PentestGPT

AI-Powered Autonomous Penetration Testing Agent
Published at USENIX Security 2024

Research Paper · Report Bug · Request Feature

Warning

PentestGPT is a research prototype only

PentestGPT is a research prototype that pioneered the use of GenAI in cybersecurity. Please be aware of third-party services claiming to offer paid PentestGPT products - the original project is free and open-source.

---

Demo

Installation

Watch on YouTube

PentestGPT in Action

Watch on YouTube

---

What's New in v1.0 (Agentic Upgrade)

• Autonomous Agent - Agentic pipeline for intelligent, autonomous penetration testing
• Session Persistence - Save and resume penetration testing sessions
• Docker-First - Isolated, reproducible environment with security tools pre-installed

In Progress: Multi-model support for OpenAI, Gemini, and other LLM providers

---

Features

• AI-Powered Challenge Solver - Leverages LLM advanced reasoning to perform penetration testing and CTFs
• Live Walkthrough - Tracks steps in real-time as the agent works through challenges
• Multi-Category Support - Web, Crypto, Reversing, Forensics, PWN, Privilege Escalation
• Real-Time Feedback - Watch the AI work with live activity updates
• Extensible Architecture - Clean, modular design ready for future enhancements

---

Quick Start

Prerequisites

• Docker (required) - Install Docker
• LLM Provider (choose one):
  • Anthropic API Key from console.anthropic.com
  • Claude OAuth Login (requires Claude subscription)
  • OpenRouter for alternative models at openrouter.ai
  • Tutorial: Using Local Models with Claude Code

Installation

# Clone and build
git clone --recurse-submodules https://github.com/GreyDGL/PentestGPT.git
cd PentestGPT
make install

# Configure authentication (first time only)
make config

# Connect to container
make connect

Note: The --recurse-submodules flag downloads the benchmark suite. If you already cloned without it, run: git submodule update --init --recursive

Try a Benchmark

uv run pentestgpt-benchmark start XBEN-037-24 

Then connect into the container and run:

pentestgpt --target http://host.docker.internal:8000

Commands Reference

Command	Description
make install	Build the Docker image
make config	Configure API key (first-time setup)
make connect	Connect to container (main entry point)
make stop	Stop container (config persists)
make clean-docker	Remove everything including config

---

Usage

# Interactive TUI mode (default)
pentestgpt --target 10.10.11.234

# Non-interactive mode
pentestgpt --target 10.10.11.100 --non-interactive

# With challenge context
pentestgpt --target 10.10.11.50 --instruction "WordPress site, focus on plugin vulnerabilities"

Keyboard Shortcuts: F1 Help | Ctrl+P Pause/Resume | Ctrl+Q Quit

---

Using Local LLMs

PentestGPT supports routing requests to local LLM servers (LM Studio, Ollama, text-generation-webui, etc.) running on your host machine.

Prerequisites

• Local LLM server with an OpenAI-compatible API endpoint
  • LM Studio: Enable server mode (default port 1234)
  • Ollama: Run ollama serve (default port 11434)

Setup

# Configure PentestGPT for local LLM
make config
# Select option 4: Local LLM

# Start your local LLM server on the host machine
# Then connect to the container
make connect

Customizing Models

Edit scripts/ccr-config-template.json to customize:

• localLLM.api_base_url: Your LLM server URL (default: host.docker.internal:1234)
• localLLM.models: Available model names on your server
• Router section: Which models handle which operations

Route	Purpose	Default Model
default	General tasks	openai/gpt-oss-20b
background	Background operations	openai/gpt-oss-20b
think	Reasoning-heavy tasks	qwen/qwen3-coder-30b
longContext	Large context handling	qwen/qwen3-coder-30b
webSearch	Web search operations	openai/gpt-oss-20b

Troubleshooting

• Connection refused: Ensure your LLM server is running and listening on the configured port
• Docker networking: Use host.docker.internal (not localhost) to access host services from Docker
• Check CCR logs: Inside the container, run cat /tmp/ccr.log

---

Telemetry

PentestGPT collects anonymous usage data to help improve the tool. This data is sent to our Langfuse project and includes:

• Session metadata (target type, duration, completion status)
• Tool execution patterns (which tools are used, not the actual commands)
• Flag detection events (that a flag was found, not the flag content)

No sensitive data is collected - command outputs, credentials, or actual flag values are never transmitted.

Opting Out

# Via command line flag
pentestgpt --target 10.10.11.234 --no-telemetry

# Via environment variable
export LANGFUSE_ENABLED=false

---

Benchmarks

PentestGPT includes 100+ vulnerability challenges for testing and development.

pentestgpt-benchmark list                    # List all benchmarks
pentestgpt-benchmark list --levels 1         # Filter by difficulty
pentestgpt-benchmark list --tags sqli        # Filter by vulnerability type
pentestgpt-benchmark start XBEN-037-24       # Start a benchmark
pentestgpt-benchmark status                  # Check running benchmarks
pentestgpt-benchmark stop XBEN-037-24        # Stop a benchmark

Available Tags: sqli, xss, idor, ssti, ssrf, lfi, rce

---

Development

Prerequisites

• uv (required) - Python package manager: curl -LsSf https://astral.sh/uv/install.sh | sh
• Claude Code CLI - Configure with claude login or export ANTHROPIC_API_KEY='your-key'
  • Tutorial: Using Local Models with Claude Code

Local Development

uv sync                                      # Install dependencies
uv run pentestgpt --target 10.10.11.234      # Run locally

Project Commands

make test          # Run pytest
make lint          # Run ruff linter
make typecheck     # Run mypy
make ci            # Run full CI simulation (lint, format, typecheck, test, build)
make ci-quick      # Quick CI without build step

---

Legacy Version

The previous multi-LLM version (v0.15) supporting OpenAI, Gemini, Deepseek, and Ollama is archived in legacy/:

cd legacy && pip install -e . && pentestgpt --reasoning gpt-4o

---

Citation

If you use PentestGPT in your research, please cite our paper:

@inproceedings{299699,
  author = {Gelei Deng and Yi Liu and Víctor Mayoral-Vilches and Peng Liu and Yuekang Li and Yuan Xu and Tianwei Zhang and Yang Liu and Martin Pinzger and Stefan Rass},
  title = {{PentestGPT}: Evaluating and Harnessing Large Language Models for Automated Penetration Testing},
  booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
  year = {2024},
  isbn = {978-1-939133-44-1},
  address = {Philadelphia, PA},
  pages = {847--864},
  url = {https://www.usenix.org/conference/usenixsecurity24/presentation/deng},
  publisher = {USENIX Association},
  month = aug
}

---

License

Distributed under the MIT License. See LICENSE.md for more information.

Disclaimer: This tool is for educational purposes and authorized security testing only. The authors do not condone any illegal use. Use at your own risk.

---

Contact

• Gelei Deng - - gelei.deng@ntu.edu.sg
• Yi Liu - yi009@e.ntu.edu.sg
• Yuekang Li - yuekang.li@unsw.edu.au
• Víctor Mayoral Vilches - - v.mayoralv@gmail.com
• Peng Liu - liu_peng@i2r.a-star.edu.sg

---

Acknowledgments

• Research supported by Quantstamp and NTU Singapore

(back to top)