vxcontrol / pentagi

vxcontrol / pentagi

PentAGI Penetration testing Artificial General Intelligence PentAGI 渗透测试通用人工智能

Join the Community! Connect with security researchers, AI enthusiasts, and fellow ethical hackers. Get support, share insights, and stay updated with the latest PentAGI developments. 加入我们的社区!与安全研究人员、AI 爱好者以及志同道合的白帽黑客建立联系。获取支持、分享见解,并随时掌握 PentAGI 的最新动态。


Table of Contents

目录

Overview, Features, Architecture, Agent Supervision, Quick Start, How to Use PentAGI After Login, API Access, LLM Provider Configuration (Ollama, OpenAI, Anthropic, Google AI (Gemini), AWS Bedrock, DeepSeek, GLM, Kimi, Qwen), Advanced Setup, Langfuse Integration, Monitoring and Observability, Knowledge Graph (Graphiti), OAuth Integration, Docker Image Configuration, Development, Testing LLM Agents, Embedding Configuration and Testing, Function Testing with ftester, Building, Credits, License. 概述、功能特性、架构、智能体监督、快速入门、登录后的使用方法、API 访问、大模型(LLM)提供商配置(Ollama、OpenAI、Anthropic、Google AI (Gemini)、AWS Bedrock、DeepSeek、GLM、Kimi、Qwen)、高级设置、Langfuse 集成、监控与可观测性、知识图谱 (Graphiti)、OAuth 集成、Docker 镜像配置、开发、测试 LLM 智能体、嵌入(Embedding)配置与测试、使用 ftester 进行功能测试、构建、致谢、许可证。


Overview

概述

PentAGI is an innovative tool for automated security testing that leverages cutting-edge artificial intelligence technologies. The project is designed for information security professionals, researchers, and enthusiasts who need a powerful and flexible solution for conducting penetration tests. PentAGI 是一款利用前沿人工智能技术的创新型自动化安全测试工具。该项目专为需要强大且灵活的渗透测试解决方案的信息安全专业人员、研究人员和爱好者而设计。


Features

功能特性

  • Secure & Isolated. All operations are performed in a sandboxed Docker environment with complete isolation. 安全与隔离。 所有操作均在完全隔离的沙箱 Docker 环境中执行。
  • Fully Autonomous. AI-powered agent that automatically determines and executes penetration testing steps with optional execution monitoring and intelligent task planning for enhanced reliability. 全自主化。 基于 AI 的智能体可自动确定并执行渗透测试步骤,并提供可选的执行监控和智能任务规划,以提高可靠性。
  • Professional Pentesting Tools. Built-in suite of 20+ professional security tools including nmap, metasploit, sqlmap, and more. 专业渗透测试工具。 内置 20 多种专业安全工具套件,包括 nmap、metasploit、sqlmap 等。
  • Smart Memory System. Long-term storage of research results and successful approaches for future use. 智能记忆系统。 对研究结果和成功方案进行长期存储,以供未来使用。
  • Knowledge Graph Integration. Graphiti-powered knowledge graph using Neo4j for semantic relationship tracking and advanced context understanding. 知识图谱集成。 使用 Neo4j 的 Graphiti 知识图谱,用于语义关系追踪和高级上下文理解。
  • Web Intelligence. Built-in browser via scraper for gathering latest information from web sources. 网络情报。 通过爬虫内置浏览器,从网络资源中收集最新信息。
  • External Search Systems. Integration with advanced search APIs including Tavily, Traversaal, Perplexity, DuckDuckGo, Google Custom Search, Sploitus Search and Searxng for comprehensive information gathering. 外部搜索系统。 集成 Tavily、Traversaal、Perplexity、DuckDuckGo、Google 自定义搜索、Sploitus Search 和 Searxng 等高级搜索 API,实现全面的信息收集。
  • Team of Specialists. Delegation system with specialized AI agents for research, development, and infrastructure tasks, enhanced with optional execution monitoring and intelligent task planning for optimal performance with smaller models. 专家团队。 具备任务委派系统,拥有针对研究、开发和基础设施任务的专业 AI 智能体,并辅以可选的执行监控和智能任务规划,即使在较小模型下也能实现最佳性能。
  • Comprehensive Monitoring. Detailed logging and integration with Grafana/Prometheus for real-time system observation. 全面监控。 提供详细的日志记录,并集成 Grafana/Prometheus 以实现实时系统观测。
  • Detailed Reporting. Generation of thorough vulnerability reports with exploitation guides. 详细报告。 生成包含利用指南的详尽漏洞报告。
  • Smart Container Management. Automatic Docker image selection based on specific task requirements. 智能容器管理。 根据特定任务需求自动选择 Docker 镜像。
  • Modern Interface. Clean and intuitive web UI for system management and monitoring. 现代化界面。 简洁直观的 Web UI,用于系统管理和监控。
  • Comprehensive APIs. Full-featured REST and GraphQL APIs with Bearer token authentication for automation and integration. 全面 API。 功能齐全的 REST 和 GraphQL API,支持 Bearer token 认证,便于自动化和集成。
  • Persistent Storage. All commands and outputs are stored in PostgreSQL with pgvector extension. 持久化存储。 所有命令和输出均存储在带有 pgvector 扩展的 PostgreSQL 中。
  • Scalable Architecture. Microservices-based design supporting horizontal scaling. 可扩展架构。 基于微服务的设计,支持水平扩展。
  • Self-Hosted Solution. Complete control over your deployment and data. 自托管方案。 完全掌控您的部署和数据。
  • Flexible Authentication. Support for 10+ LLM providers (OpenAI, Anthropic, Google AI/Gemini, AWS Bedrock, Ollama, DeepSeek, GLM, Kimi, Qwen, Custom) plus aggregators (OpenRouter, DeepInfra). 灵活的认证。 支持 10 多种 LLM 提供商(OpenAI、Anthropic、Google AI/Gemini、AWS Bedrock、Ollama、DeepSeek、GLM、Kimi、Qwen、自定义)以及聚合器(OpenRouter、DeepInfra)。

Current Capability Boundaries

当前能力边界

PentAGI today is an autonomous and assistant-guided penetration testing platform, not a CALDERA-style Breach and Attack Simulation (BAS) or adversary emulation product with predefined campaigns or attack plans. 目前的 PentAGI 是一个自主且由助手引导的渗透测试平台,而非 CALDERA 风格的入侵与攻击模拟 (BAS) 或具有预定义活动/攻击计划的对手模拟产品。

BAS-like agent-authored attack scripts should be treated as conceptual or future work, not as a feature that is implemented today. 类 BAS 的智能体编写攻击脚本应被视为概念性或未来工作,而非当前已实现的功能。