Developed by GH05TCREW, the project has garnered over 450 stars on GitHub, signaling strong interest in the infosec community. It supports autonomous agent modes, predefined workflows, and markdown report generation, streamlining complex pentests from reconnaissance to exploitation.
GHOSTCREW excels in natural language interaction, allowing users to query network details or launch scans conversationally while maintaining multi-turn dialogue history.
The toolkit manages MCP servers via an interactive menu, enabling seamless configuration of tools stored in mcp.json. Advanced capabilities include Pentesting Task Trees (PTT) for dynamic decision-making in agent mode, streaming responses, and file-aware integration that pulls wordlists or payloads from a local knowledge directory.
Users benefit from optional RAG enhancements for precise, context-aware replies and configurable LLM parameters, with GPT-4o as the default via the OpenAI API.
GHOSTCREW connects to 18 MCP-compatible tools for comprehensive assessments:
| Tool | Purpose |
|---|---|
| Nmap | Network discovery and auditing |
| Metasploit | Exploit execution and payloads |
| FFUF | Web fuzzing |
| SQLMap | SQL injection exploitation |
| Nuclei | Vulnerability scanning |
| Hydra | Brute-force attacks |
| Masscan | High-speed port scanning |
Additional tools like Amass, Katana, and Scout Suite cover subdomain enum, crawling, and cloud audits. Upcoming additions include BloodHound and Gobuster.
Installation starts with cloning the repo at github.com/GH05TCREW/ghostcrew, creating a venv, and pip installing requirements.txt. Node.js and uv are needed for full tool support; without them, chat mode still works.
Launch via python main.py, configure MCP tools on startup, and choose chat, workflow, or agent modes. Multi-line inputs via ‘multi’ command handle intricate queries, with ‘quit’ for exit.
This toolkit lowers barriers for bug bounty hunters and threat analysts by automating workflows and generating structured reports with findings and recommendations.
As AI agents evolve, GHOSTCREW positions pentesters to scale operations efficiently, blending human intuition with machine precision in black-box testing scenarios. Security teams should monitor their growth, given the rising demand for agentic red teaming tools.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post GHOSTCREW – AI-based Red Team Toolkit for Penetration Testing Invoking Metasploit, Nmap and Other Tools appeared first on Cyber Security News.
Anthony Ashton, an attorney representing the NAACP Tennessee State Conference and other plaintiffs in a…
Former Gov. Bill Haslam and sportscaster Jim Nantz, a Nashville resident, touted the 2030 Super…
Missouri Governor Mike Kehoe, left, talks with U.S. Vice President JD Vance after he arrived…
OnePieceLabs.xyz – Squarespace customer – (United States) Organizations building at the frontier of decentralized technology…
May 21, 2026 Inside the century-old Smithfield Foods plant in downtown Sioux Falls, employees say…
For your weekend viewing pleasure, enjoy three hours of David Attenborough narrating free nature videos…
This website uses cookies.