MCPcopy Index your code
hub / github.com/Armur-Ai/Pentest-Swarm-AI

github.com/Armur-Ai/Pentest-Swarm-AI @v0.1.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.1.0 ↗ · + Follow
1,409 symbols 3,922 edges 215 files 785 documented · 56%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Pentest Swarm AI

<strong>The first open-source pentesting tool built on a real swarm — not just multiple agents in a row.</strong>






<a href="#quick-start">Quick Start</a> &middot;
<a href="#what-makes-this-a-swarm">Swarm vs. Multi-Agent</a> &middot;
<a href="#how-the-swarm-works">How It Works</a> &middot;
<a href="#comparison">Compare</a> &middot;
<a href="https://github.com/Armur-Ai/Pentest-Swarm-AI/raw/v0.1.0/IMPLEMENTATION_PLAN.md">Roadmap</a>

Stars Go License AI Status

Pentest Swarm AI — live campaign demo

Pentest Swarm AI architecture

Built for the Mythos era

Anthropic's Claude Mythos — released through Project Glasswing in April 2026 — surfaced thousands of zero-days across every major operating system and browser. Frontier reasoning has crossed a threshold; the bottleneck is no longer the model.

Pentest Swarm AI is the toolchain a model like that needs to operate. Live access to nmap, sqlmap, Burp, ZAP, Metasploit, and the rest of the offensive stack. Multi-agent coordination through a stigmergic blackboard. Evidence capture, dedup, submission-ready reports. Wire in the model of your choice today — Claude Sonnet, Opus, Llama, anything OpenAI-compatible — and swap in Mythos the day access opens.

Not affiliated with Anthropic. Mythos and Glasswing are Anthropic projects.


Credits & Inspiration

This project stands on the shoulders of giants. We credit and thank these projects for pioneering AI-powered offensive security:

  • PentestGPT — the OG that proved LLMs can pentest
  • PentAGI — fully autonomous agent architecture
  • Strix — AI hackers that find and fix vulns
  • CAI — cybersecurity AI framework, 3600x faster than humans
  • HackingBuddyGPT — LLM hacking in 50 lines of code
  • Shannon — white-box AI pentester
  • BlacksmithAI — multi-agent pentest framework
  • PentestAgent — black-box AI security testing
  • Pentest Copilot — AI-driven pentest agent

Their open-source contributions made tools like this possible.

Legal Disclaimer: Pentest Swarm AI is designed exclusively for authorized security testing, bug bounty programs, CTF competitions, and educational research. You must obtain explicit written permission from the target system owner before running any scan. Unauthorized access to computer systems is illegal under the Computer Fraud and Abuse Act (CFAA), the Computer Misuse Act, and equivalent laws worldwide. The authors and contributors of this project accept no liability for misuse, damage, or any illegal activity conducted with this tool. By using this software, you agree that you are solely responsible for ensuring your use complies with all applicable laws and regulations. Do not use this tool against systems you do not own or have explicit authorization to test.


What makes this a swarm?

Most "multi-agent" pentesting tools are a single planner LLM dispatching to specialist agents in a fixed order — recon → classify → exploit → report. That's a pipeline, not a swarm.

Pentest Swarm AI is built around three swarm-intelligence primitives:

  • Stigmergy — agents coordinate by reading and writing findings on a shared blackboard, not by a central planner telling them what to do. A finding's pheromone weight biases other agents toward it and decays over time, so stale paths die naturally.
  • Emergence — attack chains appear that no single agent planned. A recon finding wakes the classifier; a high-severity classification wakes the exploit agent; exploit results feed back into the board and wake the report agent. Order isn't prescribed — it emerges from the blackboard state.
  • Decentralization — each agent runs its own trigger predicate. Add a new agent with its own predicate and it joins the swarm without anyone rewriting the orchestrator.

We built this because the category was empty. Every tool marketed as "swarm" was actually a pipeline. If you find a counter-example, open an issue — we'll add them to the comparison table.

See IMPLEMENTATION_PLAN.md for the technical deep-dive on stigmergy, pheromone decay, the Postgres-backed blackboard, and why we didn't build on Google ADK / CrewAI / AutoGen.


Quick Start

# Install (pick one)
brew install Armur-Ai/tap/pentestswarm            # macOS (Homebrew tap)
docker run --rm -e ANTHROPIC_API_KEY=sk-ant-... \
  ghcr.io/armur-ai/pentestswarm:latest \
  scan example.com --scope example.com             # Docker one-liner
go install github.com/Armur-Ai/Pentest-Swarm-AI/cmd/pentestswarm@latest  # Go

# One API key, one command, one swarm.
export PENTESTSWARM_ORCHESTRATOR_API_KEY=sk-ant-your-key-here
pentestswarm scan example.com --scope example.com --swarm --follow

That's the whole setup. No Ollama, no model download, no GPU — just a Claude API key.

Running inside a GitHub Actions workflow? There's an action for that — see deploy/github-action/example-workflow.yml.


How the swarm works

                         YOU
                          |
                   pentestswarm scan example.com --swarm
                          |
               ┌──────────▼──────────┐
               │   SEED: TARGET_REG  │
               └──────────┬──────────┘
                          ▼
     ┌────────────────────────────────────────────────────────┐
     │              SHARED BLACKBOARD (pgvector)              │
     │                                                        │
     │   SUBDOMAIN · PORT_OPEN · HTTP_ENDPOINT · TECHNOLOGY   │
     │   CVE_MATCH · MISCONFIGURATION · EXPLOIT_CHAIN         │
     │   EXPLOIT_RESULT · CAMPAIGN_COMPLETE                   │
     │                                                        │
     │   (each finding has a pheromone weight that decays)    │
     └──┬─────────────┬─────────────┬─────────────┬───────────┘
        │             │             │             │
        │ triggers:   │ triggers:   │ triggers:   │ triggers:
        │ TARGET_REG  │ raw recon + │ CVE_MATCH   │ CAMPAIGN_
        │             │ pheromone>  │ pheromone>  │ COMPLETE
        │             │ 0.2         │ 0.5         │
        ▼             ▼             ▼             ▼
   ┌─────────┐  ┌─────────┐   ┌─────────┐   ┌─────────┐
   │  RECON  │  │CLASSIFY │   │ EXPLOIT │   │ REPORT  │
   │         │  │         │   │         │   │         │
   │ runs 8  │  │ maps    │   │ builds  │   │ queries │
   │ tools,  │  │ CVEs,   │   │ attack  │   │ board   │
   │ writes  │  │ scores  │   │ chains  │   │ →md/    │
   │ per     │  │ CVSS,   │   │ per     │   │ html/   │
   │ finding │  │ writes  │   │ finding │   │ json/   │
   └─────────┘  └─────────┘   └─────────┘   │ sarif   │
                                            └─────────┘

Key behaviours:

  1. Agents are independent. Any one of them can be removed, replaced, or added without rewiring the others.
  2. Pheromones decay per-finding-type. A PORT_OPEN stays hot for hours; a SESSION for minutes. Config-driven half-lives.
  3. Scope is enforced at the tool layer and again at the executor. Defence in depth — --scope is not bypassable.
  4. Cleanup is always registered before execution. SIGINT, crashes, and budget exhaustion all trigger reverse-order cleanup. See internal/pipeline/cleanup_memory.go and cleanup.go.
  5. Prompt caching on Claude cuts cost and latency on repeated system prompts (enabled by default for recon + classifier).

Comparison

How we position vs. the rest of the ecosystem. We'll ship real benchmark numbers in a future release (see Phase 3.3).

Tool Architecture Executes vs. suggests Memory Tools wired MCP Swarm?
Pentest Swarm AI Stigmergic blackboard Executes pgvector + pheromones 8 ProjectDiscovery + nmap; sqlmap / Burp MCP / Metasploit in roadmap Yes ✅ real
PentestGPT Single-agent ReAct Suggests None None native No No
HackingBuddyGPT Single-agent Executes Run logs Shell passthrough No No
PentAGI 4 agents + planner Executes pgvector 40+ via MCP/shell Partial Pipeline
Shannon White-box + browser Executes Session state Browser DOM No Pipeline
HexStrike MCP tool wrapper Delegates to client LLM None (stateless) 150+ via MCP Yes No
Pentest-R1 RL-tuned LLM Executes Trajectory CTF-scope No No

If any entry here is wrong or out of date, please open a PR — we want this table to stay honest.


Feature status

Honesty labels: stable means shipped + tested, beta means works but rough edges, alpha means experimental, planned means in the roadmap.

Feature Status Notes
Sequential 5-phase runner stable Default mode; battle-tested core
Stigmergic swarm scheduler alpha --swarm flag; memory-backed blackboard wired
ProjectDiscovery toolchain stable subfinder, httpx, nuclei, naabu, katana, dnsx, gau
nmap adapter stable XML parsed; scope-validated
Cleanup registry stable Always runs on SIGINT / exit / budget-cancel
Claude prompt caching stable Enabled for recon + classifier by default
--strict LLM mode stable Promotes LLM errors to fatal
CVSS v3.1 scoring stable FIRST spec
Postgres blackboard backend beta Migration shipped; runner uses memory-board for now
MCP server beta pentestswarm mcp serve
VS Code extension beta deploy/vscode/
GitHub Action beta deploy/github-action/action.yml with SARIF
Swarm playbooks (5) beta playbooks/{bug-bounty,external-asm,ci-cd,internal-network,ctf-solver}.yaml
Live dashboard alpha web/; UI built, wiring to live campaigns in progress
Burp MCP bridge planned Wave 2
Metasploit / ZAP / sqlmap adapters planned Wave 2
Fine-tuned Pentest-Swarm model planned Wave 3 (Pentest-R1 recipe)
Cybench / AutoPenBench benchmarks planned Wave 3

CLI

pentestswarm scan <target> --scope <scope>              # Launch the swarm
pentestswarm scan <target> --scope <scope> --swarm      # Use the stigmergic scheduler
pentestswarm scan <target> --scope <scope> --strict     # Fail on LLM errors
pentestswarm campaign watch <id>                        # Live TUI — watch agents work
pentestswarm campaign explore <id>                      # Browse attack surface interactively
pentestswarm playbook run <name> --target <t>           # Run a community playbook
pentestswarm doctor                                     # 8-point system health check
pentestswarm mcp serve                                  # MCP server for Claude/Cursor
pentestswarm serve                                      # Start API server + dashboard

LLM Providers

All agents inherit from a single provider config. Set one key, the entire swarm works.

Provider Setup Privacy Best for
Claude (default) export PENTESTSWARM_ORCHESTRATOR_API_KEY=... Cloud Best quality, zero setup, prompt caching
Ollama Install Ollama + pull models 100% local Full privacy, air-gapped
LM Studio Load model, enable server 100% local GUI model management

Tech Stack

Component Technology Why
Platform Go 1.24 Single binary, goroutine concurrency, native security tools
CLI Cobra + bubbletea Beautiful TUI with multi-panel agent view
LLM Claude API / Ollama / LM Studio Best quality cloud + full privacy local
Security Tools subfinder · httpx · nuclei · naabu · katana · dnsx · gau · nmap ProjectDiscovery Go libs + nmap subprocess
Blackboard Postgres 16 + pgvector Transactional writes, vector similarity, pheromone decay in SQL
Cache Redis 7 Rate limiting, session state
Dashboard Next.js 15 + shadcn/ui + tremor Dark-first, chart-heavy
MCP JSON-RPC stdio Claude Desktop + Cursor integration

Development

```bash git clone htt

Extension points exported contracts — how you extend this code

Tool (Interface)
Tool is the interface every security tool wrapper must implement. [15 implementers]
internal/tools/base.go
Agent (Interface)
Agent is a swarm participant. Implementations are expected to be stateless between Handle calls — any state that must pe [8 …
internal/swarm/agent.go
Runner (Interface)
Runner executes a Challenge end-to-end and returns a Result. Concrete implementation is a follow-up — see package doc. [19 …
tests/bench/cybench/runner.go
Provider (Interface)
Provider is the interface every LLM backend must implement. Agents talk only to this interface — swapping Claude for Oll [5 …
internal/llm/provider.go
Importer (Interface)
Importer pulls scope for a single program from a platform. [3 implementers]
internal/scope/importer/importer.go
CleanupRegisterer (Interface)
CleanupRegisterer is the interface for registering cleanup actions. [3 implementers]
internal/agent/exploit/executor.go
CleanupRegistryIface (Interface)
CleanupRegistryIface is the minimum surface the runner and executor need from any cleanup registry implementation (Postg [2 …
internal/pipeline/cleanup_iface.go
EventCallback (FuncType)
EventCallback is called for every campaign event (for TUI/streaming).
internal/engine/runner.go

Core symbols most depended-on inside this repo

colorDim
called by 93
cli/scan.go
colorCyan
called by 53
cli/scan.go
Error
called by 49
internal/errors/errors.go
colorGreen
called by 38
cli/scan.go
GetString
called by 35
internal/tools/base.go
Write
called by 28
internal/swarm/blackboard/board.go
colorBold
called by 25
cli/scan.go
colorRed
called by 23
cli/scan.go

Shape

Function 638
Method 436
Struct 291
Interface 16
TypeAlias 13
FuncType 8
Class 7

Languages

Go95%
TypeScript3%
Python2%

Modules by API surface

internal/config/config.go26 symbols
internal/swarm/blackboard/memory.go21 symbols
internal/agent/report/sarif.go21 symbols
internal/swarm/blackboard/board.go20 symbols
internal/pipeline/models.go20 symbols
internal/llm/ollama.go20 symbols
internal/api/server.go19 symbols
internal/tools/nmap.go18 symbols
cli/ui/tui.go18 symbols
internal/llm/provider.go17 symbols
internal/swarm/blackboard/postgres.go16 symbols
internal/swarm/blackboard/logging.go15 symbols

For agents

$ claude mcp add Pentest-Swarm-AI \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page