PentestCode AI Agent Automates Penetration Testing With 18 Security Tools


PentestCode is a new open-source AI penetration testing agent that can run security tools, analyze their results and coordinate parts of an authorized security assessment from a terminal.

The project combines 13 AI agents, 18 specialized tools and a persistent engagement state. It can automate repetitive work across reconnaissance, service enumeration, vulnerability analysis, credential testing, post-exploitation and report generation.

Developer Zhangir Ospanov describes PentestCode as a force multiplier for professional testers rather than a replacement for human expertise. The software remains at an early stage and has significant limitations in complex, creative and stealth-focused engagements.

What is PentestCode?

PentestCode is a hard fork of OpenCode, an open-source AI coding agent. Its developer rebuilt the terminal-based framework around offensive security workflows and licensed the resulting project under the MIT License.

A tester can provide a target, scope and objective. The coordinating agent then divides the engagement into tasks and assigns them to specialist agents, which can work in parallel.

Each specialist receives its own instructions, tool permissions and security knowledge. Discoveries move into a shared state, allowing one agent to use information collected by another without relying entirely on the conversation history.

FeaturePentestCode implementation
InterfaceTerminal-based user interface
ArchitectureStrategist, coordinator and specialist agents
Specialist agents13 agents, including hidden session-management agents
Built-in security tools18 tools in addition to shell access
Knowledge packs19 on-demand skills
AI providersMore than 20 supported providers
Operating systemsLinux and macOS on x64 and ARM64
LicenseMIT

How the multi-agent system works

The lead agent acts as a strategist and coordinator. It evaluates the objective, creates tasks, delegates work to specialists and checks the shared engagement state before deciding what to do next.

Specialists cover reconnaissance, scanning, enumeration, exploitation, identity systems, infrastructure protocols, web applications, post-exploitation and exploit development. Other agents review possible false positives and prepare reports.

The design takes inspiration from HPTSA research on teams of security agents. That study found that hierarchical planning and task-specific agents improved results by up to 4.3 times over earlier agent frameworks on a small benchmark of 14 web vulnerabilities.

  • A coordinator creates and tracks security-testing tasks.
  • Specialists can run concurrently within configured limits.
  • Agents share hosts, services, credentials and findings.
  • A critic agent checks suspected vulnerabilities for false positives.
  • A reporting agent converts structured evidence into assessment reports.

Persistent state records findings across sessions

PentestCode stores discovered assets and findings in structured files instead of leaving them only in an AI conversation. This gives the agent a form of persistent memory and lets testers resume an engagement in a later session.

The state can contain hosts, operating systems, ports, services, vulnerabilities, credentials, access levels, network segments and Active Directory information. Vulnerability records can include confidence scores, status fields and supporting evidence.

The project documentation also describes an entity graph that connects findings through relationships such as credentials obtained from a system, administrative access and possible pivot routes.

Recorded objectExample information
HostsIP addresses, hostnames and detected operating systems
ServicesPorts, protocols, banners and software versions
VulnerabilitiesSeverity, confidence, evidence and validation status
CredentialsUsernames, credential types and validated services
AccessHost, access method and privilege level
RelationshipsAttack paths, credential sources and pivot opportunities

PentestCode includes 18 specialized tools

The project advertises 18 built-in penetration-testing tools beyond standard shell access. Several of them parse output from established security utilities and move the results into the engagement state.

Supported parsers cover Nmap, Nuclei, NetExec, Gobuster, BloodHound and sqlmap output. Other functions analyze JSON Web Tokens, inspect responses for cross-site scripting, plan credential validation, check scope and generate reports.

PentestCode requires agents to use its parsers after selected scans. This reduces the chance that findings remain trapped in raw output, although it does not guarantee that the AI will interpret every result correctly.

  • Nmap result parsing and host discovery
  • Nuclei vulnerability result processing
  • NetExec credential and access parsing
  • Gobuster directory result classification
  • BloodHound Active Directory data processing
  • sqlmap injection result parsing
  • JWT analysis and XSS detection
  • Scope validation and credential-test planning
  • Tunnel tracking and attack-path suggestions
  • State management and report generation

The attack-path module uses graph-search methods to suggest routes between the attackerโ€™s current access and an engagement objective. It applies cost-based Dijkstra and Yenโ€™s K-shortest-path algorithms to the stored relationship graph.

This approach can help testers identify how a weak service, exposed credential and excessive privilege might combine into a larger security risk. A human tester must still validate whether the suggested route works and remains within scope.

The design follows the broader idea behind hierarchical planning with specialist agents, where a planning component explores available options and delegates narrow tasks instead of asking one model to manage the entire assessment.

Version 0.2.2 reduces token use and repeated work

The developer released PentestCode 0.2.2 on July 16. The update enables a deterministic orchestrator by default and limits the number of concurrent subagents to reduce provider overload errors.

The release can send large Nmap, Nuclei and Gobuster outputs to a less expensive secondary model for summarization. The main model continues to handle reasoning, while the original output remains available for later retrieval.

Version 0.2.2 also adds a ledger for resolved attack vectors. The system records unsuccessful paths so agents have less reason to repeat tests that already produced a clear result.

  • Bounded orchestration limits parallel agent activity.
  • A configurable small model summarizes large tool output.
  • Provider-specific limits reduce API overload errors.
  • Resolved attack paths remain recorded.
  • Updated session controls distinguish graceful completion from immediate termination.

Supported AI models and expected costs

PentestCode supports more than 20 AI providers through its inherited model integration layer. Options include Anthropic, OpenAI, Google, Azure, AWS Bedrock, Ollama, Together, Groq, DeepSeek and Mistral.

The developer estimates that a real engagement may consume between $5 and $50 in API calls, depending on the selected model, target size and amount of tool output. Large scans and repeated operations can raise that cost.

The project documentation reports stronger multi-agent coordination with Claude Opus and Sonnet than with GPT-4o or local models. This represents the developerโ€™s experience rather than an independent, standardized comparison.

Important limitations and security concerns

PentestCode has no graphical interface, browser automation, proxy interception or Burp Suite integration. It works through a terminal and depends on external security utilities installed in the testing environment.

The agent may repeat scans, miss vulnerabilities, report false positives or choose an inefficient testing path. Its APIs and state format may also change between releases because development remains active.

The latest PentestCode release improves orchestration, but it does not remove the need for supervision. Testers must review commands, validate findings and protect any credentials or client data supplied to cloud AI providers.

LimitationPractical effect
No stealth focusActivity may trigger monitoring and security controls
No Burp Suite integrationLimited support for interactive web proxy workflows
No browser automationComplex client-side application testing remains difficult
Model-dependent resultsPerformance varies between AI providers
API expensesLarge engagements may generate significant token costs
Early-stage softwareFeatures and file formats may change

PentestCode must only run on authorized targets

Automated penetration-testing agents can execute intrusive scans and exploitation tools quickly. Running them against systems without explicit permission can disrupt services and violate computer misuse laws.

Organizations evaluating PentestCode should begin in isolated labs, capture-the-flag environments or test networks. They should use strict scope definitions, low-privilege credentials, controlled API access and human approval for high-impact actions.

As a fork of the OpenCode agent, PentestCode inherits a powerful command-execution foundation. Security teams should treat the agent itself as privileged software and isolate it from production credentials and unrelated networks.

FAQ

What is PentestCode?

PentestCode is an open-source, terminal-based AI agent that coordinates security tools and specialist agents during authorized penetration tests. It is a hard fork of OpenCode.

How many agents and tools does PentestCode include?

The project advertises 13 agents, 18 built-in penetration-testing tools and 19 on-demand knowledge packs.

Can PentestCode perform a penetration test automatically?

PentestCode can automate reconnaissance, enumeration, result analysis, credential validation and reporting. Human testers must still define the scope, supervise its actions and validate the findings.

What is the latest PentestCode version?

PentestCode 0.2.2 is the latest verified release. It was published on July 16, 2026, with changes designed to improve orchestration and reduce token use.

Does PentestCode support local AI models?

Yes. PentestCode supports Ollama and other providers, alongside cloud services from Anthropic, OpenAI, Google, Azure and AWS. Results may vary considerably between models.

Is PentestCode safe to use on production systems?

Security teams should first evaluate it in an isolated test environment. It can run intrusive security tools and may repeat actions or make incorrect decisions, so production use requires explicit authorization, strict scope controls and active human supervision.

Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

User forum

0 messages