
PentAGI
Open-source autonomous penetration testing agents that run 20+ security tools in an isolated Docker sandbox with memory and web intelligence.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for PentAGI, derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
PentAGI (vxcontrol/pentagi) is an open-source autonomous AI agent system for penetration testing. It plans and executes complex offensive security workflows end-to-end, running professional pentesting tools (e.g., nmap, Metasploit, sqlmap and others) inside a sandboxed Docker environment for isolation. PentAGI includes multi-step task orchestration, a browser-based intelligence component for gathering current info, and a smart memory system to store findings and successful approaches for future assessments. It is intended for authorized security testing environments where you have explicit permission to run assessments.
Key features
- penetration testing
- red teaming
- docker sandbox
- nmap
- metasploit
- sql injection testing
- web intelligence
- tool orchestration
- long-term memory
- authorized security testing
Use cases
- Automating reconnaissance, enumeration, and exploitation planning steps during authorized penetration tests.
- Running pentesting tools safely in an isolated Docker sandbox to reduce host risk.
- Generating repeatable testing workflows with stored findings and reusable approaches via long-term memory.
- Augmenting security assessments with built-in web intelligence for up-to-date techniques and references.