0xSteph/pentest-ai
#522 of 783 by Stars among GitHub repos
Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.
About
The pentest tool that proves its findings. No oracle, no badge.
⚠️ Offensive tooling, authorized testing only. By installing you accept the AUP and Terms. Full text in Responsible use ↓
ptai is an AI-driven pentest tool that re-runs every exploit to confirm it. It runs recon, logs in, and chains findings into multi-step attack paths, but it does not ask you to trust the results. The way TruffleHog confirms a leaked secret by logging in with it, ptai confirms a web finding by re-running the exploit: a finding stays a candidate until a machine oracle reproduces it N out of N, and only then does it earn a VERIFIED badge. Third-party scanner output (nuclei, nikto, zap) is held back until an…
Excerpted from github.com/0xSteph/pentest-ai
Latest metrics
| Stars | 1.3k | 2026-07-16 |
|---|---|---|
| Forks | 254 | 2026-07-16 |
| Commits | 375 | 2026-07-16 |
| Releases | 19 | 2026-07-16 |
| Watchers | 15 | 2026-07-16 |
| Open issues | 2 | 2026-07-16 |
| Open PRs | 0 | 2026-07-16 |