pentesting flask

Offensive Security
Synthesized by AI

One agent. Recon to root. No playbooks, no handoffs.

Get Started — Free* Quick Start ↓

* temporarily free

The Intelligence Core

CoreAgent — single-loop autonomous reasoning from recon to root.

OODA Single Loop
think → act → observe. Fully autonomous recon-to-root
7 Specialized LLMs
Strategist · Analyst · Reflector · Context · Summary · PlaybookSynth
Live CVE Intelligence
Real-time CVE/PoC lookup per discovered service
3-Tier Memory
Working · Episodic · Persistent + Attack Graph chain discovery
16-Layer Prompts
Dynamic per-turn assembly with Strategist directive injection
Tor Anonymization
All target traffic routed via SOCKS5 proxy. IP leak blocked
CoreAgent · live
// initialize target scope
❯ init target: 192.168.1.0/24
[think] Enumerating live hosts…
[act] nmap -sV -O --script=vuln
[observe] 3 hosts · 14 open ports
[search] CVE-2021-44228 — Log4Shell
[plan] Constructing exploit chain…
[exploit] RCE on :8080 ✓ Pivoting
[reflect] Lateral movement initiated
Live CVE Search
Per-service CVE/PoC lookup. Zero hardcoded rules.
Full Autonomy
Recon → exploit → privesc → report. Single OODA loop.
Kali Environment
40+ tools pre-installed. Nmap, Metasploit, SQLMap, Nuclei, BloodHound.
7 Independent LLMs
Strategist → Analyst → Reflector → PlaybookSynth. Each isolated.
Attack Graph
Node/edge path tracking. Jaccard-based playbook matching across sessions.
Tor Anonymization
SOCKS5 proxy on all outbound traffic. ICMP/UDP leak blocked at source.
Comprehensive Coverage
Enterprise Attack Surfaces
Web Application & API Database (SQL/NoSQL) Active Directory & Kerberos Cloud Infrastructure (AWS/GCP/Azure) Container (K8s/Docker) Network & Perimeter Wireless & Bluetooth Industrial ICS/SCADA Email & Phishing vectors File-Sharing & CIFS/SMB Remote Access (VPN/RDP) Domain Persistence & Looting Privilege Escalation Paths Lateral Movement Routes
Installation
Quick Start
01 Install via npm
terminal
$ npm install -g pentesting
$ export PENTEST_API_KEY="your_api_key"
$ export PENTEST_BASE_URL="https://api.z.ai/api/anthropic"
$ export PENTEST_MODEL="glm-5"
$ pentesting
02 Docker (Recommended)
docker
$ docker run -it --rm \
-e PENTEST_API_KEY="your_key" \
-e PENTEST_BASE_URL="https://api.z.ai/api/anthropic" \
-e PENTEST_MODEL="glm-5" \
-v pentest-data:/root/.pentest \
agnusdei1207/pentesting
03 Environment Variables
Variable Description Required
PENTEST_API_KEY LLM provider API key Required
PENTEST_BASE_URL API endpoint URL Required
PENTEST_MODEL Model name (e.g. glm-5) Required
SEARCH_API_KEY Web search API key Optional
SEARCH_API_URL Web search endpoint Optional
📦 npm
pentesting
🐳 Docker Hub
agnusdei1207/pentesting
✉️ Support
agnusdei1207@gmail.com