets.

Key differentiators:

• Agent specialization vs monolithic prompts
• 19-tool coverage vs single-tool wrappers
• Evidence provenance vs black-box outputs
• Safety controls vs unrestricted agents

Discord Community: discord.gg/guardian-ai

FAQ