ptai 0.8.0__tar.gz

ptai-0.8.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 0xSteph
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

ptai-0.8.0/PKG-INFO

@@ -0,0 +1,354 @@
+Metadata-Version: 2.4
+Name: ptai
+Version: 0.8.0
+Summary: Autonomous AI pentesting with 150+ tools, exploit chaining, and PoC validation
+Author: 0xSteph
+License: MIT
+Project-URL: Homepage, https://pentestai.xyz
+Project-URL: Repository, https://github.com/0xSteph/pentest-ai
+Project-URL: Documentation, https://pentestai.xyz
+Project-URL: Issues, https://github.com/0xSteph/pentest-ai/issues
+Keywords: pentest,pentesting,security,mcp,ai,cybersecurity,exploit,vulnerability
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Testing
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: fastmcp>=2.0
+Requires-Dist: httpx>=0.27
+Requires-Dist: pydantic>=2.0
+Requires-Dist: rich>=13.0
+Requires-Dist: typer>=0.9
+Requires-Dist: aiosqlite>=0.20
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: python-dotenv>=1.0
+Requires-Dist: jinja2>=3.1
+Requires-Dist: cryptography>=42.0
+Requires-Dist: dnspython>=2.6
+Requires-Dist: scapy>=2.5
+Requires-Dist: paramiko>=3.4
+Requires-Dist: impacket>=0.11
+Requires-Dist: bloodhound>=1.7
+Requires-Dist: requests>=2.31
+Requires-Dist: beautifulsoup4>=4.12
+Requires-Dist: aiohttp>=3.9
+Requires-Dist: tenacity>=8.2
+Requires-Dist: structlog>=24.1
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.23; extra == "dev"
+Requires-Dist: pytest-cov>=4.1; extra == "dev"
+Requires-Dist: ruff>=0.3; extra == "dev"
+Requires-Dist: mypy>=1.8; extra == "dev"
+Requires-Dist: pre-commit>=3.6; extra == "dev"
+Provides-Extra: cloud
+Requires-Dist: boto3>=1.34; extra == "cloud"
+Requires-Dist: azure-identity>=1.15; extra == "cloud"
+Requires-Dist: azure-mgmt-resource>=23.0; extra == "cloud"
+Requires-Dist: google-cloud-storage>=2.14; extra == "cloud"
+Dynamic: license-file
+
+<p align="center">
+  <img src="assets/transparentbanner.png" alt="pentest-ai">
+</p>
+
+<h1 align="center">pentest-ai</h1>
+
+<p align="center">
+  <strong>MCP server + 10 AI agents + 150+ security tools. One command.</strong>
+</p>
+
+<p align="center">
+  <a href="https://github.com/0xSteph/pentest-ai/blob/main/LICENSE"><img src="https://img.shields.io/github/license/0xSteph/pentest-ai?color=blue" alt="License"></a>
+  <a href="https://pypi.org/project/pentest-ai/"><img src="https://img.shields.io/badge/python-3.10%2B-blue" alt="Python"></a>
+  <a href="https://github.com/0xSteph/pentest-ai/releases"><img src="https://img.shields.io/badge/version-1.0.0-green" alt="Version"></a>
+  <a href="https://github.com/0xSteph/pentest-ai/stargazers"><img src="https://img.shields.io/github/stars/0xSteph/pentest-ai?style=social" alt="Stars"></a>
+</p>
+
+<p align="center">
+  <a href="https://pentestai.xyz">Website</a> &middot;
+  <a href="#quick-start">Quick Start</a> &middot;
+  <a href="#agents">Agents</a> &middot;
+  <a href="#tools">150+ Tools</a> &middot;
+  <a href="https://github.com/0xSteph/pentest-ai-agents">Claude Code Agents</a>
+</p>
+
+---
+
+pentest-ai connects AI to 150+ real security tools through the [Model Context Protocol](https://modelcontextprotocol.io). It works with Claude Desktop, Cursor, VS Code Copilot, Windsurf, or any MCP-compatible client.
+
+Point it at a target. It runs recon, finds vulnerabilities, chains them into full compromise paths, validates every finding with a working proof of concept, and generates professional reports with detection rules for your blue team.
+
+No vendor lock-in. No cloud dependency. Runs locally.
+
+## How It Works
+
+```
+You: "Run a full assessment against staging.example.com"
+
+pentest-ai:
+  1. Recon       > nmap, subfinder, amass, DNS enum, OSINT
+  2. Web scan    > nuclei, sqlmap, nikto, ffuf, dalfox
+  3. Cloud audit > prowler, ScoutSuite, pacu
+  4. AD attack   > BloodHound, Impacket, CrackMapExec
+  5. Chaining    > Links 3 medium findings into domain admin
+  6. Validation  > Generates safe PoC for each finding
+  7. Detection   > Sigma + SPL + KQL rules for every attack
+  8. Report      > Professional markdown/HTML/PDF with CVSS scores
+```
+
+## Quick Start
+
+```bash
+pip install -e .
+pentest-ai start target.example.com
+```
+
+That starts the MCP server. Connect from your AI client and start talking to it.
+
+### Connect to Claude Desktop
+
+Add this to your Claude Desktop config (`~/Library/Application Support/Claude/claude_desktop_config.json`):
+
+```json
+{
+  "mcpServers": {
+    "pentest-ai": {
+      "command": "pentest-ai",
+      "args": ["server", "start"]
+    }
+  }
+}
+```
+
+### Connect to Cursor / VS Code Copilot
+
+Add the same MCP server config in your editor's settings. Any client that speaks MCP will work.
+
+## Agents
+
+10 specialist agents, each focused on a specific attack surface.
+
+| Agent | What It Does |
+|-------|-------------|
+| **Recon** | Port scanning, service fingerprinting, subdomain enum, OSINT |
+| **Web** | SQLi, XSS, SSRF, IDOR, auth bypass, API testing, business logic |
+| **AD** | BloodHound, Kerberoasting, AS-REP, delegation abuse, DCSync |
+| **Cloud** | AWS/Azure/GCP misconfigs, IAM escalation, exposed services |
+| **Mobile** | Android/iOS app analysis, API interception, SSL pinning bypass |
+| **Wireless** | WPA/WPA2/WPA3, evil twin, rogue AP, Bluetooth |
+| **Social Engineer** | Phishing campaign design, pretexting, vishing frameworks |
+| **Exploit Chain** | Correlates findings across agents into multi-step attack paths |
+| **PoC Validator** | Auto-generates safe, non-destructive proofs of concept |
+| **Report + Detection** | Professional reports with Sigma, SPL, and KQL rules |
+
+Every agent stores findings in a local SQLite database. Findings persist across sessions and feed into the chaining engine.
+
+## Tools
+
+158 security tools organized into 6 categories. pentest-ai wraps each tool with structured output parsing so findings flow directly into the database.
+
+<details>
+<summary><strong>Network (30+ tools)</strong></summary>
+
+nmap, masscan, rustscan, netcat, hping3, arping, tcpdump, Wireshark (tshark), responder, mitm6, bettercap, ettercap, arpwatch, nbtscan, enum4linux, smbclient, rpcclient, ldapsearch, snmpwalk, onesixtyone, fierce, dnsrecon, dnsenum, dig, whois, traceroute, mtr, ping, netdiscover, fping
+
+</details>
+
+<details>
+<summary><strong>Web (40+ tools)</strong></summary>
+
+nuclei, sqlmap, nikto, gobuster, ffuf, feroxbuster, dirb, dirbuster, wfuzz, dalfox, xsstrike, commix, ssrfmap, tplmap, arjun, paramspider, waybackurls, gau, httpx, httprobe, whatweb, wappalyzer, wafw00f, burpsuite, zaproxy, w3af, arachni, skipfish, wpscan, joomscan, droopescan, cmsmap, testssl, sslscan, sslyze, jwt_tool, graphqlmap, postman, curl, wget
+
+</details>
+
+<details>
+<summary><strong>Password (20+ tools)</strong></summary>
+
+hydra, hashcat, john, medusa, ncrack, patator, cewl, crunch, cupp, mentalist, ophcrack, fcrackzip, pdfcrack, rarcrack, aircrack-ng, cowpatty, hash-identifier, haiti, name-that-hash, kerbrute
+
+</details>
+
+<details>
+<summary><strong>Binary (15+ tools)</strong></summary>
+
+checksec, gdb, radare2, ghidra, objdump, strace, ltrace, file, strings, binwalk, foremost, volatility, ropper, ROPgadget, pwntools
+
+</details>
+
+<details>
+<summary><strong>Cloud (20+ tools)</strong></summary>
+
+prowler, ScoutSuite, pacu, enumerate-iam, cloudfox, cloudsplaining, pmapper, steampipe, trivy, grype, syft, kube-hunter, kubeaudit, kubectl, docker, crane, cosign, falco, tracee, tetragon
+
+</details>
+
+<details>
+<summary><strong>OSINT (25+ tools)</strong></summary>
+
+theHarvester, sherlock, recon-ng, maltego, spiderfoot, amass, subfinder, assetfinder, findomain, massdns, puredns, shuffledns, crt.sh, shodan, censys, zoomeye, hunter.io, phonebook, dehashed, h8mail, trufflehog, gitleaks, git-secrets, gitrob, shhgit
+
+</details>
+
+### Built-in Scanners (Zero Dependencies)
+
+Don't have nmap installed? pentest-ai includes built-in scanners that work immediately:
+
+- **Port scanner** (async TCP connect)
+- **HTTP header analyzer** (missing security headers, CORS, cookies)
+- **SSL/TLS checker** (expiry, weak ciphers, deprecated protocols)
+- **Path discovery** (admin panels, backups, .env files, .git exposure)
+- **DNS enumerator** (A records, subdomain brute-force)
+- **Secret scanner** (AWS keys, GitHub tokens, JWTs, connection strings in responses)
+
+```bash
+# Works with zero external tools installed
+pentest-ai start target.example.com --scope recon
+```
+
+## Exploit Chaining
+
+Most scanners give you a list of isolated findings. pentest-ai connects them.
+
+Example: 5 medium-severity findings individually look minor. The chaining engine discovers they connect into a path from unauthenticated user to domain admin.
+
+```
+SSRF in /api/internal > Read cloud metadata > AWS keys
+  > Lateral move to staging DB > Extract AD service account creds
+    > Kerberoast > Crack hash > Domain Admin
+```
+
+Each chain is validated with a working PoC before it shows up in your report.
+
+## Architecture
+
+```
+pentest-ai/
+├── mcp_server/       # FastMCP server, exposes all tools via MCP protocol
+├── agents/           # 10 specialist Python agents
+├── tools/            # 158 tool wrappers with output parsers
+├── engine/           # Orchestrator + findings DB + built-in scanners
+├── cli/              # CLI interface (Typer + Rich)
+├── config/           # YAML config
+└── tests/            # Test suite
+```
+
+## Configuration
+
+```yaml
+# config/pentest-ai.yaml
+llm:
+  provider: openai        # or anthropic, ollama
+  model: gpt-4o
+  temperature: 0.0
+
+agent:
+  auto_chain: true
+  auto_validate_pocs: true
+  auto_generate_detections: true
+  hitl_mode: true          # Human approval before exploitation
+
+scope:
+  allowed_targets: []
+  excluded_targets: []
+  max_depth: 3
+```
+
+## MCP Tools Reference
+
+| Tool | Description |
+|------|-------------|
+| `start_engagement` | Begin a full pentest against a target |
+| `run_recon` | Reconnaissance (passive, standard, deep) |
+| `test_web_app` | Web application security testing |
+| `test_active_directory` | AD security assessment |
+| `test_cloud` | Cloud provider security audit |
+| `run_tool` | Run any of the 158 tools directly |
+| `discover_attack_chains` | Find exploit chains from existing findings |
+| `validate_finding` | Generate a safe PoC for a specific finding |
+| `generate_detection_rules` | Create Sigma/SPL/KQL rules |
+| `generate_report` | Professional report (markdown, HTML, PDF, JSON) |
+| `builtin_scan` | Run built-in scans (no external tools needed) |
+| `get_findings` | Query findings by severity, status, engagement |
+
+## Claude Code Agents
+
+Looking for the Claude Code version? **[pentest-ai-agents](https://github.com/0xSteph/pentest-ai-agents)** has 28 specialized Claude Code subagents for penetration testing. No server, no dependencies. Copy `.md` files into Claude Code and go.
+
+| | pentest-ai (this repo) | pentest-ai-agents |
+|---|---|---|
+| **Type** | MCP server + Python agents | Claude Code subagents |
+| **Works with** | Any MCP client (Claude, Cursor, Copilot, etc.) | Claude Code only |
+| **Tools** | 158 tool wrappers with output parsing | Uses whatever tools are on your system |
+| **Install** | `pip install -e .` | Copy `.md` files |
+| **Best for** | Automated assessments, CI/CD integration | Interactive pentesting, learning, CTFs |
+
+## Requirements
+
+- Python 3.10+
+- An MCP-compatible AI client (Claude Desktop, Cursor, VS Code Copilot, etc.)
+- Security tools you want to use (optional, built-in scanners work without any)
+
+## Development
+
+```bash
+git clone https://github.com/0xSteph/pentest-ai.git
+cd pentest-ai
+pip install -e ".[dev]"
+pytest tests/ -v
+```
+
+## FAQ
+
+**Does this replace manual pentesting?**
+No. It accelerates it. The agents handle recon, scanning, and correlation. You make the decisions about what to exploit and how deep to go. Human-in-the-loop is on by default.
+
+**Is my data sent to the cloud?**
+No. Everything runs locally. The only external calls are to whatever LLM provider you configure (OpenAI, Anthropic, or a local model via Ollama).
+
+**Can I add my own tools?**
+Yes. Add a `SecurityTool` entry in `tools/registry.py` with a command template and output parser. The tool is immediately available through the MCP server.
+
+**What about false positives?**
+The PoC validator generates a safe proof of concept for every finding. If the PoC fails, the finding is flagged as unconfirmed. Only validated findings appear in the final report.
+
+## For Teams: pentest-ai Enterprise
+
+pentest-ai is fully open source. Every feature runs locally, no auth required. If you're an individual or a small team comfortable with the CLI, you're done — you have everything.
+
+**pentest-ai Enterprise** ($499/mo) is a hosted dashboard for security teams, MSSPs, and consultancies that need:
+
+- Shared team workspace with role-based access (Owner, Admin, Member)
+- SSO / OIDC (Okta, Azure AD, Google Workspace)
+- Compliance mapping (SOC 2, ISO 27001, PCI DSS, HIPAA, NIST)
+- Audit logs for regulated environments
+- Scheduled and recurring scans
+- Executive and technical PDF reports
+- MITRE ATT&CK coverage dashboards
+- Attack surface monitoring
+- Integrations (Jira, Slack, GitHub, Teams)
+- White-label branding
+
+Everything the CLI does is free forever. Enterprise exists for teams that need to collaborate at scale.
+
+[Start a trial at app.pentestai.xyz](https://app.pentestai.xyz) · [Contact sales](mailto:sales@pentestai.xyz)
+
+## Legal
+
+This tool is for **authorized security testing only**. Always get written permission before testing any system you don't own. See [LICENSE](LICENSE) for the MIT license.
+
+---
+
+<p align="center">
+  Built by <a href="https://github.com/0xSteph">0xSteph</a> &middot;
+  <a href="https://pentestai.xyz">pentestai.xyz</a> &middot;
+  <a href="https://github.com/0xSteph/pentest-ai-agents">Claude Code Agents</a>
+</p>

ptai-0.8.0/README.md

@@ -0,0 +1,296 @@
+<p align="center">
+  <img src="assets/transparentbanner.png" alt="pentest-ai">
+</p>
+
+<h1 align="center">pentest-ai</h1>
+
+<p align="center">
+  <strong>MCP server + 10 AI agents + 150+ security tools. One command.</strong>
+</p>
+
+<p align="center">
+  <a href="https://github.com/0xSteph/pentest-ai/blob/main/LICENSE"><img src="https://img.shields.io/github/license/0xSteph/pentest-ai?color=blue" alt="License"></a>
+  <a href="https://pypi.org/project/pentest-ai/"><img src="https://img.shields.io/badge/python-3.10%2B-blue" alt="Python"></a>
+  <a href="https://github.com/0xSteph/pentest-ai/releases"><img src="https://img.shields.io/badge/version-1.0.0-green" alt="Version"></a>
+  <a href="https://github.com/0xSteph/pentest-ai/stargazers"><img src="https://img.shields.io/github/stars/0xSteph/pentest-ai?style=social" alt="Stars"></a>
+</p>
+
+<p align="center">
+  <a href="https://pentestai.xyz">Website</a> &middot;
+  <a href="#quick-start">Quick Start</a> &middot;
+  <a href="#agents">Agents</a> &middot;
+  <a href="#tools">150+ Tools</a> &middot;
+  <a href="https://github.com/0xSteph/pentest-ai-agents">Claude Code Agents</a>
+</p>
+
+---
+
+pentest-ai connects AI to 150+ real security tools through the [Model Context Protocol](https://modelcontextprotocol.io). It works with Claude Desktop, Cursor, VS Code Copilot, Windsurf, or any MCP-compatible client.
+
+Point it at a target. It runs recon, finds vulnerabilities, chains them into full compromise paths, validates every finding with a working proof of concept, and generates professional reports with detection rules for your blue team.
+
+No vendor lock-in. No cloud dependency. Runs locally.
+
+## How It Works
+
+```
+You: "Run a full assessment against staging.example.com"
+
+pentest-ai:
+  1. Recon       > nmap, subfinder, amass, DNS enum, OSINT
+  2. Web scan    > nuclei, sqlmap, nikto, ffuf, dalfox
+  3. Cloud audit > prowler, ScoutSuite, pacu
+  4. AD attack   > BloodHound, Impacket, CrackMapExec
+  5. Chaining    > Links 3 medium findings into domain admin
+  6. Validation  > Generates safe PoC for each finding
+  7. Detection   > Sigma + SPL + KQL rules for every attack
+  8. Report      > Professional markdown/HTML/PDF with CVSS scores
+```
+
+## Quick Start
+
+```bash
+pip install -e .
+pentest-ai start target.example.com
+```
+
+That starts the MCP server. Connect from your AI client and start talking to it.
+
+### Connect to Claude Desktop
+
+Add this to your Claude Desktop config (`~/Library/Application Support/Claude/claude_desktop_config.json`):
+
+```json
+{
+  "mcpServers": {
+    "pentest-ai": {
+      "command": "pentest-ai",
+      "args": ["server", "start"]
+    }
+  }
+}
+```
+
+### Connect to Cursor / VS Code Copilot
+
+Add the same MCP server config in your editor's settings. Any client that speaks MCP will work.
+
+## Agents
+
+10 specialist agents, each focused on a specific attack surface.
+
+| Agent | What It Does |
+|-------|-------------|
+| **Recon** | Port scanning, service fingerprinting, subdomain enum, OSINT |
+| **Web** | SQLi, XSS, SSRF, IDOR, auth bypass, API testing, business logic |
+| **AD** | BloodHound, Kerberoasting, AS-REP, delegation abuse, DCSync |
+| **Cloud** | AWS/Azure/GCP misconfigs, IAM escalation, exposed services |
+| **Mobile** | Android/iOS app analysis, API interception, SSL pinning bypass |
+| **Wireless** | WPA/WPA2/WPA3, evil twin, rogue AP, Bluetooth |
+| **Social Engineer** | Phishing campaign design, pretexting, vishing frameworks |
+| **Exploit Chain** | Correlates findings across agents into multi-step attack paths |
+| **PoC Validator** | Auto-generates safe, non-destructive proofs of concept |
+| **Report + Detection** | Professional reports with Sigma, SPL, and KQL rules |
+
+Every agent stores findings in a local SQLite database. Findings persist across sessions and feed into the chaining engine.
+
+## Tools
+
+158 security tools organized into 6 categories. pentest-ai wraps each tool with structured output parsing so findings flow directly into the database.
+
+<details>
+<summary><strong>Network (30+ tools)</strong></summary>
+
+nmap, masscan, rustscan, netcat, hping3, arping, tcpdump, Wireshark (tshark), responder, mitm6, bettercap, ettercap, arpwatch, nbtscan, enum4linux, smbclient, rpcclient, ldapsearch, snmpwalk, onesixtyone, fierce, dnsrecon, dnsenum, dig, whois, traceroute, mtr, ping, netdiscover, fping
+
+</details>
+
+<details>
+<summary><strong>Web (40+ tools)</strong></summary>
+
+nuclei, sqlmap, nikto, gobuster, ffuf, feroxbuster, dirb, dirbuster, wfuzz, dalfox, xsstrike, commix, ssrfmap, tplmap, arjun, paramspider, waybackurls, gau, httpx, httprobe, whatweb, wappalyzer, wafw00f, burpsuite, zaproxy, w3af, arachni, skipfish, wpscan, joomscan, droopescan, cmsmap, testssl, sslscan, sslyze, jwt_tool, graphqlmap, postman, curl, wget
+
+</details>
+
+<details>
+<summary><strong>Password (20+ tools)</strong></summary>
+
+hydra, hashcat, john, medusa, ncrack, patator, cewl, crunch, cupp, mentalist, ophcrack, fcrackzip, pdfcrack, rarcrack, aircrack-ng, cowpatty, hash-identifier, haiti, name-that-hash, kerbrute
+
+</details>
+
+<details>
+<summary><strong>Binary (15+ tools)</strong></summary>
+
+checksec, gdb, radare2, ghidra, objdump, strace, ltrace, file, strings, binwalk, foremost, volatility, ropper, ROPgadget, pwntools
+
+</details>
+
+<details>
+<summary><strong>Cloud (20+ tools)</strong></summary>
+
+prowler, ScoutSuite, pacu, enumerate-iam, cloudfox, cloudsplaining, pmapper, steampipe, trivy, grype, syft, kube-hunter, kubeaudit, kubectl, docker, crane, cosign, falco, tracee, tetragon
+
+</details>
+
+<details>
+<summary><strong>OSINT (25+ tools)</strong></summary>
+
+theHarvester, sherlock, recon-ng, maltego, spiderfoot, amass, subfinder, assetfinder, findomain, massdns, puredns, shuffledns, crt.sh, shodan, censys, zoomeye, hunter.io, phonebook, dehashed, h8mail, trufflehog, gitleaks, git-secrets, gitrob, shhgit
+
+</details>
+
+### Built-in Scanners (Zero Dependencies)
+
+Don't have nmap installed? pentest-ai includes built-in scanners that work immediately:
+
+- **Port scanner** (async TCP connect)
+- **HTTP header analyzer** (missing security headers, CORS, cookies)
+- **SSL/TLS checker** (expiry, weak ciphers, deprecated protocols)
+- **Path discovery** (admin panels, backups, .env files, .git exposure)
+- **DNS enumerator** (A records, subdomain brute-force)
+- **Secret scanner** (AWS keys, GitHub tokens, JWTs, connection strings in responses)
+
+```bash
+# Works with zero external tools installed
+pentest-ai start target.example.com --scope recon
+```
+
+## Exploit Chaining
+
+Most scanners give you a list of isolated findings. pentest-ai connects them.
+
+Example: 5 medium-severity findings individually look minor. The chaining engine discovers they connect into a path from unauthenticated user to domain admin.
+
+```
+SSRF in /api/internal > Read cloud metadata > AWS keys
+  > Lateral move to staging DB > Extract AD service account creds
+    > Kerberoast > Crack hash > Domain Admin
+```
+
+Each chain is validated with a working PoC before it shows up in your report.
+
+## Architecture
+
+```
+pentest-ai/
+├── mcp_server/       # FastMCP server, exposes all tools via MCP protocol
+├── agents/           # 10 specialist Python agents
+├── tools/            # 158 tool wrappers with output parsers
+├── engine/           # Orchestrator + findings DB + built-in scanners
+├── cli/              # CLI interface (Typer + Rich)
+├── config/           # YAML config
+└── tests/            # Test suite
+```
+
+## Configuration
+
+```yaml
+# config/pentest-ai.yaml
+llm:
+  provider: openai        # or anthropic, ollama
+  model: gpt-4o
+  temperature: 0.0
+
+agent:
+  auto_chain: true
+  auto_validate_pocs: true
+  auto_generate_detections: true
+  hitl_mode: true          # Human approval before exploitation
+
+scope:
+  allowed_targets: []
+  excluded_targets: []
+  max_depth: 3
+```
+
+## MCP Tools Reference
+
+| Tool | Description |
+|------|-------------|
+| `start_engagement` | Begin a full pentest against a target |
+| `run_recon` | Reconnaissance (passive, standard, deep) |
+| `test_web_app` | Web application security testing |
+| `test_active_directory` | AD security assessment |
+| `test_cloud` | Cloud provider security audit |
+| `run_tool` | Run any of the 158 tools directly |
+| `discover_attack_chains` | Find exploit chains from existing findings |
+| `validate_finding` | Generate a safe PoC for a specific finding |
+| `generate_detection_rules` | Create Sigma/SPL/KQL rules |
+| `generate_report` | Professional report (markdown, HTML, PDF, JSON) |
+| `builtin_scan` | Run built-in scans (no external tools needed) |
+| `get_findings` | Query findings by severity, status, engagement |
+
+## Claude Code Agents
+
+Looking for the Claude Code version? **[pentest-ai-agents](https://github.com/0xSteph/pentest-ai-agents)** has 28 specialized Claude Code subagents for penetration testing. No server, no dependencies. Copy `.md` files into Claude Code and go.
+
+| | pentest-ai (this repo) | pentest-ai-agents |
+|---|---|---|
+| **Type** | MCP server + Python agents | Claude Code subagents |
+| **Works with** | Any MCP client (Claude, Cursor, Copilot, etc.) | Claude Code only |
+| **Tools** | 158 tool wrappers with output parsing | Uses whatever tools are on your system |
+| **Install** | `pip install -e .` | Copy `.md` files |
+| **Best for** | Automated assessments, CI/CD integration | Interactive pentesting, learning, CTFs |
+
+## Requirements
+
+- Python 3.10+
+- An MCP-compatible AI client (Claude Desktop, Cursor, VS Code Copilot, etc.)
+- Security tools you want to use (optional, built-in scanners work without any)
+
+## Development
+
+```bash
+git clone https://github.com/0xSteph/pentest-ai.git
+cd pentest-ai
+pip install -e ".[dev]"
+pytest tests/ -v
+```
+
+## FAQ
+
+**Does this replace manual pentesting?**
+No. It accelerates it. The agents handle recon, scanning, and correlation. You make the decisions about what to exploit and how deep to go. Human-in-the-loop is on by default.
+
+**Is my data sent to the cloud?**
+No. Everything runs locally. The only external calls are to whatever LLM provider you configure (OpenAI, Anthropic, or a local model via Ollama).
+
+**Can I add my own tools?**
+Yes. Add a `SecurityTool` entry in `tools/registry.py` with a command template and output parser. The tool is immediately available through the MCP server.
+
+**What about false positives?**
+The PoC validator generates a safe proof of concept for every finding. If the PoC fails, the finding is flagged as unconfirmed. Only validated findings appear in the final report.
+
+## For Teams: pentest-ai Enterprise
+
+pentest-ai is fully open source. Every feature runs locally, no auth required. If you're an individual or a small team comfortable with the CLI, you're done — you have everything.
+
+**pentest-ai Enterprise** ($499/mo) is a hosted dashboard for security teams, MSSPs, and consultancies that need:
+
+- Shared team workspace with role-based access (Owner, Admin, Member)
+- SSO / OIDC (Okta, Azure AD, Google Workspace)
+- Compliance mapping (SOC 2, ISO 27001, PCI DSS, HIPAA, NIST)
+- Audit logs for regulated environments
+- Scheduled and recurring scans
+- Executive and technical PDF reports
+- MITRE ATT&CK coverage dashboards
+- Attack surface monitoring
+- Integrations (Jira, Slack, GitHub, Teams)
+- White-label branding
+
+Everything the CLI does is free forever. Enterprise exists for teams that need to collaborate at scale.
+
+[Start a trial at app.pentestai.xyz](https://app.pentestai.xyz) · [Contact sales](mailto:sales@pentestai.xyz)
+
+## Legal
+
+This tool is for **authorized security testing only**. Always get written permission before testing any system you don't own. See [LICENSE](LICENSE) for the MIT license.
+
+---
+
+<p align="center">
+  Built by <a href="https://github.com/0xSteph">0xSteph</a> &middot;
+  <a href="https://pentestai.xyz">pentestai.xyz</a> &middot;
+  <a href="https://github.com/0xSteph/pentest-ai-agents">Claude Code Agents</a>
+</p>