Skip to content

s0ld13rr/pentestcode

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

pentestcode

AI penetration testing agent in your terminal.
Multi-agent architecture • Engagement state tracking • 20+ LLM providers

Release License Stars


Hard fork of OpenCode (MIT). Stripped the code-editing focus, rebuilt for penetration testing.

Install

curl -fsSL https://raw.githubusercontent.com/s0ld13rr/pentestcode/main/install.sh | bash

Self-contained binary — no Bun, Node, or runtime needed.

Other options

Pin version:

PENTESTCODE_VERSION=0.1.7 curl -fsSL https://raw.githubusercontent.com/s0ld13rr/pentestcode/main/install.sh | bash

Custom directory:

PENTESTCODE_INSTALL=/usr/local/bin curl -fsSL https://raw.githubusercontent.com/s0ld13rr/pentestcode/main/install.sh | bash

From source:

bun install
bun run build --single --skip-embed-web-ui
# binary at packages/opencode/dist/pentestcode-<os>-<arch>/bin/pentestcode

Quick Start

pentestcode                           # launch TUI
pentestcode -p "scan 10.10.10.0/24"   # one-shot prompt
pentestcode -s <session-id>           # resume session

On first launch, configure your LLM provider — Anthropic, OpenAI, Google, local Ollama, or any of 20+ providers via ai-sdk.

Architecture

Strategist-coordinator model based on HPTSA research (4.3x improvement over single-agent):

                    ┌─────────────┐
                    │   pentest   │  strategist / coordinator
                    │   (lead)    │  plans, dispatches, tracks OODA loop
                    └──────┬──────┘
           ┌───────┬───────┼───────┬───────┐
           ▼       ▼       ▼       ▼       ▼
        ┌──────┐┌──────┐┌──────┐┌──────┐┌──────┐
        │recon ││scan- ││explo-││iden- ││post- │
        │      ││ner   ││iter  ││tity  ││explo │  ... + 7 more
        └──────┘└──────┘└──────┘└──────┘└──────┘

13 specialist agents — scanner, enumerator, exploiter, identity (AD/Kerberos), infrastructure, webapp, post-exploit, exploit-dev, critic, reporter, recon, and more. Each has domain-specific prompts, tool permissions, and knowledge.

Features

Engagement State — persistent tracking of hosts, services, vulns, credentials, access levels, relationships, AD domain model. Shared across all agents in real-time.

18 Pentest Tools — nmap/nuclei/netexec/gobuster/bloodhound/sqlmap parsers, XSS detection, JWT analysis, credential spray planner, tunnel management, attack path derivation (Dijkstra + Yen's K-shortest), scope checker, phase control, report generator.

19 Skills — phase checklists (6), service knowledge packs (9), methodology playbooks (4). Loaded on demand as markdown — no code changes needed to add your own.

Phased Methodology — Recon → Enumeration → Vuln Assessment → Exploitation → Post-Exploitation → Reporting. Quality gates block premature phase transitions.

Three Modesauto (phased autopilot), free (on-demand), guided (step-by-step approval).

Intelligence Layer — state diffs between turns, auto-critic for unvalidated findings, decision memory with failure tracking, inter-agent interrupt alerts, agent context carry across spawns, cost-based attack path derivation.

Slash Commands

Command What it does
/status Engagement dashboard
/targets Host & service table
/vulns Findings by severity
/creds Discovered credentials
/scope View/edit scope
/phase Phase management
/mode Switch auto/free/guided
/report Generate report

Universal

Works for penetration testing, bug bounty, vulnerability research, CTF, and infrastructure security. Not narrowly scoped to one use case.

License

MIT — see LICENSE.