PentAGI is an autonomous AI system designed for automated penetration testing, targeting information security professionals and researchers. It aims to streamline complex security assessments by leveraging AI agents to execute a wide range of penetration testing tasks, from reconnaissance to reporting, within a secure, sandboxed environment.

How It Works

PentAGI employs a multi-agent architecture where specialized AI agents (researcher, developer, executor) collaborate to perform penetration tests. It utilizes a robust memory system, including a PostgreSQL database with pgvector for long-term storage of findings and successful strategies. The system integrates over 20 professional security tools and leverages external search APIs and a web scraper for comprehensive information gathering. Its modular design supports horizontal scaling and includes extensive monitoring and logging capabilities via OpenTelemetry, Grafana, and Langfuse for LLM observability.

Quick Start & Requirements

• Install: Clone the repository, copy .env.example to .env, and fill in required API keys (at least one LLM provider like OpenAI or Anthropic).
• Run: Execute docker compose up -d after configuring .env and downloading docker-compose.yml.
• Access: Visit localhost:8443 (default credentials: admin@pentagi.com / admin).
• Prerequisites: Docker, Docker Compose, minimum 4GB RAM, 10GB disk space, internet access.
• Docs: Official Documentation

Highlighted Details

• Fully autonomous AI agents for penetration testing.
• Secure, isolated operations within Docker containers.
• Integrates 20+ professional security tools (nmap, metasploit, sqlmap, etc.).
• Advanced memory system with PostgreSQL/pgvector for persistent knowledge.
• Supports multiple LLM providers (OpenAI, Anthropic, etc.) and search APIs (Tavily, Perplexity, Google).
• Comprehensive monitoring and LLM observability via Grafana and Langfuse.

Maintenance & Community

• Project maintained by the PentAGI Development Team.
• Links to documentation are provided within the README.

Licensing & Compatibility

• License: MIT License.
• Compatibility: Permissive license suitable for commercial use and integration with closed-source projects.

Limitations & Caveats

The docker-compose.yml runs the PentAGI service as root due to Docker socket access; alternative configurations for non-root users are mentioned. Some experimental features like LLM_SERVER_* environment variables are subject to change.