PentestCode: AI Agent Automates Penetration Testing with 18 Tools

A new open-source tool, PentestCode, is revolutionizing offensive security workflows by integrating autonomous AI agents into penetration testing processes. As a hard fork of OpenCode, PentestCode has been specifically redesigned to execute security tools, analyze their outputs, and make tactical decisions with minimal human intervention, all through a terminal interface.

The primary objective of PentestCode is to automate penetration testing methodologies. Users can initiate a test by providing a simple instruction, such as targeting a specific IP address with the goal of obtaining domain administrator access. The tool’s coordinator agent then takes over, performing tasks like conducting an Nmap scan, parsing the results into a structured engagement state, and identifying key patterns, such as ports indicative of a Domain Controller.

PentestCode AI Penetration Testing Agent

Following the initial scan, PentestCode deploys parallel enumeration subagents to assess services like SMB, LDAP, and HTTP. It attempts attacks like AS-REP roasting to extract crackable Kerberos hashes and utilizes any obtained credentials across discovered services, including SMB, WinRM, LDAP, and RDP. Successful logins trigger post-exploitation agents that extract sensitive information, with each step meticulously logged in an evidence chain.

Developed by Zhangir Ospanov, PentestCode employs a strategist-coordinator design inspired by Hierarchical Planning Task Scheduling Algorithms (HPTSA) research. This architecture reportedly offers a 4.3x improvement over single-agent approaches. The system comprises thirteen specialized agents handling various roles, such as reconnaissance, scanning, enumeration, exploitation, identity attacks, infrastructure protocol assessments, web application testing, post-exploitation, exploit development, false-positive filtering, and reporting. These agents share a unified engagement state in real time.

A standout feature of PentestCode is its shared state system, which tracks hosts, services, vulnerabilities (with confidence scores and statuses), credentials, access levels, and an entity relationship graph connecting findings. An attack-path module utilizes algorithms like Dijkstra and Yen’s K-shortest-paths to suggest optimal routes through this graph. This persistent state allows testers to resume multi-day engagements without losing context.

Beyond basic shell access, PentestCode integrates 18 tools tailored for offensive operations. Parsers convert raw outputs from tools like Nmap, Nuclei, NetExec, Gobuster, BloodHound, and sqlmap into structured state entries, ensuring comprehensive analysis. Additional tools handle tasks such as JWT analysis, XSS detection, credential-spray planning, scope validation, tunnel management, and report generation.

To extend the agent’s domain knowledge without code modifications, PentestCode offers nineteen on-demand “skill” packs. These markdown-based knowledge files cover phase checklists, service-specific tactics, and playbooks for Active Directory, web applications, and cloud environments.

While PentestCode presents a significant advancement in automated penetration testing, it’s important to note that the tool is still in beta. It lacks a graphical user interface (GUI) and integration with tools like Burp Suite. Additionally, it is not designed for stealth operations, making it less suitable for red-team scenarios requiring operational security (OPSEC). Users should also be aware of potential token costs, which can range from $5 to $50 depending on the scope of the engagement and the choice of large language model (LLM), with Claude Opus/Sonnet cited as outperforming GPT-4o and local models for multi-agent coordination.

The introduction of PentestCode underscores the growing trend of integrating AI into cybersecurity practices. By automating complex penetration testing workflows, tools like PentestCode can enhance efficiency and accuracy. However, security teams should carefully evaluate such tools, considering their current limitations and ensuring they align with organizational needs and security protocols.