A new free tool is adding AI helpers into security work. PentestCode is a version of OpenCode made just for penetration testing. It uses security tools, checks the results, and makes smart choices all from a terminal, needing very little help from people.
The main idea of the tool is to automate methods. A tester gives one command, like focusing on an IP to reach domain admin, and PentestCode’s coordinator agent does the rest.
It runs an nmap -sS -p- scan, auto-parses results into a structured engagement state, and recognizes patterns like ports 88 and 389 signaling a Domain Controller.
PentestCode AI Penetration Testing Agent
It creates parallel subagents to check SMB, LDAP, and HTTP. It also tries an AS-REP roasting attack to get weak Kerberos passwords. Then, it uses any found passwords on all discovered services: SMB, WinRM, LDAP, RDP.
A successful WinRM login starts an agent that collects SAM, LSA, and DPAPI secrets, and each step is recorded in a proof chain.
PentestCode, made by Zhangir Ospanov, uses a planner and organizer design based on HPTSA research. The developers say it is 4.3 times better than using just one agent.
Thirteen agents do different jobs: looking for information, scanning systems, counting assets, exploiting weaknesses, attacking identities like Active Directory/Kerberos, working with infrastructure protocols like SNMP and IPMI, testing web applications, dealing with issues after exploitation, developing exploits, filtering out false positives, and reporting. They all work together in real-time.
That shared state is the most unique part of the project. It keeps track of hosts, services, vulnerabilities (with scores and status), credentials, access levels, and a graph showing how things are connected using labels like EXPLOITED_VIA and PIVOT_TO.
A path module uses Dijkstra’s and Yen’s K-shortest-paths algorithms to find routes in this graph. The state stays the same between sessions, so testers can continue multi-day work without losing track.
PentestCode offers 18 special tools for offensive tasks beyond just basic shell access. Parsers change raw results from Nmap, Nuclei, NetExec, Gobuster, BloodHound, and sqlmap into organized entries. You must use these tools to make sure no findings get missed during manual searching.
Additional tools manage JWT checks, XSS finding, credential-spray plans, scope checks, tunnel control, and report making.
Nineteen on-demand “skill” packs, markdown-based knowledge files covering phase checklists, service-specific tactics, and playbooks for AD, web apps, and cloud, extend the agent’s domain knowledge without code changes.
The tool is available on GitHub. It is called “not stealthy,” not good for red-team OPSEC situations, and often runs more than needed.
Token costs for real projects can be $5–50 based on the size and the LLM chosen. Claude Opus/Sonnet is said to work better than GPT-4o and local models for multi-agent teamwork.
Security teams looking at AI tools should know PentestCode is still beta software. It has no user interface, no Burp Suite connection, and changing APIs. It helps with careful checking but is not a substitute for human-made complex attack plans or creative attack ideas.
“AutoPentestX”: Automated Penetration Testing Toolkit for Linux
InfoSecBulletin Cybersecurity for mankind
