Released by security researcher 0xSteph on GitHub, pentest-ai-agents is a collection of 28 Claude Code subagents, each carrying deep domain expertise across the full penetration testing lifecycle.
Coverage spans reconnaissance, web application testing, Active Directory attacks, cloud security, mobile pentesting, wireless attacks, social engineering, exploit chaining, detection engineering, forensics, malware analysis, and report generation.
Rather than relying on a single general-purpose AI model, the framework automatically routes each query to the most appropriate specialist agent.
Setup requires no servers, no external dependencies, and no complex configuration. A single command handles everything:
bashcurl -fsSL https://raw.githubusercontent.com/0xSteph/pentest-ai-agents/main/install.sh | bash The script clones the repository, copies all 28 agent files to ~/.claude/agents/, and exits cleanly. It is fully idempotent, meaning re-running it safely updates existing agents.
Additional install options support project-scoped deployments (--project) and a cost-optimized lite mode (--global --lite) that runs advisory agents on Claude Haiku for reduced token consumption.
The toolkit introduces a two-tier execution model for safety and flexibility. Tier 1 agents operate in advisory mode, users paste tool output, and receive prioritized analysis, methodology guidance, and recommended next commands.
Tier 2 agents go further, composing and executing commands directly against a declared, authorized scope, with Claude Code displaying each command for explicit approval before execution.
Tier 2 agents include the Recon Advisor (nmap, whois, whatweb), Web Hunter (ffuf, sqlmap, dalfox), AD Attacker (BloodHound, Impacket, CrackMapExec, Certipy), Exploit Chainer, PoC Validator, and Business Logic Hunter. Every offensive action is mapped to MITRE ATT&CK identifiers and paired with defensive context.
A built-in SQLite-backed findings database (findings.sh) persists engagement data across Claude Code sessions, enabling multi-day operations with seamless handoffs.
Tier 2 agents write to this database automatically when findings.sh is in the system PATH. The Report Generator agent produces professional pentest reports complete with executive summaries, CVSS scoring, and remediation roadmaps.
For air-gapped or privacy-sensitive environments, agents can be converted to OpenCode custom commands compatible with Ollama, LM Studio, or any local model via the included opencode-setup.sh script.
A companion MCP server (pentest-ai) extends the ecosystem with 150+ tool wrappers, autonomous exploit chaining, and CI/CD pipeline integration for Claude Desktop, Cursor, and VS Code Copilot.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post pentest-ai-agents – 28 Claude Code Subagents for Penetration Testing appeared first on Cyber Security News.
When we think of modern architecture, we often think first of what’s called the International…
This month big tech companies have been dominating the AI news cycle on a number…
Nowadays, people expect instant access to bookings, communication, and maps the moment they land in…
Your embeddings are solid. Your vector database is tuned. Your LLM is capable. So why…
A newly disclosed security vulnerability in Tenable’s Nessus Agent for Windows could allow attackers to…
Written from press release MARTINSVILLE, Ind. — April 26, 2026 A 20-year-old Indianapolis man died…
This website uses cookies.