GreyDGL/PentestGPT

PentestGPT

AI-Powered Autonomous Penetration Testing Agent
Published at USENIX Security 2024

Research Paper · Report Bug · Request Feature

[!WARNING] PentestGPT is a research prototype only

PentestGPT is a research prototype that pioneered the use of GenAI in cybersecurity. Please be aware of third-party services claiming to offer paid PentestGPT products - the original project is free and open-source.

Demo

Installation

Watch on YouTube

PentestGPT in Action

Watch on YouTube

What’s New in v1.0 (Agentic Upgrade)

Autonomous Agent - Agentic pipeline for intelligent, autonomous penetration testing
Session Persistence - Save and resume penetration testing sessions
Docker-First - Isolated, reproducible environment with security tools pre-installed

In Progress: Multi-model support for OpenAI, Gemini, and other LLM providers

Features

AI-Powered Challenge Solver - Leverages LLM advanced reasoning to perform penetration testing and CTFs
Live Walkthrough - Tracks steps in real-time as the agent works through challenges
Multi-Category Support - Web, Crypto, Reversing, Forensics, PWN, Privilege Escalation
Real-Time Feedback - Watch the AI work with live activity updates
Extensible Architecture - Clean, modular design ready for future enhancements

Quick Start

Prerequisites

Docker (required) - Install Docker
LLM Provider (choose one):
- Anthropic API Key from console.anthropic.com
- Claude OAuth Login (requires Claude subscription)
- OpenRouter for alternative models at openrouter.ai
- Tutorial: Using Local Models with Claude Code

Installation

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


# Clone and build
git clone --recurse-submodules https://github.com/GreyDGL/PentestGPT.git
cd PentestGPT
make install

# Configure authentication (first time only)
make config

# Connect to container
make connect

Note: The --recurse-submodules flag downloads the benchmark suite. If you already cloned without it, run: git submodule update --init --recursive

Try a Benchmark

1

uv run pentestgpt-benchmark start XBEN-037-24

Then connect into the container and run:

1

pentestgpt --target http://host.docker.internal:8000

Commands Reference

Command	Description
`make install`	Build the Docker image
`make config`	Configure API key (first-time setup)
`make connect`	Connect to container (main entry point)
`make stop`	Stop container (config persists)
`make clean-docker`	Remove everything including config

Usage

1
2
3
4
5
6
7
8


# Interactive TUI mode (default)
pentestgpt --target 10.10.11.234

# Non-interactive mode
pentestgpt --target 10.10.11.100 --non-interactive

# With challenge context
pentestgpt --target 10.10.11.50 --instruction "WordPress site, focus on plugin vulnerabilities"

Keyboard Shortcuts: F1 Help | Ctrl+P Pause/Resume | Ctrl+Q Quit

Using Local LLMs

PentestGPT supports routing requests to local LLM servers (LM Studio, Ollama, text-generation-webui, etc.) running on your host machine.

Prerequisites

Local LLM server with an OpenAI-compatible API endpoint
- LM Studio: Enable server mode (default port 1234)
- Ollama: Run ollama serve (default port 11434)

Setup

1
2
3
4
5
6
7


# Configure PentestGPT for local LLM
make config
# Select option 4: Local LLM

# Start your local LLM server on the host machine
# Then connect to the container
make connect

Customizing Models

Edit scripts/ccr-config-template.json to customize:

localLLM.api_base_url: Your LLM server URL (default: host.docker.internal:1234)
localLLM.models: Available model names on your server
Router section: Which models handle which operations

Route	Purpose	Default Model
`default`	General tasks	openai/gpt-oss-20b
`background`	Background operations	openai/gpt-oss-20b
`think`	Reasoning-heavy tasks	qwen/qwen3-coder-30b
`longContext`	Large context handling	qwen/qwen3-coder-30b
`webSearch`	Web search operations	openai/gpt-oss-20b

Troubleshooting

Connection refused: Ensure your LLM server is running and listening on the configured port
Docker networking: Use host.docker.internal (not localhost) to access host services from Docker
Check CCR logs: Inside the container, run cat /tmp/ccr.log

Telemetry

PentestGPT collects anonymous usage data to help improve the tool. This data is sent to our Langfuse project and includes:

Session metadata (target type, duration, completion status)
Tool execution patterns (which tools are used, not the actual commands)
Flag detection events (that a flag was found, not the flag content)

No sensitive data is collected - command outputs, credentials, or actual flag values are never transmitted.

Opting Out

1
2
3
4
5


# Via command line flag
pentestgpt --target 10.10.11.234 --no-telemetry

# Via environment variable
export LANGFUSE_ENABLED=false

Benchmarks

PentestGPT includes 100+ vulnerability challenges for testing and development.

1
2
3
4
5
6


pentestgpt-benchmark list                    # List all benchmarks
pentestgpt-benchmark list --levels 1         # Filter by difficulty
pentestgpt-benchmark list --tags sqli        # Filter by vulnerability type
pentestgpt-benchmark start XBEN-037-24       # Start a benchmark
pentestgpt-benchmark status                  # Check running benchmarks
pentestgpt-benchmark stop XBEN-037-24        # Stop a benchmark

Available Tags: sqli, xss, idor, ssti, ssrf, lfi, rce

Development

Prerequisites

uv (required) - Python package manager: curl -LsSf https://astral.sh/uv/install.sh | sh
Claude Code CLI - Configure with claude login or export ANTHROPIC_API_KEY='your-key'
- Tutorial: Using Local Models with Claude Code

Local Development

1
2


uv sync                                      # Install dependencies
uv run pentestgpt --target 10.10.11.234      # Run locally

Project Commands

1
2
3
4
5


make test          # Run pytest
make lint          # Run ruff linter
make typecheck     # Run mypy
make ci            # Run full CI simulation (lint, format, typecheck, test, build)
make ci-quick      # Quick CI without build step

Legacy Version

The previous multi-LLM version (v0.15) supporting OpenAI, Gemini, Deepseek, and Ollama is archived in legacy/:

1

cd legacy && pip install -e . && pentestgpt --reasoning gpt-4o

Citation

If you use PentestGPT in your research, please cite our paper:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


@inproceedings{299699,
  author = {Gelei Deng and Yi Liu and Víctor Mayoral-Vilches and Peng Liu and Yuekang Li and Yuan Xu and Tianwei Zhang and Yang Liu and Martin Pinzger and Stefan Rass},
  title = {{PentestGPT}: Evaluating and Harnessing Large Language Models for Automated Penetration Testing},
  booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
  year = {2024},
  isbn = {978-1-939133-44-1},
  address = {Philadelphia, PA},
  pages = {847--864},
  url = {https://www.usenix.org/conference/usenixsecurity24/presentation/deng},
  publisher = {USENIX Association},
  month = aug
}

License

Distributed under the MIT License. See LICENSE.md for more information.

Disclaimer: This tool is for educational purposes and authorized security testing only. The authors do not condone any illegal use. Use at your own risk.

Contact

Gelei Deng - - gelei.deng@ntu.edu.sg
Yi Liu - yi009@e.ntu.edu.sg
Yuekang Li - yuekang.li@unsw.edu.au
Víctor Mayoral Vilches - - v.mayoralv@gmail.com
Peng Liu - liu_peng@i2r.a-star.edu.sg

Acknowledgments

Research supported by Quantstamp and NTU Singapore

(back to top)