pentest-framework

pentest-cli

Professional security testing CLI for deployed web applications. No Python required - download a single binary and run.

40+ commands covering OWASP WSTG, PTES, and modern attack vectors. Integrates with Kali Linux tools (nmap, sqlmap, hydra, nikto, nuclei).

Quick Install

Linux/macOS:

curl -fsSL https://raw.githubusercontent.com/sabania/pentest-cli/main/install.sh | bash

Windows (PowerShell):

irm https://raw.githubusercontent.com/sabania/pentest-cli/main/install.ps1 | iex

Or download directly from Releases.

Uninstall

Linux/macOS:

rm ~/.local/bin/pentest

Windows (PowerShell):

Remove-Item "$env:USERPROFILE\.local\bin\pentest.exe"

---

Claude Code Plugin

This repo also ships a Claude Code plugin with 12 skills and 8 AI agents that use the CLI as their backend. The plugin turns Claude Code into a full security testing platform.

Install the plugin:

/plugin marketplace add sabania/pentest-cli

Then run:

/setup                              # Install CLI + verify environment
/pentest-full https://your-app.com  # Complete security audit

See the full plugin documentation: Plugin README

Plugin Skills

Skill	Type	Description
/setup	Utility	Install pentest-cli and verify environment
/cli-reference	Utility	Show all 40+ CLI commands
/pentest-recon <url>	Passive	Subdomains, DNS, ports, OSINT, tech stack
/pentest-scan <url>	Passive	Headers, SSL/TLS, CORS, WAF
/pentest-discover <url>	Passive	JS bundles, APIs, secrets, BaaS backends
/pentest-auth <url>	Passive	JWT, OAuth, session management
/pentest-cloud <url>	Passive	S3/Azure/GCS misconfig, email security
/business-logic <url>	Passive	IDOR, privilege escalation, payment bypass
/pentest-inject <url>	Active	SQLi, XSS, SSTI, SSRF, XXE, LFI
/pentest-advanced <url>	Active	Request smuggling, race conditions, cache poisoning
/pentest-full <url>	Full	All scans combined + PDF report
/pentest-report	Utility	Generate PDF report from findings

Plugin Agents

8 specialized AI agents work as your security testing team:

Agent	Model	Role
recon-agent	sonnet	Attack surface mapping
scanner-agent	sonnet	Configuration & hardening
discovery-agent	sonnet	Secrets, APIs, BaaS probing
injection-agent	sonnet	Injection vulnerability testing
auth-agent	sonnet	Authentication & session security
advanced-agent	opus	Request smuggling, race conditions
logic-agent	opus	Business logic & authorization flaws
report-agent	haiku	Report generation

---

CLI Usage

# Passive scans (safe, no payloads sent)
pentest scan headers https://example.com
pentest scan ssl example.com
pentest scan cors https://example.com
pentest recon subdomains example.com
pentest discover bundle https://example.com
pentest cloud email example.com

# Active scans (sends payloads - requires --active flag)
pentest --active --yes inject sqli https://example.com
pentest --active --yes discover fuzz https://example.com

# Full pentest
pentest full https://example.com

# JSON output (for CI/CD or Claude Code agents)
pentest --json scan headers https://example.com

# Generate PDF report
pentest report ./findings/

CLI Commands

Reconnaissance & OSINT (pentest recon)

Command	Description
recon subdomains	Subdomain enumeration (crt.sh, dnsrecon, DNS brute)
recon ports	Port scanning (nmap integration)
recon dns	DNS records, zone transfer, SPF/DMARC, DNSSEC
recon whois	WHOIS lookup
recon crawl	Web crawling & URL discovery
recon osint	Google dorks, Wayback Machine, email harvesting

Vulnerability Scanning (pentest scan)

Command	Description
scan headers	HTTP security headers (CSP, HSTS, X-Frame-Options, SRI)
scan ssl	SSL/TLS protocols, ciphers, certificate analysis
scan cors	CORS misconfiguration (origin reflection, null, wildcards)
scan nikto	Nikto web server scanner
scan nuclei	Nuclei vulnerability scanner (9000+ templates)

Discovery (pentest discover)

Command	Description
discover bundle	JS bundle reverse engineering (source maps, API keys, secrets)
discover api	API endpoint discovery, GraphQL, error disclosure
discover graphql	GraphQL introspection & attack testing
discover fuzz	Content discovery / directory fuzzing
discover tech	Deep technology fingerprinting (whatweb)