pentestagent: an autonomous AI penetration testing framework with multi-agent orchestration and MCP integration

What it solves

PentestAgent is an AI-driven penetration testing framework designed to automate security assessments. It solves the problem of manually executing complex, multi-step security tests by providing an autonomous agent that can use professional pentesting tools, follow structured attack playbooks, and manage its own findings.

How it works

The system uses a Large Language Model (LLM) via LiteLLM to orchestrate security tasks. It can operate in several modes: single-shot instructions (Assist), autonomous task execution (Agent), multi-agent orchestration (Crew), and guided interaction (Interact).

Key technical features include:

• Tool Integration: It integrates with a terminal, browser, and external tools via the Model Context Protocol (MCP), allowing it to run commands like nmap or sqlmap (especially when run inside a Docker container for isolation).
• Agent Self-Spawning: The agent can spawn isolated child copies of itself as subordinate MCP servers to delegate subtasks in parallel.
• RAG & Memory: It uses a Retrieval-Augmented Generation (RAG) system for methodologies and CVEs, and a "Shadow Graph" to track findings and derive strategic insights from notes.
• MCP Server Mode: It can act as an MCP server itself, allowing other AI clients (like Claude Desktop or Cursor) to control it.

Who it’s for

It is intended for security researchers and penetration testers who want to automate reconnaissance, vulnerability scanning, and exploitation workflows while maintaining a high degree of control through a TUI (Terminal User Interface).

Highlights

• Autonomous Multi-Agent Workflows: Ability to spawn child agents for parallel task execution.
• MCP Compatibility: Both consumes external MCP servers and exposes its own functionality as an MCP server.
• Attack Playbooks: Includes prebuilt structured approaches for black-box security testing.
• RAG Tool Optimizer: Automatically manages large tool catalogues using embedding similarity to keep context windows efficient.
• Session Management: Features a TUI with the ability to rewind or fork conversations to test different attack paths.