pentest-ai-agents \u2013 28 Claude Code Subagents for Penetration Testing
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A new open-source toolkit called pentest-ai-agents is redefining how security professionals leverage AI in penetration testing workflows, transforming Anthropic\u2019s Claude Code<\/a> into a fully specialized offensive security research assistant powered by 28 domain-specific subagents.<\/p>\n Released by security researcher 0xSteph on GitHub, pentest-ai-agents is a collection of 28 Claude Code subagents, each carrying deep domain expertise across the full penetration testing lifecycle<\/a>.<\/p>\n Coverage spans reconnaissance, web application testing, Active Directory attacks, cloud security, mobile pentesting, wireless attacks, social engineering, exploit chaining, detection engineering, forensics, malware analysis, and report generation.<\/p>\n Rather than relying on a single general-purpose AI model, the framework automatically routes each query to the most appropriate specialist agent.<\/p>\n Setup requires no servers, no external dependencies, and no complex configuration. A single command handles everything:<\/p>\n The script clones the repository, copies all 28 agent files to Additional install options support project-scoped deployments ( The toolkit introduces a two-tier execution model for safety and flexibility. Tier 1 agents operate in advisory mode, users paste tool output, and receive prioritized analysis, methodology guidance, and recommended next commands.<\/p>\n Tier 2 agents go further, composing and executing commands directly against a declared, authorized scope, with Claude Code displaying each command for explicit approval before execution.<\/p>\n Tier 2 agents include the Recon Advisor (nmap, whois, whatweb), Web Hunter (ffuf, sqlmap, dalfox), AD Attacker (BloodHound<\/a>, Impacket, CrackMapExec, Certipy), Exploit Chainer, PoC Validator, and Business Logic Hunter. Every offensive action is mapped to MITRE ATT&CK identifiers and paired with defensive context.<\/p>\n A built-in SQLite-backed findings database ( Tier 2 agents write to this database automatically when For air-gapped or privacy-sensitive environments, agents can be converted to OpenCode custom commands compatible with Ollama, LM Studio, or any local model via the included A companion MCP server ( Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post pentest-ai-agents \u2013 28 Claude Code Subagents for Penetration Testing<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nPentest-AI-Agents Installation<\/strong><\/h2>\n
bash
curl -fsSL https:\/\/raw.githubusercontent.com\/0xSteph\/pentest-ai-agents\/main\/install.sh | bash<\/code><\/pre>\n~\/.claude\/agents\/<\/code>, and exits cleanly. It is fully idempotent, meaning re-running it safely updates existing agents.<\/p>\n--project<\/code>) and a cost-optimized lite mode<\/strong> (--global --lite<\/code>) that runs advisory agents on Claude Haiku for reduced token consumption.<\/p>\nPersistent Findings and MCP Support<\/strong><\/h2>\n
findings.sh<\/code>) persists engagement data across Claude Code sessions, enabling multi-day operations with seamless handoffs.<\/p>\nfindings.sh<\/code> is in the system PATH. The Report Generator agent produces professional pentest reports complete with executive summaries, CVSS scoring, and remediation roadmaps.<\/p>\nopencode-setup.sh<\/code> script.<\/p>\npentest-ai<\/code>) extends the ecosystem with 150+ tool wrappers, autonomous exploit chaining, and CI\/CD pipeline integration<\/a> for Claude Desktop, Cursor, and VS Code Copilot.<\/p>\n<\/blockquote>\n