wudidike / pentest_skill

Public

Black-box web penetration testing automation framework for AI Agents

ai-agent automation pentest python security

69% credibility

Found May 08, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

Python

AI Summary

An open-source framework that automates black-box web penetration testing from reconnaissance through vulnerability scanning and reporting for authorized security assessments.

How It Works

🔍 Discover a free website security checker

You hear about a helpful tool that automatically checks websites for security problems, perfect for keeping your site safe.

🛠️ Prepare your security toolkit

With simple steps, you gather the needed helpers so the tool can explore and test your website thoroughly.

🚀 Launch the full security scan

You point the tool at your website and watch it automatically discover paths, test for weaknesses, and gather clues step by step.

👀 Review what it uncovers

The tool shows you hidden doors, weak spots, and potential dangers it found during its careful exploration.

📄 Get your complete security report

You receive a clear summary with all issues, evidence screenshots, and simple fixes to make your site stronger and safer.

Sign up to see the full architecture

3 more

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is pentest_skill?

Pentest_skill is a Python-based black-box web penetration testing automation framework tailored for AI agents like Claude or Cursor. It runs a full pipeline from fingerprinting and subdomain enumeration to vuln scanning and HTML reports via simple CLI commands on a target URL or domain. Users get Burp-style evidence captures, tool fallbacks like Python replacements for Nuclei or Nmap, and professional outputs without manual scripting.

Why is it gaining traction?

In the black box testing GitHub space, it stands out with AI-agent-friendly standardization—plug it into any LLM workflow—and seamless degradation when tools like subfinder or ffuf are missing. Developers notice the phase-by-phase CLI (e.g., `python phase7_vuln_scan.py --target example.com`), JS analysis for API discovery, and param fuzzing for XSS/SQLi/SSRF, saving hours on recon. Black box optimization comes via Playwright rendering and session capture for authenticated scans.

Who should use this?

Red teamers and bug bounty hunters automating black-box web app pentests, especially those integrating with AI agents for scalable recon. Pentesters evaluating black box web series targets or building custom black box website AI pipelines will appreciate the subdomain-to-report flow. It's for security pros tired of stitching tools manually, not beginners needing hand-holding.

Verdict

Try it for quick black-box pentest checklists on GitHub projects, but temper expectations—10 stars and 0.7% credibility signal early-stage maturity with basic docs. Solid for prototyping AI-driven scans; contribute to boost stability.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 10 stars

Penalty: AI uncertain (70%): -90%

Account age: 1,963 days

Repo age: 5 days

License: MIT

Updated: May 08, 2026