Ir al contenido
1337skills 1337skills - Hojas de Trucos

PentAGI

PentAGI is a fully autonomous AI red-team tool with 8,200+ GitHub stars that has drawn significant attention across the cybersecurity community. Open source and actively maintained, it automates the complete offensive security lifecycle — from passive reconnaissance through exploitation and post-exploitation — with zero human intervention required at any stage.

Installation

# Pull and run latest release
docker pull pentagi/pentagi:latest

# Run with API key and results volume
docker run -it --rm \
  -e ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY \
  -v $(pwd)/results:/app/results \
  -p 8080:8080 \
  pentagi/pentagi:latest

# Run with web dashboard
docker run -d \
  -e ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY \
  -v $(pwd)/results:/app/results \
  -v $(pwd)/config:/app/config \
  -p 8080:8080 \
  --name pentagi \
  pentagi/pentagi:latest

# Open dashboard: http://localhost:8080

Docker Compose

git clone https://github.com/pentagi/pentagi
cd pentagi

# Copy and configure environment
cp .env.example .env
# Edit .env with your API keys

# Start full stack (agent + dashboard + DB)
docker-compose up -d

# Check logs
docker-compose logs -f pentagi

From Source

git clone https://github.com/pentagi/pentagi
cd pentagi

# Install dependencies
pip install -r requirements.txt

# Install optional security tool dependencies
./scripts/install-tools.sh

# Run
python -m pentagi

pip

pip install pentagi

# Verify
pentagi --version

Configuration

Environment Variables (.env)

# Required: AI provider
ANTHROPIC_API_KEY=sk-ant-...
PENTAGI_MODEL=claude-opus-4-5        # Primary model
PENTAGI_FAST_MODEL=claude-haiku-4-5  # Used for sub-tasks

# Optional: additional providers
OPENAI_API_KEY=sk-...
OPENAI_MODEL=gpt-4o

# Intelligence sources
SHODAN_API_KEY=...
CENSYS_API_KEY=...
HUNTER_API_KEY=...                    # Email OSINT

# Web dashboard
PENTAGI_WEB_HOST=0.0.0.0
PENTAGI_WEB_PORT=8080
PENTAGI_WEB_AUTH_TOKEN=your-secret-token

# Output
PENTAGI_RESULTS_DIR=/app/results
PENTAGI_LOG_LEVEL=info

Operation Configuration (config/operation.yaml)

operation:
  name: "target-assessment"
  description: "Full autonomous red team assessment"

target:
  primary: "example.com"
  ip_ranges:
    - "10.0.0.0/8"
  exclude_hosts:
    - "10.0.0.1"
  exclude_ports:
    - 22                    # Skip SSH brute-force

phases:
  recon: true
  vulnerability_scan: true
  exploitation: true
  post_exploitation: true
  reporting: true

constraints:
  max_duration: 86400       # 24 hours max
  max_parallel_tasks: 5
  safe_mode: true           # Confirm before destructive actions
  stealth_mode: false       # Slow + quiet vs fast + noisy

output:
  format: html              # html | json | markdown | pdf
  include_evidence: true
  include_timeline: true
  include_remediation: true

Core Commands

CommandDescription
pentagi startStart autonomous operation with configured target
pentagi start --target <host>Start operation against specific target
pentagi start --config <file>Start with a configuration file
pentagi statusShow current operation status
pentagi status --op <id>Show status of a specific operation
pentagi pause <op-id>Pause a running operation
pentagi resume <op-id>Resume a paused operation
pentagi abort <op-id>Safely abort an operation
pentagi recon <target>Run recon phase only
pentagi scan <target>Run vulnerability scan phase only
pentagi exploit <target>Run exploitation phase only
pentagi post-exploit <session>Run post-exploitation phase
pentagi report <op-id>Generate final operation report
pentagi historyList all previous operations
pentagi dashboardOpen web dashboard in browser
pentagi updateUpdate tool integrations and AI prompts

Advanced Usage

Autonomous Operation Lifecycle

# Start a full autonomous assessment
pentagi start \
  --target example.com \
  --name "example-assessment-2025" \
  --phases all \
  --max-duration 24h \
  --output ./results/

# Monitor in real time via dashboard
pentagi dashboard

# Or monitor via CLI
watch -n 10 pentagi status --op example-assessment-2025

# Tail operation logs
pentagi logs --op example-assessment-2025 --follow

Phase-by-Phase Execution

PhaseKey Activities
ReconOSINT, subdomain enum, port/service scan, tech fingerprinting
Vulnerability ScanCVE correlation, nuclei templates, misconfig detection
ExploitationAutomated exploit selection, payload delivery, shell capture
Post-ExploitationPrivilege escalation, lateral movement, data collection
ReportingEvidence compilation, risk rating, remediation guidance
# Run phases selectively
pentagi start \
  --target example.com \
  --phases "recon,vulnerability_scan" \
  --skip-phases "exploitation,post_exploitation" \
  --name "non-intrusive-scan"

# Resume from a specific phase
pentagi start \
  --resume-from exploitation \
  --op "example-assessment-2025"

Stealth Mode Operations

# Low-and-slow operation for blue team evasion
pentagi start \
  --target example.com \
  --stealth-mode \
  --timing "sneaky" \       # paranoid | sneaky | polite | normal | aggressive
  --randomize-user-agents \
  --rotate-source-ips \
  --c2-jitter 60 \
  --name "stealth-op-2025"

Custom Tool Integration

Built-in ToolsCategory
nmap, masscan, zmapPort scanning
amass, subfinder, assetfinderSubdomain enumeration
nuclei, nikto, wapitiVulnerability scanning
sqlmap, commixInjection exploitation
hydra, medusaCredential attacks
metasploit, exploitdbExploitation frameworks
linpeas, winpeas, pspyPost-exploitation enumeration
mimikatz, secretsdumpCredential harvesting
# Add a custom tool to the PentAGI toolset
pentagi tools register \
  --name "custom-scanner" \
  --binary /usr/local/bin/custom-scanner \
  --description "Proprietary vulnerability scanner" \
  --input-schema ./schemas/custom-scanner-input.json

# List all registered tools
pentagi tools list

# Test a tool integration
pentagi tools test custom-scanner --target example.com

Web Dashboard Features

# Start with dashboard enabled
pentagi start --target example.com --web-ui

# Dashboard provides:
# - Real-time operation timeline
# - Live agent decision log
# - Interactive attack graph visualization
# - Found credentials and loot browser
# - One-click report generation
# - Operation comparison across engagements

# Access at: http://localhost:8080
# API at:    http://localhost:8080/api/v1

API Usage

# Start operation via API
curl -X POST http://localhost:8080/api/v1/operations \
  -H "Authorization: Bearer $PENTAGI_WEB_AUTH_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "api-initiated-op",
    "target": "example.com",
    "phases": ["recon", "vulnerability_scan"],
    "safe_mode": true
  }'

# Get operation status via API
curl http://localhost:8080/api/v1/operations/api-initiated-op \
  -H "Authorization: Bearer $PENTAGI_WEB_AUTH_TOKEN"

# Stream live logs via WebSocket
wscat -c "ws://localhost:8080/api/v1/operations/api-initiated-op/logs" \
  -H "Authorization: Bearer $PENTAGI_WEB_AUTH_TOKEN"

Common Workflows

Full Autonomous Red Team Assessment

# Step 1: Configure target scope
cat > config/my-engagement.yaml << 'EOF'
target:
  primary: "example.com"
  ip_ranges: ["10.0.0.0/24"]
phases:
  recon: true
  vulnerability_scan: true
  exploitation: true
  post_exploitation: true
  reporting: true
constraints:
  safe_mode: true
  max_duration: 86400
output:
  format: html
  include_remediation: true
EOF

# Step 2: Launch operation
pentagi start \
  --config config/my-engagement.yaml \
  --name "full-assessment-$(date +%Y%m%d)"

# Step 3: Monitor (optional — it's fully autonomous)
pentagi status --op "full-assessment-$(date +%Y%m%d)" --watch

# Step 4: Collect report when done
pentagi report \
  --op "full-assessment-$(date +%Y%m%d)" \
  --format html \
  --output ./reports/full-assessment.html

Bug Bounty Hunting

# Configure for bug bounty scope
pentagi start \
  --target "*.example.com" \
  --scope-file ./scope.txt \
  --phases "recon,vulnerability_scan" \
  --focus "xss,sqli,ssrf,idor,open-redirect" \
  --severity-threshold medium \
  --output ./bb-results/ \
  --name "bb-example-$(date +%Y%m%d)"

# Export findings as bug bounty report format
pentagi report \
  --op "bb-example-$(date +%Y%m%d)" \
  --format markdown \
  --template bug-bounty \
  --output submission-draft.md

Continuous Automated Assessment

# Run weekly automated assessment
cat > weekly-assess.sh << 'EOF'
#!/bin/bash
OP_NAME="weekly-$(date +%Y-%W)"
pentagi start \
  --config /etc/pentagi/prod-scope.yaml \
  --name "$OP_NAME" \
  --phases "recon,vulnerability_scan" \
  --diff-baseline ./baselines/last-week.json \
  --alert-new-findings \
  --alert-email security@example.com

pentagi report \
  --op "$OP_NAME" \
  --format html \
  --output /reports/$OP_NAME.html
EOF
chmod +x weekly-assess.sh
# cron: 0 1 * * 1 /path/to/weekly-assess.sh

Competitive CTF Automation

# Use PentAGI for CTF challenge automation
pentagi start \
  --target "ctf-machine.hackthebox.eu" \
  --mode ctf \
  --objective "get root flag" \
  --time-limit 4h \
  --aggressive \
  --name "htb-machine-name"

Tips and Best Practices

Use safe-mode for production targets — Always set safe_mode: true for any target with production traffic; this gates destructive exploits behind a human confirmation prompt while still running all recon and vulnerability discovery autonomously.

Resource-size your Docker container — PentAGI’s parallel task execution is CPU/memory-intensive; allocate at minimum 4 CPU cores and 8GB RAM (--cpus 4 --memory 8g) for smooth multi-phase operation.

Baseline your assessments — Use --diff-baseline to compare against a previous operation’s findings, so recurring issues are separated from newly discovered vulnerabilities in reports.

Scope files prevent scope creep — Always provide a --scope-file for bug bounty engagements; the AI agent will otherwise follow every link and subdomain it finds, potentially going out of scope.

Dashboard over CLI for complex ops — The web UI provides an interactive attack graph that makes lateral movement paths and exploit chains far easier to understand than raw log output.

CTF mode vs engagement mode — Use --mode ctf for Hack The Box/TryHackMe machines (aggressive, no scope restrictions); use the default engagement mode with safe_mode: true for real-world client assessments.

Export evidence during the op — Don’t wait until the operation completes to collect screenshots and tool output; use pentagi evidence export --op <id> mid-operation to save artifacts if connectivity is unstable.

Watch agent decisions — Enable LOG_LEVEL=debug on first use to understand how the AI reasons about target selection and exploit prioritization — invaluable for calibrating the tool to your engagement style.