AutoPentest

소개

AutoPentest is an agentic server that revolutionizes web application penetration testing by automating the discovery, exploitation, and reporting of vulnerabilities. It expertly bridges the gap between the thoroughness of manual testing and the speed of automated scanners. By simply pointing it at a target, it intelligently crawls the application, maps every endpoint, and then deploys parallel agents to meticulously test for a wide array of vulnerabilities like XSS, SQLi, SSRF, SSTI, and IDOR, all while ensuring zero false positives with evidence-backed findings. It can be run with Claude Code, other APIs, or fully offline using Ollama models.

주요 기능

• Integrates 27 pre-configured security tools within a Docker container for diverse testing capabilities.
• 28 GitHub stars
• Orchestrates a structured 7-phase workflow, from application discovery to final report generation.
• Ensures all findings are evidence-based, providing reproducible curl commands and full request/response data.
• Implements a robust quality assurance system with automated phase gates and a 'Final Judge' review.
• Executes 109 OWASP Web Security Testing Guide (WSTG) test cases for comprehensive coverage.

사용 사례

• Conducting automated, in-depth web application penetration tests adhering to OWASP WSTG standards.
• Bridging the gap between slow manual pentesting and shallow automated scanning for efficient security assessments.
• Generating comprehensive, evidence-based security reports with a zero-context final review.