PentesterFlow/agent: AI-Powered Offensive Security CLI Tool

PentesterFlow/agent is an open-source, agentic AI CLI tool built in TypeScript for offensive security. It is designed to support security engineers in various stages of penetration testing and bug bounty hunting, including reconnaissance, enumeration, vulnerability validation, evidence collection, and report generation. A core principle of PentesterFlow is maintaining human control, requiring analyst approval for sensitive actions and decisions regarding scope.

The tool emphasizes transparent execution, providing reproducible commands, visible tool calls, saved evidence, and audit-friendly logs. It also incorporates operational learning through local project and personal knowledge bases, which are intended to improve future sessions by retaining useful lessons, user preferences, and workflow patterns without requiring explicit model retraining or complex user management. PentesterFlow connects to various local or hosted Large Language Models (LLMs), including Ollama, LM Studio, Kimi, Groq, Gemini, and other OpenAI-compatible APIs.

Key features include built-in pentest skills for various vulnerabilities (e.g., web vulns, SSRF, SSTI, JWT), confirmation of findings after reproduction with request/response evidence, and robust context retention through saved sessions, compaction, and resume recaps. It integrates with real-world tools like Shell/Bash, HTTP, Burp bridge, browser capture, and file tools. The latest release, v0.1.6, introduces continuous learning intelligence, silent memory retrieval for future sessions, and a resume recap feature for ongoing assessments.