Run automated penetration tests against a target with AI-driven planning and execution using tools like nmap, metasploit, and sqlmap
Track relationships between security findings across a test engagement using a Neo4j knowledge graph
Query test results and control the system through REST and GraphQL APIs with Bearer token authentication
Monitor AI agent activity and test metrics through Grafana dashboards and Langfuse tracing
| vxcontrol/pentagi | netflix/chaosmonkey | geektutu/7days-golang | |
|---|---|---|---|
| Stars | 16,838 | 16,886 | 16,903 |
| Language | Go | Go | Go |
| Setup difficulty | hard | hard | easy |
| Complexity | 5/5 | 4/5 | 3/5 |
| Audience | ops devops | ops devops | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires Docker Compose, multiple services (PostgreSQL, Neo4j, Grafana), and API keys for at least one LLM provider.
PentAGI is a self-hosted system that uses AI agents to run penetration tests automatically. Penetration testing is the practice of probing a computer system for security weaknesses by acting like an attacker, PentAGI's pitch is that an AI agent can plan and execute many of those probing steps on its own, so a single security engineer can cover more ground with less manual effort. The name is short for "Penetration testing Artificial General Intelligence." Under the hood, the system runs the agent's work inside an isolated Docker sandbox and gives it a built-in suite of more than 20 professional security tools, including nmap, metasploit, and sqlmap. A team of specialized AI agents handles research, development, and infrastructure tasks separately, with optional execution monitoring and task planning. It also has a long-term memory store, a knowledge graph powered by Graphiti and Neo4j for tracking relationships between findings, a built-in scraper for browsing the web, and integrations with several search APIs. Results land in a PostgreSQL database with the pgvector extension, and there is a web UI plus REST and GraphQL APIs with Bearer token authentication. Logging and monitoring come through Grafana, Prometheus, Langfuse, Jaeger, and Loki. Information security professionals, researchers, and ethical hacking enthusiasts are the intended users. PentAGI works with more than ten LLM providers including OpenAI, Anthropic, Google Gemini, AWS Bedrock, Ollama, DeepSeek, GLM, Kimi, and Qwen, plus aggregators like OpenRouter. The backend is written in Go and deploys via Docker Compose. The full README is longer than what was provided.
Self-hosted system that uses AI agents to plan and run penetration tests automatically inside an isolated Docker sandbox, giving security engineers a team of AI specialists that execute probes with 20+ built-in security tools.
Mainly Go. The stack also includes Go, Docker, PostgreSQL.
Setup difficulty is rated hard, with roughly 1day+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.