GitHub repo

0xSteph/pentest-ai

Python Tracked since 2026-04-04 Updated 2026-07-16 View source ↗

#522 of 783 by Stars among GitHub repos

1.3k Stars

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

About

The pentest tool that proves its findings. No oracle, no badge.

⚠️ Offensive tooling, authorized testing only. By installing you accept the AUP and Terms. Full text in Responsible use ↓

ptai is an AI-driven pentest tool that re-runs every exploit to confirm it. It runs recon, logs in, and chains findings into multi-step attack paths, but it does not ask you to trust the results. The way TruffleHog confirms a leaked secret by logging in with it, ptai confirms a web finding by re-running the exploit: a finding stays a candidate until a machine oracle reproduces it N out of N, and only then does it earn a VERIFIED badge. Third-party scanner output (nuclei, nikto, zap) is held back until an…

Excerpted from github.com/0xSteph/pentest-ai

Latest metrics

Stars 1.3k 2026-07-16
Forks 254 2026-07-16
Commits 375 2026-07-16
Releases 19 2026-07-16
Watchers 15 2026-07-16
Open issues 2 2026-07-16
Open PRs 0 2026-07-16