AI Agent Automates PTES Penetration Testing – Inside Pentester

Pentester is an open‑source AI‑driven framework that fully automates the PTES seven‑stage penetration testing workflow—from pre‑engagement parameter collection and compliance checks to intelligence gathering, vulnerability analysis, exploitation, post‑exploitation, and report generation—by interacting with users one question at a time and parallelizing sub‑tasks.

Golang Shines
Golang Shines
Golang Shines
AI Agent Automates PTES Penetration Testing – Inside Pentester

What is Pentester?

Pentester is an AI‑agent based penetration‑testing automation framework that strictly follows the PTES (Penetration Testing Execution Standard) seven‑stage methodology.

Given a target IP, it launches a Kali Docker container, proceeds through the standard phases, and finally produces a report.

Project URL: https://github.com/fb0sh/pentester

How the Agent Works

Example interaction:

pi
> 对 192.168.39.3 执行渗透测试

Step 1: Parameter questioning – the agent asks one question at a time with numbered options.

> 测试类型?
  1. 黑盒测试
  2. 白盒测试
  3. … 自定义输入

> 是否允许 DoS 测试?
  1. 允许
  2. 不允许

Step 2: Compliance check – the agent validates scope, time window, risk level and aborts if non‑compliant.

Step 3: PTES stage progression – after parameters are confirmed, the agent runs the seven stages:

0 Pre‑engagement: initialize target directory, create Docker container.

1 Intelligence Gathering: port scanning, service identification, DNS enumeration, web enumeration.

2 Threat Modeling: asset classification, attack‑surface analysis.

3 Vulnerability Analysis: vulnerability scanning, manual verification, CVSS scoring.

4 Exploitation: PoC search, payload generation, privilege acquisition.

5 Post‑Exploitation: privilege escalation, lateral movement, credential harvesting.

6 Reporting: automatic report generation.

Before each stage, the agent queries its knowledge base for methods; parallelizable tasks are dispatched to multiple sub‑agents to maximize efficiency.

Agent UI
Agent UI
Compliance check
Compliance check

Four Core Modules

1. Knowledge Base

The framework structures scattered penetration‑testing knowledge (CVE notices, tool commands, bypass techniques, remediation advice) under .pentester/knowledge/ with categories such as recon/, vuln-analysis/, exploitation/, post-exploitation/, tooling/, and reporting/. Over 285 indexed entries are searchable via /pentester:knowledge-base.

2. Wordlist Library

Includes the built‑in PentesterSpecialDict covering SQL injection payloads, XSS/SSRF/SSTI payloads, directory/file/parameter enumeration, password lists (top 1000‑6000, SSH, RDP, router), sub‑domain enumeration, WAF bypass payloads, etc. All fuzz tools (gobuster, ffuf, wfuzz, hydra) default to this library before falling back to system defaults.

3. Skills System

Modular callable skills can be triggered automatically or manually. Example commands: /pentester:gen-report – generate penetration‑testing report. /pentester:knowledge-base – query/manage knowledge base. /pentester:init-target – initialize target. /pentester:enum-services – enumerate services. /pentester:update-solution – record solution. /pentester:mcp – invoke MCP tool.

4. Report Generation

Reports are not simple concatenations; they pass a 6‑dimension × 24‑item quality checklist covering structure completeness, content filling, data consistency (CVSS × severity × remediation time), evidence paths, actionable remediation, and compliance sanitization.

Report checklist
Report checklist

Three Thoughtful Designs

One‑question‑at‑a‑time interaction

Unlike tools that bombard users with many parameters, Pentester’s agent follows a strict one‑question‑one‑answer flow with clear numbered options and a custom‑input fallback.

Parallel execution within a stage

During information‑gathering, tasks such as port scanning, DNS enumeration, and web enumeration are identified as parallelizable and dispatched to multiple sub‑agents.

No default timeout for long‑running tasks

Dictionary attacks, brute‑force, and fuzzing run without preset timeouts; the agent only warns after ten minutes of inactivity.

Project Status

Pentester is released as version v1.0.0 under the MIT license. Repository: https://github.com/fb0sh/pentester. Releases: https://github.com/fb0sh/pentester/releases.

Quick Start

# 1. Clone the project
git clone https://github.com/fb0sh/pentester.git
cd pentester

# 2. Start (requires Docker)
pi

# 3. Input target
> 对 192.168.39.3 执行渗透测试

Environment requirements: macOS / Linux (recommended Kali Linux), Docker, Python 3.

Conclusion

Penetration testing has a high entry barrier due to broad knowledge requirements, complex processes, and strict reporting standards. Pentester does not aim to replace security engineers but to automate repetitive work, allowing experts to focus on judgment‑intensive tasks.

Readers are encouraged to try the tool or give it a Star on GitHub.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Automationopen sourceKnowledge BaseAI AgentPenetration TestingReport GenerationPTES
Golang Shines
Written by

Golang Shines

We share daily the latest Golang technical articles, practical resources, language news, tutorials, and real-world projects to help everyone learn and improve.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.