The Pentest Agent Suite, a groundbreaking autonomous bug bounty framework, has been introduced as an open-source project. Developed by researcher H-mmer, this platform integrates 50 security-specific agents, 26 slash commands, 19 command-line tools, and a cross-IDE installer compatible with seven prominent AI coding platforms, including Claude Code, OpenAI Codex, and Google Gemini.
Comprehensive Security Platform
This innovative framework is structured around three key components: a collection of specialized agents, a dual-server Model Context Protocol (MCP) infrastructure, and an extensive rules library. By leveraging these layers, the suite offers seamless integration with live bug bounty platforms and features a FAISS-backed semantic writeup search engine to facilitate real-time vulnerability analysis.
The bounty-platforms MCP server supports 16 programs, including API integration with HackerOne, Bugcrowd, and Intigriti, providing tools for platform listing, program scope synchronization, report drafting, and submission. Meanwhile, the writeup-search MCP server offers versatile search capabilities using FAISS, SQLite, and a zero-dependency fallback method.
Advanced Validation and Installation
A standout feature of the Pentest Agent Suite is its 7-Question Gate, a validation process that ensures only high-quality findings are submitted. Findings must pass a rigorous validation and scoring system, achieving a minimum quality score of 7 before proceeding to submission.
The framework’s installer, executed via python3, configures native formats for supported tools, ensuring compatibility across various IDEs. For platforms without native subagent support, such as Cursor and Windsurf, content is adapted into skill files and rules.
Diverse Agent Roster
The suite’s agent roster includes 19 specialists focusing on common vulnerabilities such as XSS and SQL injection, alongside a SAST pipeline, infrastructure, and web3-focused agents. Additionally, five deep methodology skills are included, distilled from extensive analysis of paid reports, enhancing the suite’s effectiveness in detecting vulnerabilities.
Cost tracking within the framework is automated, with each agent’s session cost logged for transparency. An innovative scope hook mechanism prevents out-of-scope executions by matching commands against predefined patterns.
The Pentest Agent Suite is available on GitHub, intended for authorized security testing under responsible disclosure. The framework requires Python 3.10+ and standard reconnaissance tools for optimal functionality.
Stay updated with the latest developments by following us on Google News, LinkedIn, and X.
