AI-powered autonomous penetration testing agent built with LangChain + Claude.
PentestMind orchestrates a full pentest engagement: reconnaissance β scanning β CVE correlation β MITRE ATT&CK mapping β risk scoring β professional report β all driven by a ReAct agent that reasons over tool outputs in natural language.
β οΈ Legal Notice: PentestMind is intended for authorised security assessments only. Using it against systems without explicit written permission is illegal. Always operate within agreed scope and rules of engagement.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β PentestMind β
β β
β CLI (main.py) βββΊ FastAPI (api/server.py) β
β β β
β βββββββββββΌβββββββββββ β
β β Orchestrator β β Plans phases β
β βββββββββββ¬βββββββββββ β
β β β
β βββββββββββΌβββββββββββ β
β β Brain Agent β β ReAct reasoning β
β β (LangChain + Claudeβ β
β ββββ¬βββββββ¬βββββββ¬ββββ β
β β β β β
β ββββββββββΌβ ββββΌββββ ββΌβββββββββββββ β
β β Nmap β β MSF β β CVE / MITRE β β
β β Wrapper β β RPC β β Lookup β β
β βββββββββββ ββββββββ βββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββ β
β β RAG Memory (ChromaDB) β β
β β Risk Engine β Webhook Handler β β
β βββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- Python 3.12+
nmapinstalled (apt install nmap/brew install nmap)- Anthropic API key
git clone https://github.com/yourorg/pentestmind
cd pentestmind
python -m venv .venv && source .venv/bin/activate
pip install -r requirements.txtcp .env.example .env
# Edit .env and set ANTHROPIC_API_KEY at minimumpython main.py ingest# Quick Nmap scan
python main.py scan 192.168.1.100 --ports 1-1024
# Look up a CVE
python main.py cve CVE-2021-41773
# Send a one-off AI task
python main.py task 192.168.1.100 "Scan for open ports and check services for known vulnerabilities"python main.py engage 192.168.1.100 --scope "all ports" --auth fullpython main.py serve
# API docs at http://localhost:8000/docs# Build and start all services (API + Metasploit + ChromaDB)
cp .env.example .env # edit first
docker-compose up -d
# View logs
docker-compose logs -f pentestmind
# Stop
docker-compose downAll endpoints (except /health, /, and /webhooks/*) require:
X-API-Key: <your API_SECRET_KEY>
| Method | Path | Description |
|---|---|---|
GET |
/health |
Health check |
POST |
/engagements |
Create & plan engagement |
POST |
/engagements/{id}/execute |
Run engagement (background) |
GET |
/engagements/{id}/report |
Get Markdown report |
POST |
/agents/{target}/task |
Send task to BrainAgent |
POST |
/cve/lookup |
Fetch CVE from NVD |
POST |
/cve/search |
Search CVEs by keyword |
POST |
/mitre/technique |
Look up ATT&CK technique |
GET |
/mitre/search?q=... |
Search ATT&CK techniques |
POST |
/memory/ingest |
Ingest knowledge base |
GET |
/memory/search?q=... |
Semantic search memory |
POST |
/webhooks/{source} |
Receive scanner webhook |
Full interactive docs: http://localhost:8000/docs
Send scanner output directly to PentestMind for automatic enrichment and risk scoring.
nuclei -target https://example.com -json-export nuclei_out.json
curl -X POST http://localhost:8000/webhooks/nuclei \
-H "Content-Type: application/json" \
-d @nuclei_out.jsonConfigure ZAP's "Active Scan" β Alerts export to:
http://localhost:8000/webhooks/zap
import hashlib, hmac, time, requests
secret = b"your-webhook-secret"
payload = json.dumps(data).encode()
ts = str(int(time.time()))
sig = hmac.new(secret, ts.encode() + b"." + payload, hashlib.sha256).hexdigest()
requests.post(
"http://localhost:8000/webhooks/custom",
data=payload,
headers={
"X-PentestMind-Signature": sig,
"X-PentestMind-Timestamp": ts,
"Content-Type": "application/json",
},
)pentestmind/
βββ agents/
β βββ brain_agent.py # Core ReAct LangChain agent
β βββ orchestrator.py # Engagement planner & executor
βββ api/
β βββ server.py # FastAPI REST server
βββ config.py # Pydantic settings (all env vars)
βββ data/
β βββ chroma_db/ # ChromaDB vector store (git-ignored)
β βββ knowledge_base/ # Seed documents for RAG
β βββ reports/ # Generated Markdown reports
βββ main.py # CLI entry point (Typer)
βββ modules/
β βββ cve/ # NVD client + CVE parser
β βββ llm/ # LLM client wrapper (Claude)
β βββ mitre/ # MITRE ATT&CK STIX loader
β βββ rag/ # Embeddings + ChromaDB memory
β βββ scoring/ # Risk engine + Finding model
β βββ webhooks/ # Scanner webhook handler + schemas
βββ tests/ # Pytest test suite
βββ tools/
β βββ msf_wrapper.py # Metasploit LangChain tools
β βββ nmap_wrapper.py # Nmap LangChain tool
β βββ safe_executor.py # Sandboxed subprocess runner
βββ utils/
βββ logger.py # Loguru structured logging
βββ prompts.py # All LangChain prompt templates
pytest tests/ -v --tb=short
pytest tests/ --cov=. --cov-report=htmlPentestMind has multiple layers of safety:
| Layer | Mechanism |
|---|---|
| SAFE_MODE | Blocks all MSF module execution when true (default) |
| CIDR allowlist | ALLOWED_TARGET_CIDRS restricts scannable IPs |
| Command blocklist | SafeExecutor blocks destructive shell commands |
| Confirmation gate | confirm=True required before any exploit runs |
| Authorisation prompt | CLI and agent always ask for written auth confirmation |
| Audit log | Every action logged to data/logs/audit.log |
See .env.example for the full list with descriptions.
Minimum required: ANTHROPIC_API_KEY
- Fork the repo
- Create a feature branch (
git checkout -b feat/my-feature) - Write tests for your changes
- Run
pytestandruff check . - Open a PR with a clear description
MIT β see LICENSE for details.
Always use responsibly and within authorised scope.