pentest-ai-agents is a collection of 35 Claude Code subagents that turn Claude into an offensive security research assistant. Each agent carries deep domain knowledge in a specific area: recon, web, Active Directory, cloud, mobile, wireless, social engineering, payload crafting, reverse engineering, exploit chaining, detection engineering, forensics, and more.

Install the agent files. Open Claude Code. Describe your task. Claude routes to the right specialist automatically.

No servers, no Python deps, no setup beyond copying files.

What's New in v3.2

• 4 new agents: c2-operator (Sliver/Mythic/Havoc/Cobalt Strike profile tuning, beacon hygiene, redirector design), container-breakout (Docker/K8s escape, runc/cri-o CVEs, kubelet exploitation, RBAC abuse), opsec-anonymizer (operator-side identity hygiene, source IP design, burner infrastructure, fingerprint hygiene), llm-redteam (OWASP LLM Top 10 testing, prompt injection, RAG poisoning, MCP server abuse, agent tool abuse).
• Tightened scope guard: explicit hard-refusal list in _scope-guard.md covers DoS, mass scanning, unattended worms, false-flag operations, safety-of-life systems.
• Findings DB v2: vulns.tool_used column for filtering findings by the tool that produced them; new indexes on cve and tool_used. Existing engagements migrate forward via db/migrate.sh.
• Agent map diagram: visual flow from recon to closure mapped to agent names (see below).

Agent Map

flowchart LR
    classDef plan fill:#1a2a4a,stroke:#5a7ab8,color:#eaf0ff
    classDef recon fill:#1a3a2a,stroke:#5ab87a,color:#eaffea
    classDef exploit fill:#3a1a1a,stroke:#b85a5a,color:#ffeaea
    classDef post fill:#3a2a1a,stroke:#b8895a,color:#fff0ea
    classDef defense fill:#1a3a3a,stroke:#5ab8b8,color:#eaffff
    classDef report fill:#2a1a3a,stroke:#895ab8,color:#f0eaff

    EP[engagement-planner]:::plan
    OA[opsec-anonymizer]:::plan
    TM[threat-modeler]:::plan

    OS[osint-collector]:::recon
    RA[recon-advisor]:::recon
    VS[vuln-scanner]:::recon

    WH[web-hunter]:::exploit
    AS[api-security]:::exploit
    BL[bizlogic-hunter]:::exploit
    BB[bug-bounty]:::exploit
    AD[ad-attacker]:::exploit
    CS[cloud-security]:::exploit
    MP[mobile-pentester]:::exploit
    WP[wireless-pentester]:::exploit
    LR[llm-redteam]:::exploit
    SE[social-engineer]:::exploit
    PO[phishing-operator]:::exploit
    CT[ctf-solver]:::exploit
    CR[credential-tester]:::exploit
    PV[poc-validator]:::exploit
    EG[exploit-guide]:::exploit
    EC[exploit-chainer]:::exploit
    AP[attack-planner]:::exploit
    PC[payload-crafter]:::exploit
    RE[reverse-engineer]:::exploit

    PE[privesc-advisor]:::post
    CB[container-breakout]:::post
    C2[c2-operator]:::post
    CI[cicd-redteam]:::post
    SO[swarm-orchestrator]:::post

    DE[detection-engineer]:::defense
    FA[forensics-analyst]:::defense
    MA[malware-analyst]:::defense
    SA[stig-analyst]:::defense

    RG[report-generator]:::report

    EP --> OA --> OS
    EP --> TM
    OS --> RA --> VS
    VS --> WH & AS & BL & BB & AD & CS & MP & WP & LR
    SE --> PO
    BB --> WH
    PO --> PC --> C2
    AD --> CR
    AD --> PE
    CS --> CB
    CB --> PE
    WH --> PV
    AS --> PV
    PV --> EC --> AP
    EC --> EG
    PC --> RE
    RE --> MA
    AP --> SO
    C2 --> DE
    SO --> RG
    DE --> FA
    MA --> RG
    SA --> RG
    CT -.solo.-> RG
    CI -.pipeline.-> SO

Tier 1 (advisory) agents are routable from any task. Tier 2 (execution-capable) agents require a declared scope and live in the offensive operations cluster.

What's New in v3.1

• 3 new agents: payload-crafter (msfvenom, Donut, custom loaders), reverse-engineer (Ghidra, JadX, Radare2, Binwalk), phishing-operator (Evilginx, GoPhish, dnstwist)
• Slash commands: /recommend "freeform task" routes you to the right agent + concrete commands. /agents-for <tag> filters the catalog by domain.
• db/doctor.sh: audits which underlying CLI tools are installed on your box, grouped by agent. Shows ✔ and ✘ per tool with install hints.
• install.sh --tools: opt-in installer that pulls in the underlying tools via apt/brew/pacman + pipx/go/cargo.
• Extended agents: Commix added to web-hunter, RouterSploit added to vuln-scanner, targeted wordlist generation (cupp, CeWL, Mentalist, Crunch, hashid, haiti) added to credential-tester, full steganography toolkit added to ctf-solver.

Quick Start

One command:

curl -fsSL https://raw.githubusercontent.com/0xSteph/pentest-ai-agents/main/install.sh | bash

That's it. The script clones the repo to a temp dir, copies the agents to ~/.claude/agents/, and exits. Idempotent: safe to re-run for updates.

Then open Claude Code:

"Plan an internal network pentest for a 500-endpoint AD environment with a 2-week window."

Claude routes to the engagement planner agent and produces a phased plan with MITRE ATT&CK mappings.

Prefer to clone first?

git clone https://github.com/0xSteph/pentest-ai-agents.git
cd pentest-ai-agents && ./install.sh --global

Other install options:

./install.sh --project     # Install for current project only
./install.sh --global --lite  # Use Haiku for advisory agents (lower cost)
./install.sh --tools       # Install underlying CLI tools (nmap, nuclei, ffuf, etc.)
./install.sh --help        # All options

See INSTALL.md for step-by-step instructions, including first-time Claude Code setup.

Cheatsheet

Quick interactions once installed:

| Command | What It Does | |---------|--------------| | /recommend "phish a small SaaS team's IT department" | Picks the right agent and gives concrete next commands | | /agents-for web | Lists every agent relevant to web testing (web-hunter, api-security, bug-bounty, bizlogic-hunter) | | /agents-for cloud | Cloud-specific agents (cloud-security, cicd-redteam) | | db/doctor.sh | Audits which underlying CLI tools you have, grouped by agent. Shows ✔/✘ and install hints. | | db/doctor.sh --agent ad-attacker | Audit just the AD tooling stack | | db/doctor.sh --json | Machine-readable output for piping into a script | | install.sh --tools | Install the underlying tools via your package manager + pipx/go/cargo | | findings.sh init <id> | Start a new engagement (persistent SQLite findings DB) | | findings.sh stats | Engagement progress | | findings.sh export | Full JSON export | | bash handoff.sh | Markdown handoff report between sessions |

In Claude Code, just describing your task routes automatically:

"Plan an internal pentest for a 500-endpoint AD environment, 2-week window."
"I have a domain user, where do I look first in BloodHound?"
"Convert this SharpHound EXE into shellcode for an EDR test, with detection content."
"Reverse this firmware image and tell me what the cryptographic protocol looks like."
"Run a phishing simulation against acme-corp.com, set up GoPhish + Evilginx infrastructure."

Coverage

What the agents drive. Categories map to the same surface real adversaries operate across:

| Category | Agents | Underlying Tools (installable via install.sh --tools) | |----------|--------|--------------------------------------------------------| | Recon and OSINT | recon-advisor, osint-collector | nmap, masscan, rustscan, dig, whois, subfinder, amass, httpx, theHarvester, sherlock, holehe, maigret | | Vulnerability scanning | vuln-scanner | nuclei, nikto, RouterSploit, nmap NSE, OpenVAS/Nessus parsing | | Web app testing | web-hunter, api-security, bug-bounty, bizlogic-hunter | ffuf, gobuster, feroxbuster, sqlmap, dalfox, Commix, dirsearch, whatweb | | Active Directory | ad-attacker, credential-tester | BloodHound, Impacket, NetExec/CrackMapExec, Certipy, kerbrute, Responder, ldapsearch | | Credentials and cracking | credential-tester | Hydra, Hashcat, John, Medusa, cupp, CeWL, Crunch, Mentalist, hashid, haiti | | Cloud | cloud-security, cicd-redteam | aws/az/gcloud CLIs, Trivy, Prowler, ScoutSuite, Pacu | | Containers and K8s breakout | container-breakout | kubectl, kube-hunter, peirates, CDK, Falco rule pairing | | C2 operations | c2-operator | Sliver, Mythic, Havoc, Cobalt Strike, malleable profiles, redirector design | | AI / LLM red teaming | llm-redteam | Garak, PyRIT, Promptfoo, OWASP LLM Top 10, MITRE ATLAS | | Operator opsec | opsec-anonymizer | source IP design, burner identity, JA3/fingerpri