> UI Preview

AI Pentest Agent dashboard showing target input, detected services, and live agent output

> Overview

The AI Pentest Agent is an autonomous reconnaissance and enumeration engine. Give it a target — an IP, host:port, or URL — and it plans a sequence of scanning actions with an LLM, executes them using real tools, reads back the results, and decides what to run next. It keeps going, round after round, until enumeration is genuinely exhausted, then reports what it found. The whole thing runs behind a browser-based dashboard served over FastAPI and WebSockets.

> How It Plans

Each round, the agent asks the model for the next batch of actions based on what's been discovered so far (open ports, service banners, previous tool output). It tracks everything it has already run against a target so it never repeats a scan pointlessly — the log below shows it recognising and skipping tools it already executed before moving to the next round:

[ROUND 6/6]
[AI RAW] ```json
{
  "actions": [
    {"tool": "ssh_enum", "target": "192.168.64.4"},
    {"tool": "nmap_db_scripts", "target": "192.168.64.4"},
    {"tool": "enum4linux", "target": "192.168.64.4"}
  ],
  "reason": "Continue with SSH, database, and SMB enumeration."
}
```

[AI PLAN] Reason: Continue with SSH, database, and SMB enumeration.
[SKIP] Already ran ssh_enum:192.168.64.4
[SKIP] Already ran nmap_db_scripts:192.168.64.4
[SKIP] Already ran enum4linux:192.168.64.4

================================================================
  SCAN COMPLETE - 8 tool(s) executed
================================================================

> Detected Services (example run)

Against a lab target, the agent fingerprinted four live services and picked its tool chain accordingly:

ssh          OpenSSH 10.3p1 Debian 1 (protocol 2.0)      22/tcp
http         Caddy httpd                                  80/tcp
ssl/https                                                  443/tcp
http         Uvicorn                                      8000/tcp

> Tool Chain

Depending on what it finds, the agent reaches for: nmap service/DB scripts, ssh_enum, enum4linux, nikto, nuclei, feroxbuster, and whatweb — the same tools I'd reach for manually, just sequenced and de-duplicated automatically.

> Features

- Multi-round AI planning loop with automatic de-duplication
- Service-aware tool selection (SSH, SMB, HTTP, databases)
- Live action history log per round
- Browser dashboard (FastAPI + WebSockets) for live target input and streamed output
- Structured, reviewable output built for CTF and lab environments

> Why I Built This

Recon and enumeration are the most repetitive part of any pentest or CTF box — the same handful of tools, run in roughly the same order, every time. This agent automates that first pass so I can spend my own time on the interesting part: working out how to actually get in.