经 AI Skill Hub 精选评估,开源AI工作流 获评「推荐使用」。已获得 1.7k 颗 GitHub Star,这款Agent工作流在功能完整性、社区活跃度和易用性方面表现出色,AI 评分 7.5 分,适合有一定技术背景的用户使用。
使用AI代理进行自动化渗透测试,orchestrates recon,c等。突出价值:提高渗透测试效率,降低风险。
开源AI工作流 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
使用AI代理进行自动化渗透测试,orchestrates recon,c等。突出价值:提高渗透测试效率,降低风险。
开源AI工作流 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
# 方式一:go install(推荐) go install github.com/Armur-Ai/Pentest-Swarm-AI@latest # 方式二:从源码编译 git clone https://github.com/Armur-Ai/Pentest-Swarm-AI cd Pentest-Swarm-AI go build -o pentest-swarm-ai . # 方式三:下载预编译二进制 # 访问 Releases 页面下载对应平台二进制文件 # https://github.com/Armur-Ai/Pentest-Swarm-AI/releases
# 查看帮助 pentest-swarm-ai --help # 基本运行 pentest-swarm-ai [options] <input> # 详细使用说明请查阅文档 # https://github.com/Armur-Ai/Pentest-Swarm-AI
# pentest-swarm-ai 配置说明 # 查看配置选项 pentest-swarm-ai --config-example > config.yml # 常见配置项 # output_dir: ./output # log_level: info # workers: 4 # 环境变量(覆盖配置文件) export PENTEST_SWARM_AI_CONFIG="/path/to/config.yml"
<p align="center"> <h1 align="center">Pentest Swarm AI</h1> <p align="center"> <strong>The first open-source pentesting tool built on a real swarm — not just multiple agents in a row.</strong> </p> <p align="center"> <a href="#quick-start">Quick Start</a> · <a href="#what-makes-this-a-swarm">Swarm vs. Multi-Agent</a> · <a href="#how-the-swarm-works">How It Works</a> · <a href="#comparison">Compare</a> · <a href="IMPLEMENTATION_PLAN.md">Roadmap</a> </p> </p>
<p align="center"> <img src="https://img.shields.io/github/stars/Armur-Ai/Pentest-Swarm-AI?style=for-the-badge&color=f59e0b" alt="Stars"> <img src="https://img.shields.io/badge/Go-1.24-00ADD8?style=for-the-badge&logo=go" alt="Go"> <img src="https://img.shields.io/badge/License-AGPL%203.0-blue?style=for-the-badge" alt="License"> <img src="https://img.shields.io/badge/AI-Claude%20%7C%20Ollama-purple?style=for-the-badge" alt="AI"> <img src="https://img.shields.io/badge/status-alpha-orange?style=for-the-badge" alt="Status"> </p>
<p align="center"> <img src="docs/demo-flashy.gif" alt="Pentest Swarm AI — live campaign demo" width="900"> </p>
<p align="center"> <img src="banner/pentest-swarm-ai-banner.gif?v=3" alt="Pentest Swarm AI architecture" width="800"> </p>
Honesty labels: stable means shipped + tested, beta means works but rough edges, alpha means experimental, planned means in the roadmap.
| Feature | Status | Notes |
|---|---|---|
| Sequential 5-phase runner | **stable** | Default mode; battle-tested core |
| Stigmergic swarm scheduler | **alpha** | --swarm flag; memory-backed blackboard wired |
| ProjectDiscovery toolchain | **stable** | subfinder, httpx, nuclei, naabu, katana, dnsx, gau |
nmap adapter | **stable** | XML parsed; scope-validated |
| Cleanup registry | **stable** | Always runs on SIGINT / exit / budget-cancel |
| Claude prompt caching | **stable** | Enabled for recon + classifier by default |
--strict LLM mode | **stable** | Promotes LLM errors to fatal |
| CVSS v3.1 scoring | **stable** | FIRST spec |
| Postgres blackboard backend | **beta** | Migration shipped; runner uses memory-board for now |
| MCP server | **beta** | pentestswarm mcp serve |
| VS Code extension | **beta** | deploy/vscode/ |
| GitHub Action | **beta** | deploy/github-action/action.yml with SARIF |
| Swarm playbooks (5) | **beta** | playbooks/{bug-bounty,external-asm,ci-cd,internal-network,ctf-solver}.yaml |
| Live dashboard | **alpha** | web/; UI built, wiring to live campaigns in progress |
| Burp MCP bridge | **planned** | Wave 2 |
| Metasploit / ZAP / sqlmap adapters | **planned** | Wave 2 |
| Fine-tuned Pentest-Swarm model | **planned** | Wave 3 (Pentest-R1 recipe) |
| Cybench / AutoPenBench benchmarks | **planned** | Wave 3 |
---
brew install Armur-Ai/tap/pentestswarm # macOS (Homebrew tap) docker run --rm -e ANTHROPIC_API_KEY=sk-ant-... \ ghcr.io/armur-ai/pentestswarm:latest \ scan example.com --scope example.com # Docker one-liner go install github.com/Armur-Ai/Pentest-Swarm-AI/cmd/pentestswarm@latest # Go
```bash
export PENTESTSWARM_ORCHESTRATOR_API_KEY=sk-ant-your-key-here pentestswarm scan example.com --scope example.com --swarm --follow ```
That's the whole setup. No Ollama, no model download, no GPU — just a Claude API key.
Running inside a GitHub Actions workflow? There's an action for that — see deploy/github-action/example-workflow.yml.
---
How we position vs. the rest of the ecosystem. We'll ship real benchmark numbers in a future release (see Phase 3.3).
| Tool | Architecture | Executes vs. suggests | Memory | Tools wired | MCP | Swarm? |
|---|---|---|---|---|---|---|
| **Pentest Swarm AI** | Stigmergic blackboard | Executes | pgvector + pheromones | 8 ProjectDiscovery + nmap; sqlmap / Burp MCP / Metasploit in roadmap | Yes | ✅ real |
| PentestGPT | Single-agent ReAct | Suggests | None | None native | No | No |
| HackingBuddyGPT | Single-agent | Executes | Run logs | Shell passthrough | No | No |
| PentAGI | 4 agents + planner | Executes | pgvector | 40+ via MCP/shell | Partial | Pipeline |
| Shannon | White-box + browser | Executes | Session state | Browser DOM | No | Pipeline |
| HexStrike | MCP tool wrapper | Delegates to client LLM | None (stateless) | 150+ via MCP | Yes | No |
| Pentest-R1 | RL-tuned LLM | Executes | Trajectory | CTF-scope | No | No |
If any entry here is wrong or out of date, please open a PR — we want this table to stay honest.
---
该项目使用Go语言编写,orchestrates recon,c等功能,值得关注。
该工具使用 AGPL-3.0 协议,商用场景请仔细阅读协议条款,必要时咨询法律意见。
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
⚠️ AGPL 3.0 — 最严格的 Copyleft,网络服务端使用也需开源,SaaS 使用受限。
AI Skill Hub 点评:开源AI工作流 的核心功能完整,质量良好。对于自动化工程师和运维人员来说,这是一个值得纳入个人工具库的选择。建议先在非生产环境试用,再逐步推广。
| 原始名称 | Pentest-Swarm-AI |
| Topics | workflowai-agentsbug-bountycybersecurityoffensive-securitypenetration-testing |
| GitHub | https://github.com/Armur-Ai/Pentest-Swarm-AI |
| License | AGPL-3.0 |
| 语言 | Go |
收录时间:2026-06-04 · 更新时间:2026-06-04 · License:AGPL-3.0 · AI Skill Hub 不对第三方内容的准确性作法律背书。
选择 Agent 类型,复制安装指令后粘贴到对应客户端