pentest-ai (0xSteph/pentest-ai) is an open-source AI project on GitHub. Repository summary: Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path. Its focus includes MCP and tool-calling integration, developer-centric engineering workflows, security and compliance automation, team collaboration integrations. It is suitable for extension, integration, and iterative delivery in real workflows.
License
MIT
Stars
545
Homepage
https://pentestai.xyz/Features
- Core capability: Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.
- Provides MCP or tool-calling integration
- Built for code generation, debugging, or engineering integration
- Covers security testing, risk detection, or compliance workflows
- Integrates with team collaboration and business systems
- Repository: 0xSteph/pentest-ai
Use Cases
- Connects external systems into agent workflows
- Supports AI engineering build-and-iterate workflows for dev teams
- Used for security assessment and compliance automation
- Used for team knowledge collaboration and task follow-ups
- Build internal AI workflow prototypes with pentest-ai
- Validate pentest-ai in production-like engineering scenarios
FAQ
Teams should first define integration boundaries and call patterns, then map repository capabilities into concrete interfaces, parameters, and access rules. GitHub repository: https://github.com/0xSteph/pentest-ai. Community traction is around 520 stars. License: MIT.
It usually works as an execution component or capability layer, with common deployment fits such as: Connects external systems into agent workflows, Supports AI engineering build-and-iterate workflows for dev teams, Used for security assessment and compliance automation.
