PentestCode: AI Automates Pen Testing with 18 Tools

9h ago·0:00 listen·Source: CyberSecurityNews

Summary

A new open-source tool called PentestCode is automating offensive security workflows. This AI agent, a hard fork of OpenCode, is built specifically for penetration testing. Here's the thing: PentestCode runs security tools, analyzes their output, and makes tactical decisions from a terminal, needing minimal human input. For example, a tester can give one instruction, like targeting an IP to achieve domain admin. The coordinator agent then takes over. What's interesting is how it works. It runs scans, parses results, and recognizes patterns. It then spawns subagents for various tasks, like attempting AS-REP roasting attacks to harvest Kerberos hashes. A successful login can trigger a post-exploitation agent to dump secrets, with every step logged. PentestCode, developed by Zhangir Ospanov, uses a strategist-coordinator design. This approach, based on HPTSA research, reportedly delivers a 4.3x improvement over single-agent methods. Thirteen agents handle distinct roles, from recon to reporting, all sharing a unified engagement state in real time. This shared state tracks hosts, services, vulnerabilities, and credentials. The tool includes 18 tools tailored for offensive work. Parsers convert raw output from tools like Nmap and Nuclei into structured state entries. Nineteen on-demand "skill" packs further extend the agent's knowledge. The bottom line: This tool can be downloaded from GitHub, but it's important to note it's described as "not stealthy" and not suited for red-team OPSEC scenarios. This development could significantly change how penetration testing is conducted.

Read the full article on CyberSecurityNews

This is an AI-generated audio summary. Always check the original source for complete reporting.

Share
Keep Listening