🛡️ Zen AI Pentest

🚀 Phase 6: AI Personas | 862+ Commits | 72+ Tools

Professional AI-powered penetration testing framework with autonomous agents, 72+ integrated security tools, and real tool execution. Built for security professionals, bug bounty hunters, and enterprise teams.

🤖 11 AI Personas 🔧 72+ Tools 🐳 Docker Ready 🛡️ Guardrails 🔒 VPN Support 📊 Auto-Status
⭐ View on GitHub 📍 Roadmap 2026
Repository Status - Auto-updating status card showing current phase and statistics

Project Statistics

772+

Commits

72+

Security Tools

11

AI Personas

6

Evolution Phase

4

Risk Levels

100%

Open Source

Key Features

🧠

ReAct Agent Loop

Reason → Act → Observe → Reflect pattern with autonomous decision making, self-correction, and memory management for complex pentest workflows.

👥

11 AI Personas

Specialized agents: Recon, Exploit, Report, Audit, Social Engineering, Network, Mobile, Red Team, ICS, Cloud, and Crypto experts.

🛡️

Security Guardrails

IP validation (blocks private networks), domain filtering, 4-level risk system (Safe to Aggressive), and rate limiting for safe operation.

🤖

Multi-Agent System

Workflow orchestrator manages complex pentest workflows with task distribution, real-time WebSocket updates, and result aggregation.

🔌

Multi-LLM Support

Native Kimi AI integration plus OpenRouter, OpenAI, Anthropic support with intelligent routing based on task complexity.

🔒

VPN Integration

ProtonVPN native CLI integration plus generic OpenVPN/WireGuard detection with safety warnings and strict mode options.

🐳

Docker Ready

One-command deployment with docker-compose, isolated environments, multi-agent scaling, health checks, and production-ready configuration.

🌐

FastAPI Backend

High-performance REST API with WebSocket support, JWT authentication, role-based access control, and automatic API documentation.

📊

Risk Engine

CVSS/EPSS scoring, false positive reduction, business impact calculation, and automated finding prioritization.

72+ Integrated Security Tools

🔍 Network

  • Nmap - Port scanning
  • Masscan - Fast scanning
  • Scapy - Packet crafting
  • Tshark - Traffic analysis

🌐 Web

  • Nuclei - Vulnerability scanning
  • SQLMap - SQL injection
  • Nikto - Web scanner
  • OWASP ZAP - Proxy/testing
  • BurpSuite - Web testing
  • FFuF - Web fuzzing
  • Gobuster - Directory brute

📡 Reconnaissance

  • Subfinder - Subdomain enum
  • Amass - Asset discovery
  • HTTPX - Fast HTTP prober
  • WhatWeb - Tech detection
  • WAFW00F - WAF detection

🎯 Active Directory

  • BloodHound - AD mapping
  • CrackMapExec - AD pentest
  • Responder - LLMNR/NBT-NS

🕵️ OSINT

  • Sherlock - Username search
  • Scout - Recon framework
  • Ignorant - Email checker

🔐 Secrets

  • TruffleHog - Secret scanning
  • Trivy - Vulnerability scanner
  • Semgrep - Static analysis

Quick Start

Installation

# Clone repository
git clone https://github.com/SHAdd0WTAka/zen-ai-pentest.git
cd zen-ai-pentest

# Install dependencies
pip install -r requirements.txt

# Configure environment
cp .env.example .env
# Edit .env with your API keys

Docker (Recommended)

# Start full stack
docker-compose up -d

# Check status
docker-compose ps

# Scale agents
docker-compose up -d --scale agent=3

Python API

from agents.react_agent import ReActAgent, ReActAgentConfig

# Configure agent
config = ReActAgentConfig(
    max_iterations=10,
    use_vm=True,
    vm_name="kali-pentest"
)

# Create and run
agent = ReActAgent(config)
result = agent.run(
    target="example.com",
    objective="Security assessment"
)

REST API

# Start API server
uvicorn api.main:app --reload

# API will be available at http://localhost:8000
# Documentation at http://localhost:8000/docs

⚖️ Legal Notice