[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-70944":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":31,"readmeContent":32,"aiSummary":33,"trendingCount":16,"starSnapshotCount":16,"syncStatus":34,"lastSyncTime":35,"discoverSource":36},70944,"PentestGPT","GreyDGL\u002FPentestGPT","GreyDGL","Automated Penetration Testing Agentic Framework Powered by Large Language Models","",null,"Python",13635,2363,326,44,0,101,242,586,303,45,"MIT License",false,"main",true,[27,28,29,30],"large-language-models","llm","penetration-testing","python","2026-06-12 02:02:45","\u003C!-- Improved compatibility of back to top link: See: https:\u002F\u002Fgithub.com\u002Fothneildrew\u002FBest-README-Template\u002Fpull\u002F73 -->\n\u003Ca name=\"readme-top\">\u003C\u002Fa>\n\n\u003C!-- PROJECT SHIELDS -->\n[![Contributors][contributors-shield]][contributors-url]\n[![Forks][forks-shield]][forks-url]\n[![Stargazers][stars-shield]][stars-url]\n[![Issues][issues-shield]][issues-url]\n[![MIT License][license-shield]][license-url]\n[![Discord][discord-shield]][discord-url]\n\n\u003C!-- PROJECT LOGO -->\n\u003Cbr \u002F>\n\u003Cdiv align=\"center\">\n\n\u003Ch3 align=\"center\">PentestGPT\u003C\u002Fh3>\n\n  \u003Cp align=\"center\">\n    AI-Powered Autonomous Penetration Testing Agent\n    \u003Cbr \u002F>\n    \u003Cstrong>Published at USENIX Security 2024\u003C\u002Fstrong>\n    \u003Cbr \u002F>\n    \u003Cbr \u002F>\n    \u003Ca href=\"https:\u002F\u002Fpentestgpt.com\">\u003Cstrong>Official Website: pentestgpt.com »\u003C\u002Fstrong>\u003C\u002Fa>\n    \u003Cbr \u002F>\n    \u003Cbr \u002F>\n    \u003Ca href=\"https:\u002F\u002Fwww.usenix.org\u002Fconference\u002Fusenixsecurity24\u002Fpresentation\u002Fdeng\">Research Paper\u003C\u002Fa>\n    ·\n    \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGreyDGL\u002FPentestGPT\u002Fissues\">Report Bug\u003C\u002Fa>\n    ·\n    \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGreyDGL\u002FPentestGPT\u002Fissues\">Request Feature\u003C\u002Fa>\n  \u003C\u002Fp>\n\u003C\u002Fdiv>\n\n\u003C!-- ABOUT THE PROJECT -->\n\u003Ca href=\"https:\u002F\u002Ftrendshift.io\u002Frepositories\u002F3770\" target=\"_blank\">\u003Cimg src=\"https:\u002F\u002Ftrendshift.io\u002Fapi\u002Fbadge\u002Frepositories\u002F3770\" alt=\"GreyDGL%2FPentestGPT | Trendshift\" style=\"width: 250px; height: 55px;\" width=\"250\" height=\"55\"\u002F>\u003C\u002Fa>\n\n---\n\n## Demo\n\n### Installation\n[![Installation Demo](https:\u002F\u002Fasciinema.org\u002Fa\u002F761661.svg)](https:\u002F\u002Fasciinema.org\u002Fa\u002F761661)\n\n[Watch on YouTube](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=RUNmoXqBwVg)\n\n### PentestGPT in Action\n[![PentestGPT Demo](https:\u002F\u002Fasciinema.org\u002Fa\u002F761663.svg)](https:\u002F\u002Fasciinema.org\u002Fa\u002F761663)\n\n[Watch on YouTube](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=cWi3Yb7RmZA)\n\n---\n\n## What's New in v1.0 (Agentic Upgrade)\n\n- **Autonomous Agent** - Agentic pipeline for intelligent, autonomous penetration testing\n- **Session Persistence** - Save and resume penetration testing sessions\n- **Docker-First** - Isolated, reproducible environment with security tools pre-installed\n\n> **In Progress**: Multi-model support for OpenAI, Gemini, and other LLM providers\n\n---\n\n## Features\n\n- **AI-Powered Challenge Solver** - Leverages LLM advanced reasoning to perform penetration testing and CTFs\n- **Live Walkthrough** - Tracks steps in real-time as the agent works through challenges\n- **Multi-Category Support** - Web, Crypto, Reversing, Forensics, PWN, Privilege Escalation\n- **Real-Time Feedback** - Watch the AI work with live activity updates\n- **Extensible Architecture** - Clean, modular design ready for future enhancements\n\n---\n\n## Quick Start\n\n### Prerequisites\n\n- **Docker** (required) - [Install Docker](https:\u002F\u002Fdocs.docker.com\u002Fget-docker\u002F)\n- **LLM Provider** (choose one):\n  - Anthropic API Key from [console.anthropic.com](https:\u002F\u002Fconsole.anthropic.com\u002F)\n  - Claude OAuth Login (requires Claude subscription)\n  - OpenRouter for alternative models at [openrouter.ai](https:\u002F\u002Fopenrouter.ai\u002Fkeys)\n  - [Tutorial: Using Local Models with Claude Code](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1ixK7x-wlr5t5TYZJdfm75UME5KnPCpS46boLkUXKg1w\u002Fedit?usp=sharing)\n\n\n### Installation\n\n```bash\n# Clone and build\ngit clone --recurse-submodules https:\u002F\u002Fgithub.com\u002FGreyDGL\u002FPentestGPT.git\ncd PentestGPT\nmake install\n\n# Configure authentication (first time only)\nmake config\n\n# Connect to container\nmake connect\n```\n\n> **Note**: The `--recurse-submodules` flag downloads the benchmark suite. If you already cloned without it, run: `git submodule update --init --recursive`\n\n### Try a Benchmark\n\n```bash\ncd benchmark\u002Fstandalone-xbow-benchmark-runner\npython3 run_benchmarks.py --range 1-1 --pattern-flag\n```\n\nSee [Benchmark Documentation](benchmark\u002FREADME.md) for detailed usage.\n\n### Commands Reference\n\n| Command | Description |\n|---------|-------------|\n| `make install` | Build the Docker image |\n| `make config` | Configure API key (first-time setup) |\n| `make connect` | Connect to container (main entry point) |\n| `make stop` | Stop container (config persists) |\n| `make clean-docker` | Remove everything including config |\n\n\n---\n\n## Usage\n\n```bash\n# Interactive TUI mode (default)\npentestgpt --target 10.10.11.234\n\n# Non-interactive mode\npentestgpt --target 10.10.11.100 --non-interactive\n\n# With challenge context\npentestgpt --target 10.10.11.50 --instruction \"WordPress site, focus on plugin vulnerabilities\"\n```\n\n**Keyboard Shortcuts:** `F1` Help | `Ctrl+P` Pause\u002FResume | `Ctrl+Q` Quit\n\n---\n\n## Using Local LLMs\n\nPentestGPT supports routing requests to local LLM servers (LM Studio, Ollama, text-generation-webui, etc.) running on your host machine.\n\n### Prerequisites\n\n- Local LLM server with an OpenAI-compatible API endpoint\n  - **LM Studio**: Enable server mode (default port 1234)\n  - **Ollama**: Run `ollama serve` (default port 11434)\n\n### Setup\n\n```bash\n# Configure PentestGPT for local LLM\nmake config\n# Select option 4: Local LLM\n\n# Start your local LLM server on the host machine\n# Then connect to the container\nmake connect\n```\n\n### Customizing Models\n\nEdit `scripts\u002Fccr-config-template.json` to customize:\n\n- **`localLLM.api_base_url`**: Your LLM server URL (default: `host.docker.internal:1234`)\n- **`localLLM.models`**: Available model names on your server\n- **Router section**: Which models handle which operations\n\n| Route | Purpose | Default Model |\n|-------|---------|---------------|\n| `default` | General tasks | openai\u002Fgpt-oss-20b |\n| `background` | Background operations | openai\u002Fgpt-oss-20b |\n| `think` | Reasoning-heavy tasks | qwen\u002Fqwen3-coder-30b |\n| `longContext` | Large context handling | qwen\u002Fqwen3-coder-30b |\n| `webSearch` | Web search operations | openai\u002Fgpt-oss-20b |\n\n### Troubleshooting\n\n- **Connection refused**: Ensure your LLM server is running and listening on the configured port\n- **Docker networking**: Use `host.docker.internal` (not `localhost`) to access host services from Docker\n- **Check CCR logs**: Inside the container, run `cat \u002Ftmp\u002Fccr.log`\n\n---\n\n## Telemetry\n\nPentestGPT collects anonymous usage data to help improve the tool. This data is sent to our [Langfuse](https:\u002F\u002Flangfuse.com) project and includes:\n- Session metadata (target type, duration, completion status)\n- Tool execution patterns (which tools are used, not the actual commands)\n- Flag detection events (that a flag was found, not the flag content)\n\n**No sensitive data is collected** - command outputs, credentials, or actual flag values are never transmitted.\n\n### Opting Out\n\n```bash\n# Via command line flag\npentestgpt --target 10.10.11.234 --no-telemetry\n\n# Via environment variable\nexport LANGFUSE_ENABLED=false\n```\n\n---\n\n## Benchmarks\n\nPentestGPT includes 104 XBOW validation benchmarks for comprehensive testing and evaluation.\n\n```bash\ncd benchmark\u002Fstandalone-xbow-benchmark-runner\n\npython3 run_benchmarks.py --range 1-10 --pattern-flag   # Run benchmarks 1-10\npython3 run_benchmarks.py --all --pattern-flag          # Run all 104 benchmarks\npython3 run_benchmarks.py --retry-failed                # Retry failed benchmarks\npython3 run_benchmarks.py --dry-run --range 1-5         # Preview without executing\n```\n\n### Performance Highlights\n\nPentestGPT achieved an **86.5% success rate** (90\u002F104 benchmarks) on the XBOW validation suite:\n\n- **Cost**: Average $1.11, Median $0.42 per successful benchmark\n- **Time**: Average 6.1 minutes, Median 3.3 minutes per successful benchmark\n- **Success rates by difficulty**:\n  - Level 1: 91.1%\n  - Level 2: 74.5%\n  - Level 3: 62.5%\n\nFor detailed benchmark results, analysis, and automated testing instructions, see the **[Benchmark Documentation](benchmark\u002FREADME.md)**.\n\n---\n\n## Legacy Version\n\nThe previous multi-LLM version (v0.15) supporting OpenAI, Gemini, Deepseek, and Ollama is archived in [`legacy\u002F`](legacy\u002F):\n\n```bash\ncd legacy && pip install -e . && pentestgpt --reasoning gpt-4o\n```\n\n---\n\n## Citation\n\nIf you use PentestGPT in your research, please cite our paper:\n\n```bibtex\n@inproceedings{299699,\n  author = {Gelei Deng and Yi Liu and Víctor Mayoral-Vilches and Peng Liu and Yuekang Li and Yuan Xu and Tianwei Zhang and Yang Liu and Martin Pinzger and Stefan Rass},\n  title = {{PentestGPT}: Evaluating and Harnessing Large Language Models for Automated Penetration Testing},\n  booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},\n  year = {2024},\n  isbn = {978-1-939133-44-1},\n  address = {Philadelphia, PA},\n  pages = {847--864},\n  url = {https:\u002F\u002Fwww.usenix.org\u002Fconference\u002Fusenixsecurity24\u002Fpresentation\u002Fdeng},\n  publisher = {USENIX Association},\n  month = aug\n}\n```\n\n---\n\n## License\n\nDistributed under the MIT License. See `LICENSE.md` for more information.\n\n**Disclaimer**: This tool is for educational purposes and authorized security testing only. The authors do not condone any illegal use. Use at your own risk.\n\n---\n\n## Acknowledgments\n\n- Research supported by [Quantstamp](https:\u002F\u002Fwww.quantstamp.com\u002F) and [NTU Singapore](https:\u002F\u002Fwww.ntu.edu.sg\u002F)\n\n\u003Cp align=\"right\">(\u003Ca href=\"#readme-top\">back to top\u003C\u002Fa>)\u003C\u002Fp>\n\n\u003C!-- MARKDOWN LINKS & IMAGES -->\n[contributors-shield]: https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fcontributors\u002FGreyDGL\u002FPentestGPT.svg?style=for-the-badge\n[contributors-url]: https:\u002F\u002Fgithub.com\u002FGreyDGL\u002FPentestGPT\u002Fgraphs\u002Fcontributors\n[forks-shield]: https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fforks\u002FGreyDGL\u002FPentestGPT.svg?style=for-the-badge\n[forks-url]: https:\u002F\u002Fgithub.com\u002FGreyDGL\u002FPentestGPT\u002Fnetwork\u002Fmembers\n[stars-shield]: https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FGreyDGL\u002FPentestGPT.svg?style=for-the-badge\n[stars-url]: https:\u002F\u002Fgithub.com\u002FGreyDGL\u002FPentestGPT\u002Fstargazers\n[issues-shield]: https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues\u002FGreyDGL\u002FPentestGPT.svg?style=for-the-badge\n[issues-url]: https:\u002F\u002Fgithub.com\u002FGreyDGL\u002FPentestGPT\u002Fissues\n[license-shield]: https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Flicense\u002FGreyDGL\u002FPentestGPT.svg?style=for-the-badge\n[license-url]: https:\u002F\u002Fgithub.com\u002FGreyDGL\u002FPentestGPT\u002Fblob\u002Fmaster\u002FLICENSE.md\n[linkedin-shield]: https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F-LinkedIn-black.svg?style=for-the-badge&logo=linkedin&colorB=555\n[linkedin-url]: https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fgelei-deng-225a10112\u002F\n[linkedin-url2]: https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fvmayoral\u002F\n[discord-shield]: https:\u002F\u002Fdcbadge.vercel.app\u002Fapi\u002Fserver\u002FeC34CEfEkK\n[discord-url]: https:\u002F\u002Fdiscord.gg\u002FeC34CEfEkK","PentestGPT 是一个基于大规模语言模型的自动化渗透测试代理框架。该项目利用先进的自然语言处理技术，通过预训练的语言模型来执行智能、自主的渗透测试任务，并支持多种安全挑战类别，如Web应用、密码学、逆向工程等。其核心功能包括AI驱动的问题解决能力、实时操作跟踪与反馈以及会话持久化等。此外，PentestGPT采用Docker优先的设计思路，确保了环境的一致性和可重复性。此工具非常适合网络安全研究人员、红队成员以及对自动渗透测试感兴趣的开发者使用，在提高工作效率的同时也能帮助用户更好地理解潜在的安全漏洞。",2,"2026-06-11 03:35:05","high_star"]