<strong>The first open-source pentesting tool built on a real swarm — not just multiple agents in a row.</strong>
<a href="#quick-start">Quick Start</a> ·
<a href="#what-makes-this-a-swarm">Swarm vs. Multi-Agent</a> ·
<a href="#how-the-swarm-works">How It Works</a> ·
<a href="#comparison">Compare</a> ·
<a href="https://github.com/Armur-Ai/Pentest-Swarm-AI/raw/v0.1.0/IMPLEMENTATION_PLAN.md">Roadmap</a>


Anthropic's Claude Mythos — released through Project Glasswing in April 2026 — surfaced thousands of zero-days across every major operating system and browser. Frontier reasoning has crossed a threshold; the bottleneck is no longer the model.
Pentest Swarm AI is the toolchain a model like that needs to operate. Live access to nmap, sqlmap, Burp, ZAP, Metasploit, and the rest of the offensive stack. Multi-agent coordination through a stigmergic blackboard. Evidence capture, dedup, submission-ready reports. Wire in the model of your choice today — Claude Sonnet, Opus, Llama, anything OpenAI-compatible — and swap in Mythos the day access opens.
Not affiliated with Anthropic. Mythos and Glasswing are Anthropic projects.
Credits & Inspiration
This project stands on the shoulders of giants. We credit and thank these projects for pioneering AI-powered offensive security:
- PentestGPT — the OG that proved LLMs can pentest
- PentAGI — fully autonomous agent architecture
- Strix — AI hackers that find and fix vulns
- CAI — cybersecurity AI framework, 3600x faster than humans
- HackingBuddyGPT — LLM hacking in 50 lines of code
- Shannon — white-box AI pentester
- BlacksmithAI — multi-agent pentest framework
- PentestAgent — black-box AI security testing
- Pentest Copilot — AI-driven pentest agent
Their open-source contributions made tools like this possible.
Legal Disclaimer: Pentest Swarm AI is designed exclusively for authorized security testing, bug bounty programs, CTF competitions, and educational research. You must obtain explicit written permission from the target system owner before running any scan. Unauthorized access to computer systems is illegal under the Computer Fraud and Abuse Act (CFAA), the Computer Misuse Act, and equivalent laws worldwide. The authors and contributors of this project accept no liability for misuse, damage, or any illegal activity conducted with this tool. By using this software, you agree that you are solely responsible for ensuring your use complies with all applicable laws and regulations. Do not use this tool against systems you do not own or have explicit authorization to test.
Most "multi-agent" pentesting tools are a single planner LLM dispatching to specialist agents in a fixed order — recon → classify → exploit → report. That's a pipeline, not a swarm.
Pentest Swarm AI is built around three swarm-intelligence primitives:
We built this because the category was empty. Every tool marketed as "swarm" was actually a pipeline. If you find a counter-example, open an issue — we'll add them to the comparison table.
See IMPLEMENTATION_PLAN.md for the technical deep-dive on stigmergy, pheromone decay, the Postgres-backed blackboard, and why we didn't build on Google ADK / CrewAI / AutoGen.
# Install (pick one)
brew install Armur-Ai/tap/pentestswarm # macOS (Homebrew tap)
docker run --rm -e ANTHROPIC_API_KEY=sk-ant-... \
ghcr.io/armur-ai/pentestswarm:latest \
scan example.com --scope example.com # Docker one-liner
go install github.com/Armur-Ai/Pentest-Swarm-AI/cmd/pentestswarm@latest # Go
# One API key, one command, one swarm.
export PENTESTSWARM_ORCHESTRATOR_API_KEY=sk-ant-your-key-here
pentestswarm scan example.com --scope example.com --swarm --follow
That's the whole setup. No Ollama, no model download, no GPU — just a Claude API key.
Running inside a GitHub Actions workflow? There's an action for that — see deploy/github-action/example-workflow.yml.
YOU
|
pentestswarm scan example.com --swarm
|
┌──────────▼──────────┐
│ SEED: TARGET_REG │
└──────────┬──────────┘
▼
┌────────────────────────────────────────────────────────┐
│ SHARED BLACKBOARD (pgvector) │
│ │
│ SUBDOMAIN · PORT_OPEN · HTTP_ENDPOINT · TECHNOLOGY │
│ CVE_MATCH · MISCONFIGURATION · EXPLOIT_CHAIN │
│ EXPLOIT_RESULT · CAMPAIGN_COMPLETE │
│ │
│ (each finding has a pheromone weight that decays) │
└──┬─────────────┬─────────────┬─────────────┬───────────┘
│ │ │ │
│ triggers: │ triggers: │ triggers: │ triggers:
│ TARGET_REG │ raw recon + │ CVE_MATCH │ CAMPAIGN_
│ │ pheromone> │ pheromone> │ COMPLETE
│ │ 0.2 │ 0.5 │
▼ ▼ ▼ ▼
┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐
│ RECON │ │CLASSIFY │ │ EXPLOIT │ │ REPORT │
│ │ │ │ │ │ │ │
│ runs 8 │ │ maps │ │ builds │ │ queries │
│ tools, │ │ CVEs, │ │ attack │ │ board │
│ writes │ │ scores │ │ chains │ │ →md/ │
│ per │ │ CVSS, │ │ per │ │ html/ │
│ finding │ │ writes │ │ finding │ │ json/ │
└─────────┘ └─────────┘ └─────────┘ │ sarif │
└─────────┘
Key behaviours:
PORT_OPEN stays hot for hours; a SESSION for minutes. Config-driven half-lives.--scope is not bypassable.internal/pipeline/cleanup_memory.go and cleanup.go.How we position vs. the rest of the ecosystem. We'll ship real benchmark numbers in a future release (see Phase 3.3).
| Tool | Architecture | Executes vs. suggests | Memory | Tools wired | MCP | Swarm? |
|---|---|---|---|---|---|---|
| Pentest Swarm AI | Stigmergic blackboard | Executes | pgvector + pheromones | 8 ProjectDiscovery + nmap; sqlmap / Burp MCP / Metasploit in roadmap | Yes | ✅ real |
| PentestGPT | Single-agent ReAct | Suggests | None | None native | No | No |
| HackingBuddyGPT | Single-agent | Executes | Run logs | Shell passthrough | No | No |
| PentAGI | 4 agents + planner | Executes | pgvector | 40+ via MCP/shell | Partial | Pipeline |
| Shannon | White-box + browser | Executes | Session state | Browser DOM | No | Pipeline |
| HexStrike | MCP tool wrapper | Delegates to client LLM | None (stateless) | 150+ via MCP | Yes | No |
| Pentest-R1 | RL-tuned LLM | Executes | Trajectory | CTF-scope | No | No |
If any entry here is wrong or out of date, please open a PR — we want this table to stay honest.
Honesty labels: stable means shipped + tested, beta means works but rough edges, alpha means experimental, planned means in the roadmap.
| Feature | Status | Notes |
|---|---|---|
| Sequential 5-phase runner | stable | Default mode; battle-tested core |
| Stigmergic swarm scheduler | alpha | --swarm flag; memory-backed blackboard wired |
| ProjectDiscovery toolchain | stable | subfinder, httpx, nuclei, naabu, katana, dnsx, gau |
nmap adapter |
stable | XML parsed; scope-validated |
| Cleanup registry | stable | Always runs on SIGINT / exit / budget-cancel |
| Claude prompt caching | stable | Enabled for recon + classifier by default |
--strict LLM mode |
stable | Promotes LLM errors to fatal |
| CVSS v3.1 scoring | stable | FIRST spec |
| Postgres blackboard backend | beta | Migration shipped; runner uses memory-board for now |
| MCP server | beta | pentestswarm mcp serve |
| VS Code extension | beta | deploy/vscode/ |
| GitHub Action | beta | deploy/github-action/action.yml with SARIF |
| Swarm playbooks (5) | beta | playbooks/{bug-bounty,external-asm,ci-cd,internal-network,ctf-solver}.yaml |
| Live dashboard | alpha | web/; UI built, wiring to live campaigns in progress |
| Burp MCP bridge | planned | Wave 2 |
| Metasploit / ZAP / sqlmap adapters | planned | Wave 2 |
| Fine-tuned Pentest-Swarm model | planned | Wave 3 (Pentest-R1 recipe) |
| Cybench / AutoPenBench benchmarks | planned | Wave 3 |
pentestswarm scan <target> --scope <scope> # Launch the swarm
pentestswarm scan <target> --scope <scope> --swarm # Use the stigmergic scheduler
pentestswarm scan <target> --scope <scope> --strict # Fail on LLM errors
pentestswarm campaign watch <id> # Live TUI — watch agents work
pentestswarm campaign explore <id> # Browse attack surface interactively
pentestswarm playbook run <name> --target <t> # Run a community playbook
pentestswarm doctor # 8-point system health check
pentestswarm mcp serve # MCP server for Claude/Cursor
pentestswarm serve # Start API server + dashboard
All agents inherit from a single provider config. Set one key, the entire swarm works.
| Provider | Setup | Privacy | Best for |
|---|---|---|---|
| Claude (default) | export PENTESTSWARM_ORCHESTRATOR_API_KEY=... |
Cloud | Best quality, zero setup, prompt caching |
| Ollama | Install Ollama + pull models | 100% local | Full privacy, air-gapped |
| LM Studio | Load model, enable server | 100% local | GUI model management |
| Component | Technology | Why |
|---|---|---|
| Platform | Go 1.24 | Single binary, goroutine concurrency, native security tools |
| CLI | Cobra + bubbletea | Beautiful TUI with multi-panel agent view |
| LLM | Claude API / Ollama / LM Studio | Best quality cloud + full privacy local |
| Security Tools | subfinder · httpx · nuclei · naabu · katana · dnsx · gau · nmap | ProjectDiscovery Go libs + nmap subprocess |
| Blackboard | Postgres 16 + pgvector | Transactional writes, vector similarity, pheromone decay in SQL |
| Cache | Redis 7 | Rate limiting, session state |
| Dashboard | Next.js 15 + shadcn/ui + tremor | Dark-first, chart-heavy |
| MCP | JSON-RPC stdio | Claude Desktop + Cursor integration |
```bash git clone htt
$ claude mcp add Pentest-Swarm-AI \
-- python -m otcore.mcp_server <graph>