PentestGPT
LLM-driven pentesting copilot that chains reasoning steps with offensive tools through a REPL interface
โก TL;DR
๐ฏ The Problem It Solves
Manual penetration testing is slow: a human has to hold the entire engagement in their head. PentestGPT wraps an offensive workflow in a reasoning agent so the LLM plans the next step, executes a tool, interprets the output, and loops until the objective is met. It does NOT replace a pentester; it removes the "which command do I run next" friction.
๐ง How It Works
PentestGPT is a Python CLI that couples a ChatGPT-class LLM with a task manager and a toolkit (Nmap, searchsploit, and extension points). You give it a target and a high-level goal; the reasoning loop proposes a step, runs the tool, feeds the output back, and decides the next move. The architecture separates the reasoning module from the execution module so you can swap in different LLMs or add custom tool wrappers. Sessions are stateful: it remembers prior steps across the engagement.
๐ผ๏ธ Screenshots
๐ Installation & Quick Start
Installation
git clone https://github.com/GreyDGL/PentestGPT.git
cd PentestGPT
pip install -r requirements.txt
echo "OPENAI_API_KEY=sk-..." > .envQuick Start
- git clone https://github.com/GreyDGL/PentestGPT && cd PentestGPT
- pip install -r requirements.txt
- cp .env.example .env # then put your OpenAI key in .env
- python main.py --target example.com
- Walk through the interactive REPL โ it will scan, suggest exploits, and draft a report
โ Pros
- โขGenuinely useful as a copilot โ speeds up recon and exploit selection
- โขTransparent reasoning chain shows WHY it picked the next step
- โขFree, MIT-licensed, active research project
- โขExtensible with your own tools and different LLM backends
โ Cons
- โขNot autonomous โ treat output as a junior pentester's first draft
- โขHallucinates tool commands and flags; verify every invocation
- โขToken costs add up fast on large targets (GPT-4 pricing)
- โขRequires clean output parsing; brittle when tools return errors
๐ฌ Practitioner Verdict
"PentestGPT is the best current example of an LLM pentest copilot. It will not hack a box on its own, but for methodology guidance โ "what do I run next, given this output" โ it saves real time. The catch: every output needs verification. Treat it like a keen but hallucination-prone junior."
๐ Specifications
- Language
- Python
- License
- MIT
- Platform
- Linux, macOS, Windows
- Kill Chain
- Reconnaissance / Vulnerability Analysis / Exploitation
- MITRE ATT&CK
- T1595, T1592, T1046
๐ฐ Pricing Reality
PentestGPT itself is free (MIT). The real cost is API usage: GPT-4 at ~$0.01-0.10/query, free if you run a local LLM. A full engagement against a 10-host target can burn $5-15 of tokens if you let it run unsupervised.
๐ฅ Community Health
๐ท๏ธ Tags
๐ฌ Video Tutorials
PentestGPT AI Pentesting Demo
GreyDGL ยท 45K views ยท 20:30
