logo
Now in Early Access

AI-powered pentesting,
right from your terminal

PentestPad Agent is an AI assistant that helps you run security assessments. It suggests commands, executes tools, and reports findings — all from the CLI.

pentestpad agent -- web-tester
$ pentestpad agent --type web-tester
Agent: Web Application Tester
OWASP Top 10, web app vulnerabilities, SQLi, XSS
You: Test https://target.example.com for SQL injection vulnerabilities
Agent: I'll start by mapping the application's input vectors, then test for SQL injection. Let me begin with reconnaissance.
Executing command:
$ sqlmap -u "https://target.example.com/api/users?id=1" --batch --level=3
Agent: Found a time-based blind SQL injection in the id parameter. Creating finding in PentestPad...
Finding created: SQL Injection in User API (High)
|

6 Built-in, Customizable AI Agents

Each agent is purpose-built for a specific testing domain, with deep knowledge of relevant tools, methodologies, and common vulnerability patterns. Customize their behavior or create your own.

Web Application Tester

OWASP Top 10, SQLi, XSS, authentication bypass, CSRF, SSRF, and more. Deep knowledge of web frameworks and common misconfigurations.

sqlmap nikto gobuster curl ffuf

Network Pentester

Network discovery, service enumeration, infrastructure testing. From port scanning to privilege escalation on internal networks.

nmap masscan netcat enum4linux crackmapexec

Recon Specialist

OSINT, subdomain enumeration, asset discovery. Map the attack surface before the first test begins.

subfinder amass theharvester whois dig

API Security Tester

REST, GraphQL, authentication flaws, BOLA/IDOR, rate limiting, and API-specific attack patterns.

curl httpie postman jwt_tool graphql-cop

Mobile App Tester

Android and iOS application testing. APK analysis, certificate pinning bypass, local storage inspection.

apktool jadx frida objection adb

General Assistant

Versatile penetration testing guidance. Helps with methodology, tool selection, and reporting across all domains.

Any tool Custom scripts Multi-domain

From Terminal to Report in Minutes

The agent handles the entire workflow — from reconnaissance to a finished finding in your PentestPad project.

1

Describe the target

$ pentestpad agent \
--type web-tester \
--project acme-q1
You: Test the login
endpoint at /api/auth
for injection and
auth bypass flaws
2

Agent runs tools

Agent:
Starting auth endpoint analysis...
$ sqlmap -u ".../api/auth" \
--data="user=test&pass=test" \
--batch --level=3
Completed (14.2s)
$ curl -X POST ".../api/auth" \
-d '{"user":"admin'--"}' \
-H "Content-Type: ..."
Completed (2.1s)
3

Findings created

New Finding
Title
SQL Injection in Auth API
Severity
High
CVSS
8.6
CWE
CWE-89
Endpoint
POST /api/auth
Reproduction steps
1. Send POST to /api/auth
2. Set user param to admin'--
3. Observe auth bypass...
4

Generate report

Report
Penetration Test Report
Acme Corp — Q1 2026
Findings Summary
2 High 3 Med 1 Low
DOCX
PDF

Built for Real-World Pentesting

Every feature is designed around actual penetration testing workflows, not generic AI chat.

Intelligent Command Execution

The agent suggests and runs the right tools with the right flags. No more memorizing nmap syntax or sqlmap options — just describe what you want to test.

Trust Level System

Control what the agent can auto-execute. From read-only recon commands to full automation mode for CI pipelines — you decide the level of autonomy.

Auto-Report Findings

Discovered vulnerabilities are automatically created in PentestPad with proper severity, CWE classification, and reproduction steps.

Conversation History

Every session is saved with full command logs. Link conversations to projects, search history, and pick up where you left off.

Secure Authentication

Browser-based OAuth login with PKCE. Tokens stored in your OS keyring. No API keys to manage or accidentally commit.

MCP Integration

Extend the agent with Model Context Protocol servers. Connect to external tools and services for custom workflows.

Mobile App Testing with Frida

The mobile agent handles the full lifecycle — from APK decompilation to runtime hooking with Frida and Objection. SSL pinning bypass, data storage inspection, and dynamic analysis, all guided by AI.

BankApp v2.1
Sign In
Username
Password
Login
FRIDA HOOKED
SSL pinning bypassed
3 methods intercepted
Keychain access logged
frida-server running on device (USB)
Phase 1 — Static Analysis
Agent: Decompiling APK to inspect the source...
$ apktool d BankApp.apk -o ./decompiled
Decompiled — analyzing AndroidManifest.xml
$ jadx --deobf BankApp.apk -d ./source
Agent: Found hardcoded API key in com.bank.util.Config
Finding: Hardcoded API Key (Medium)
Phase 2 — SSL Pinning Bypass
Agent: App uses OkHttp CertificatePinner. Bypassing with Frida...
$ frida -U -f com.bank.app -l pinning.js
// pinning.js — generated by agent
Java.perform(function() {
var Pinner = Java.use(
'okhttp3.CertificatePinner'
);
Pinner.check.overload(
'java.lang.String',
'java.util.List'
).implementation = function() {};
});
SSL pinning bypassed — intercepting traffic
Phase 3 — Data Storage
Agent: Checking local data storage for sensitive info...
$ objection -g com.bank.app explore
com.bank.app on (Google Pixel) [usb]#
env
sqlite connect app.db
SELECT * FROM credentials;
Agent: Found plaintext credentials in local SQLite database.
Finding: Insecure Local Storage (High)
Finding: Missing Certificate Pinning (Medium)
3 findings synced to PentestPad

You Control the Autonomy

Four trust levels let you decide exactly how much the agent can do on its own.

🔒

None

--trust=none

Every command requires explicit approval. Best for learning and reviewing what the agent wants to run.

🛡️

Safe

--trust=safe

Auto-runs read-only commands like ls, cat, curl -I, dig, and ping. Asks for anything that modifies state.

Moderate

--trust=moderate

Auto-runs pentesting tools like nmap, nikto, gobuster, and sqlmap --batch. Still blocks dangerous operations.

🚀

Full

--trust=full

Full autonomy — runs everything without asking. Designed for CI/CD pipelines and automated testing. Fork bombs and destructive commands are still blocked.

Get Started in Seconds

Install the CLI, connect it to your PentestPad instance, and start testing.

Install
# macOS / Linux
curl -sSL https://releases.pentestpad.com/install.sh | sh
# Windows (PowerShell)
irm https://releases.pentestpad.com/install.ps1 | iex
Configure your instance
# Set your PentestPad instance URL
$ pentestpad config set auth.endpoint https://acme.pentestpad.com
✓ Set auth.endpoint = https://acme.pentestpad.com
Authenticate
# Log in via your browser — the CLI will open the authorization page
$ pentestpad login
Opening browser to authorize CLI...
✓ Authentication successful!
User:          john@acme.com
Team:          Acme Security
Role:          pentester

Ready to supercharge your pentests?

Get early access to PentestPad Agent and let AI handle the heavy lifting.

logo-cta