[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-82709":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":27,"readmeContent":28,"aiSummary":29,"trendingCount":16,"starSnapshotCount":16,"syncStatus":30,"lastSyncTime":31,"discoverSource":32},82709,"agent","PentesterFlow\u002Fagent","PentesterFlow","Agentic offensive-security in your terminal","https:\u002F\u002Fpentesterflow.com",null,"TypeScript",444,58,126,4,0,10,193,273,137,5.31,"MIT License",false,"main",true,[],"2026-06-12 02:04:27","\u003Cdiv align=\"center\">\n\n\u003Cimg src=\"assets\u002Flogo.png\" alt=\"PentesterFlow\" width=\"520\" \u002F>\n\n### Agentic offensive-security in your terminal, powered by models you control.\n\nPentesterFlow turns a scoped security objective into a tool-using workflow for\nrecon, vulnerability testing, verification, and report-ready findings.\n\n\u003Cbr\u002F>\n\n[![build](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Factions\u002Fworkflow\u002Fstatus\u002FPentesterFlow\u002Fagent\u002Fci.yml?branch=main&label=build&logo=github)](https:\u002F\u002Fgithub.com\u002FPentesterFlow\u002Fagent\u002Factions)\n[![release](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002FPentesterFlow\u002Fagent?include_prereleases&logo=github)](https:\u002F\u002Fgithub.com\u002FPentesterFlow\u002Fagent\u002Freleases)\n[![node](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fnode-20%2B-339933?logo=node.js&logoColor=white)](https:\u002F\u002Fnodejs.org)\n[![license: Apache--2.0](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-Apache--2.0-blue)](LICENSE)\n[![stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FPentesterFlow\u002Fagent?style=social)](https:\u002F\u002Fgithub.com\u002FPentesterFlow\u002Fagent\u002Fstargazers)\n\n**[Install](#install) · [Quickstart](#quickstart) · [Core](#core) · [Usage](#usage) · [Skills](#skills) · [Security](#security-model)**\n\n\u003C\u002Fdiv>\n\n---\n\n```console\n$ pentesterflow\n╭────────────────────────────────────────────────╮\n│  PentesterFlow                                 │\n│  local agent · tools ready · human approved     │\n╰────────────────────────────────────────────────╯\n\n› \u002Ftarget https:\u002F\u002Fapp.example.com\n  target set to https:\u002F\u002Fapp.example.com\n\n› test the orders API for broken access control\n⏺ Skill webvuln\n  ⎿ loaded skill: webvuln\n⏺ http GET https:\u002F\u002Fapp.example.com\u002Fapi\u002Fv1\u002Forders\u002F1043\n  ⎿ 200 OK\n⏺ Shell(curl -s -H \"Authorization: Bearer $USER_B\" https:\u002F\u002Fapp.example.com\u002Fapi\u002Fv1\u002Forders\u002F1043)\n  ⎿ cross-account response confirmed\n⏺ Confirmed Finding (high) IDOR on \u002Fapi\u002Fv1\u002Forders\u002F{id}\n  ⎿ written to .\u002Ffindings\u002Fidor-orders.md\n```\n\n## Overview\n\nPentesterFlow is an open-source terminal agent for professional penetration\ntesting, bug bounty work, and security engineering. It connects to local or\nOpenAI-compatible LLM backends, plans against a scoped target, asks for approval\nbefore sensitive actions, runs tools, verifies behavior, and writes findings you\ncan use in a report.\n\nThe project is intentionally **local-first** and **curl-first**. It works well\nwith Ollama, LM Studio, vLLM, llama.cpp servers, and compatible hosted APIs. It\nprefers transparent HTTP and shell commands before heavier scanners, so every\nstep is visible, reproducible, and easy to audit.\n\n> [!WARNING]\n> Use PentesterFlow only on systems where you have explicit authorization. The\n> agent can run shell commands, make HTTP requests, edit files, and drive browser\n> capture tools after approval.\n\n## Core\n\n| Area | What PentesterFlow provides |\n|---|---|\n| Agent loop | Plan, act, observe, verify, and report across one scoped task. |\n| Model backends | Ollama, LM Studio, Kimi API, and OpenAI-compatible APIs. |\n| Tooling | Shell\u002FBash, HTTP, file tools, search, browser capture, MCP, and finding confirmation. |\n| Skills | Markdown playbooks for recon, web vulnerabilities, SSRF, SSTI, JWT, GraphQL, race testing, takeover checks, Supabase, and deserialization. |\n| Human control | Permission prompts with allow once, allow session, deny, and explicit YOLO mode for labs. |\n| Reporting | Confirmed findings saved as Markdown with evidence, impact, PoC, and remediation. |\n| Releases | Standalone binaries for macOS, Linux, and Windows published through GitHub Actions. |\n\n## Highlights\n\n- **Local by default**: run against your own model backend with no required cloud account.\n- **Hosted when needed**: switch directly to Kimi API or any OpenAI-compatible endpoint.\n- **Modern terminal UI**: compact tool calls, readable shell transcripts, skill summaries, and finding-focused output.\n- **Permission-aware execution**: approve each risky action once or for the session.\n- **Decision planner**: each normal turn gets lightweight skill selection, risk labeling, and coverage guidance before tool use.\n- **Verified findings only**: the agent should reproduce a bug before using `confirm_finding`.\n- **Portable shell guidance**: tool prompts and preflight checks steer commands away from GNU-only flags when they can break on macOS or Linux.\n- **Extensible workflows**: add custom skills, MCP servers, and browser-capture producers.\n\n## Install\n\nThe installers download the latest standalone binary for your OS and verify the\npublished SHA-256 checksum when available.\n\n```sh\n# macOS \u002F Linux\ncurl -fsSL https:\u002F\u002Fraw.githubusercontent.com\u002FPentesterFlow\u002Fagent\u002Fmain\u002Finstall.sh | sh\n```\n\n```powershell\n# Windows PowerShell\nirm https:\u002F\u002Fraw.githubusercontent.com\u002FPentesterFlow\u002Fagent\u002Fmain\u002Finstall.ps1 | iex\n```\n\nPin a release or choose an install directory:\n\n```sh\nPENTESTERFLOW_VERSION=v0.1.0 PENTESTERFLOW_INSTALL_DIR=\"$HOME\u002F.local\u002Fbin\" \\\n  sh -c \"$(curl -fsSL https:\u002F\u002Fraw.githubusercontent.com\u002FPentesterFlow\u002Fagent\u002Fmain\u002Finstall.sh)\"\n```\n\nYou can also download binaries directly from\n[GitHub Releases](https:\u002F\u002Fgithub.com\u002FPentesterFlow\u002Fagent\u002Freleases):\n\n| OS | Assets |\n|---|---|\n| macOS | `pentesterflow-darwin-arm64`, `pentesterflow-darwin-x64` |\n| Linux | `pentesterflow-linux-arm64`, `pentesterflow-linux-x64` |\n| Windows | `pentesterflow-windows-x64.exe` |\n\n## Quickstart\n\n```sh\n# 1. Pull a capable local model\nollama pull qwen2.5-coder:32b\n\n# 2. Launch PentesterFlow\npentesterflow\n\n# 3. Set scope, then describe the task\n#    \u002Ftarget https:\u002F\u002Fapp.example.com\n#    test the orders API for IDOR and broken access control\n```\n\n## Usage\n\n```sh\n# Default: local Ollama\npentesterflow\n\n# LM Studio\npentesterflow --backend lmstudio --model qwen2.5-coder-32b-instruct\n\n# OpenAI-compatible endpoint\npentesterflow --backend openai-compat \\\n  --base-url https:\u002F\u002Fapi.example.com\u002Fv1 \\\n  --api-key sk-...\n\n# Kimi API\nMOONSHOT_API_KEY=sk-... pentesterflow --backend kimi --model kimi-k2.6\n\n# Enable browser-capture tools for this session\npentesterflow --browser\n\n# Start the local Burp\u002FPentesterFlow bridge\npentesterflow --burp\n\n# From a source checkout\nnpm run dev -- --burp 9999\n\n# Auto-approve tool calls for disposable lab environments only\npentesterflow --dangerously-skip-permissions\n```\n\n### Command-Line Flags\n\n| Flag | Description |\n|---|---|\n| `--backend ollama\\|lmstudio\\|kimi\\|openai-compat` | Select the LLM backend. |\n| `--model \u003Cid>` | Set the model id. |\n| `--base-url \u003Curl>` \u002F `--api-key \u003Ckey>` | Configure Kimi or another OpenAI-compatible backend. |\n| `--skills \u003Cdirs>` | Load extra skill directories. |\n| `--resume \u003Csession-id>` | Resume a saved session. |\n| `--browser` | Enable Browser MCP tools for the current session. |\n| `--burp [port]` | Start the local Burp\u002FPentesterFlow bridge. |\n| `--browser-ingest [port]` | Deprecated alias for `--burp`. |\n| `--no-stream` | Disable streaming chat for providers with SSE\u002Ftool-call issues. |\n| `--dangerously-skip-permissions` | Auto-approve non-sensitive tool calls. |\n| `--list-tools` \u002F `--list-skills` | Print registered tools or discovered skills. |\n| `--log \u003Cpath>` | Override the JSON-lines log path. |\n| `--debug-session` | Write a complete JSON-lines debug log for the interactive session. |\n| `--debug-session-path \u003Cpath>` | Write the debug session log to a custom path. |\n| `--version` \u002F `--help` | Print version or help. |\n\n### Slash Commands\n\n| Command | Description |\n|---|---|\n| `\u002Fhelp` | Show keybindings and command reference. |\n| `\u002Fprovider` | Pick a backend and model interactively. |\n| `\u002Fmodel \u003Cid>` \u002F `\u002Fmodel list` | Switch model or list available backend models. |\n| `\u002Fplan [objective]` | Start a plan-only turn without tool execution. |\n| `\u002Ftarget \u003Curl>` | Set or clear the engagement base URL. |\n| `\u002Fskills [enable\\|disable\\|new \u003Cname>]` | Manage skills or scaffold a new skill. |\n| `\u002Fmaxsteps \u003Cn>` | Set the per-turn tool-call cap. |\n| `\u002Fthinking on\\|off` | Toggle visible reasoning guidance. |\n| `\u002Fupdate [version]` | Fetch the GitHub release installer and install the latest or pinned version. |\n| `\u002Fyolo [on\\|off]` | Toggle auto-approval mode. |\n| `\u002Freset` | Clear conversation and saved session state. |\n| `\u002Fclear` | Clear only the on-screen transcript. |\n| `\u002F\u003Cskill-name>` | Load a skill into the next turn. |\n| `\u002Fexit` | Quit. |\n\n## How It Works\n\n1. **Scope**: set a target and constraints before testing.\n2. **Plan**: select the relevant methodology, risk level, and skill playbook.\n3. **Act**: call approved tools such as `http`, `shell`, file tools, browser capture, or MCP servers.\n4. **Observe**: compare responses, status codes, headers, timing, and account boundaries.\n5. **Verify**: reproduce the issue with a clean command or request.\n6. **Report**: persist confirmed issues through `confirm_finding`.\n\n## Tools\n\n| Tool | Purpose |\n|---|---|\n| `shell` \u002F `BashTool` | Run shell commands with approval and safety checks. |\n| `http` | Send HTTP\u002FHTTPS requests against full URLs or the active `\u002Ftarget`. |\n| `file_read` \u002F `file_write` \u002F `file_edit` | Read, create, and patch files. |\n| `GlobTool` \u002F `GrepTool` | Discover files and search content. |\n| `web_fetch` \u002F `web_search` | Fetch pages or run web searches. |\n| `ask_user` | Ask for a decision when scope or testing direction is ambiguous. |\n| `confirm_finding` | Save a verified finding to `.\u002Ffindings\u002F\u003Cslug>.md`. |\n| `coverage` | Track tested endpoints, parameters, and vulnerability classes. |\n| `load_skill` | Load a methodology playbook into context. |\n| `browser_capture_*` | Query captured browser traffic, requests, endpoints, and snapshots. |\n\n## Skills\n\nSkills are versioned Markdown playbooks that package methodology, payloads, and\ndecision logic. Built-in skills include:\n\n| Skill | Focus |\n|---|---|\n| `recon` | Subdomains, fingerprinting, content discovery, and attack-surface mapping. |\n| `webvuln` | IDOR, broken access control, injection, auth, and session logic. |\n| `ssrf` | Filter bypasses, metadata access, internal reachability, and blind SSRF. |\n| `ssti` | Template-engine fingerprinting and escalation paths. |\n| `jwt` | Algorithm confusion, `kid` abuse, weak secrets, and token validation flaws. |\n| `graphql` | Introspection, authorization gaps, batching, and depth abuse. |\n| `race` | TOCTOU issues, limit bypasses, and race-condition verification. |\n| `takeover` | Dangling DNS and unclaimed cloud resources. |\n| `supabase` | Row-Level Security and anonymous access mistakes. |\n| `deserialize` | Unsafe deserialization sinks and gadget-chain testing. |\n\nDiscovery order is built-in `skills\u002F`, project-local\n`.\u002F.pentesterflow\u002Fskills\u002F`, personal `~\u002F.pentesterflow\u002Fskills\u002F`, then any\ndirectory passed with `--skills`. Later entries win on name collisions.\n\n## Browser Capture\n\n`pentesterflow --burp` starts a local ingest server on\n`127.0.0.1:9999` for captured requests and snapshots. The companion\n`pentesterflow-browser-mcp` binary exposes the same capture data as an MCP\nserver for compatible clients.\n\n```json\n{\n  \"mcpServers\": {\n    \"pentesterflow-browser\": {\n      \"command\": \"pentesterflow-browser-mcp\",\n      \"args\": []\n    }\n  }\n}\n```\n\n## Security Model\n\n- **Authorized use only**: PentesterFlow is built for permitted security work.\n- **Human approval**: permission-gated tools require allow once, allow session, or deny.\n- **Sensitive path protection**: secrets and high-risk local paths stay gated even in YOLO mode.\n- **Shell safeguards**: catastrophic commands are blocked before execution.\n- **Transcript control**: compacting and export paths redact common credential formats.\n- **Transparent evidence**: findings should include the request, response signal, impact, and remediation.\n\n## Configuration And Data\n\n| Path | Contents |\n|---|---|\n| `~\u002F.pentesterflow\u002Fconfig.json` | Backend, model, endpoint, and disabled-skill settings. |\n| `~\u002F.pentesterflow\u002Fsessions\u002F*.json` | Saved sessions for `--resume`. |\n| `~\u002F.pentesterflow\u002Fbuiltin-skills\u002F\u003Cname>\u002FSKILL.md` | Installer-managed shipped skills. |\n| `~\u002F.pentesterflow\u002Fskills\u002F\u003Cname>\u002FSKILL.md` | Personal skills. |\n| `.\u002F.pentesterflow\u002Fskills\u002F\u003Cname>\u002FSKILL.md` | Project-local skills. |\n| `.\u002Ffindings\u002F\u003Cslug>.md` | Confirmed findings for the current engagement. |\n| `~\u002F.pentesterflow\u002Flogs\u002Fpentesterflow.log` | Structured JSON-lines logs. |\n| `~\u002F.pentesterflow\u002Fdebug\u002Fsession-*.jsonl` | Opt-in complete session debug logs from `--debug-session`. |\n\nEnable a complete debug log when reproducing usage issues:\n\n```sh\npentesterflow --debug-session\nPENTESTERFLOW_DEBUG_SESSION=1 pentesterflow\nPENTESTERFLOW_DEBUG_SESSION=1 PENTESTERFLOW_DEBUG_SESSION_PATH=\u002Ftmp\u002Fpf-debug.jsonl pentesterflow\n```\n\nDebug session logs include prompts, assistant events, tool calls, tool results,\nerrors, and shutdown markers. Treat them as sensitive because they can contain\ntarget data, command output, and copied request material.\n\n## Develop\n\n```sh\nnpm install\nnpm run dev -- --version\nnpm run typecheck\nnpm run lint\nnpm run test\nnpm run build\nnode dist\u002Fcli.js\n```\n\n`npm run ci` runs typecheck, lint, tests, and build.\n\n## Contributing\n\nIssues and pull requests are welcome. Keep changes focused, include tests for\nbehavioral updates, and run `npm run ci` before opening a pull request. New\nskills should include a `SKILL.md` and pass the skill conformance tests.\n\n## License\n\n[Apache-2.0](LICENSE). Use responsibly and only with authorization.\n\n\u003Cdiv align=\"center\">\n\u003Cbr\u002F>\n\n**[Report an issue](https:\u002F\u002Fgithub.com\u002FPentesterFlow\u002Fagent\u002Fissues)** ·\n**[Request a feature](https:\u002F\u002Fgithub.com\u002FPentesterFlow\u002Fagent\u002Fissues\u002Fnew)** ·\n**[Releases](https:\u002F\u002Fgithub.com\u002FPentesterFlow\u002Fagent\u002Freleases)**\n\n\u003C\u002Fdiv>\n","PentesterFlow\u002Fagent 是一个在终端中实现自动化安全测试的开源工具。它通过用户控制的模型，将特定的安全目标转化为包括侦察、漏洞测试、验证和生成报告准备材料在内的工具使用流程。该项目采用TypeScript编写，支持Node.js 20+版本，并且能够与Ollama、LM Studio等本地或OpenAI兼容的后端模型集成。PentesterFlow强调本地优先与curl优先原则，确保每一步操作都是透明、可重复并易于审计的。适用于专业渗透测试、漏洞赏金计划以及安全工程等领域，在获得明确授权的情况下对目标系统进行安全评估时尤为适用。",2,"2026-06-11 04:08:58","CREATED_QUERY"]