An innovative open-source tool named PentestCode is integrating autonomous AI agents into offensive security operations, transforming how penetration testing is conducted. Derived from a modification of OpenCode, this tool is designed specifically for security testing, automating the operation of various security tools and decision-making processes via a terminal interface, requiring minimal human intervention.
Automating Security Methodologies
PentestCode offers significant automation in testing methodologies. A security tester can simply provide a directive, such as targeting a specific IP address with the aim of gaining domain administrator access, and the tool’s coordinator agent takes control from there.
Initially, it executes an nmap -sS -p- scan, automatically parsing the results into a structured engagement state. It detects patterns indicating critical components like Domain Controllers through ports 88 and 389.
Advanced Enumeration and Exploitation
Following the initial scan, PentestCode deploys multiple parallel enumeration subagents to assess SMB, LDAP, and HTTP. It attempts an AS-REP roasting attack to collect potentially crackable Kerberos hashes, subsequently testing any obtained credentials across services such as SMB, WinRM, LDAP, and RDP.
If a WinRM login is successful, a post-exploitation agent is activated to extract SAM, LSA, and DPAPI secrets, with all actions meticulously logged.
Strategic Design and Real-Time Coordination
Developed by Zhangir Ospanov, PentestCode uses a strategist-coordinator model based on HPTSA research, claiming a 4.3-fold improvement over single-agent systems. It deploys thirteen agents for various tasks, including reconnaissance, scanning, attack execution, and reporting.
A standout feature is its shared engagement state, maintaining comprehensive records of hosts, services, vulnerabilities, credentials, and access levels, facilitating seamless continuity across multiple sessions.
The attack-path module leverages algorithms like Dijkstra and Yen’s K-shortest-paths to recommend attack routes, while state persistence ensures no loss of context in extended engagements.
Comprehensive Toolset and Knowledge Integration
PentestCode includes 18 specialized tools for offensive security work. It converts outputs from tools such as Nmap and sqlmap into structured data entries, ensuring thorough documentation of findings.
Additionally, PentestCode incorporates 19 on-demand skill packs, which provide markdown-based knowledge files and tactical checklists, enhancing the tool’s adaptability without requiring code alterations.
Although available for download on GitHub, PentestCode is not optimized for stealth operations, and users should consider its beta status, lack of GUI, and evolving APIs when evaluating its use in AI-driven offensive security strategies.
Security teams considering PentestCode should view it as an enhancement to traditional security practices, rather than a substitute for complex exploits or creative attack strategies.
