Web Penetration Testing - Support tools
Introduction
This page is built for penetration testers that would like to use AI tools in their penetration testing activities.
Tools
List of tools to support Web Penetration Testing activities:
Open Source
| Date | Repo | Description | Stars | Watchers | Link |
|---|---|---|---|---|---|
| N/A | Auto-Pentest-GPT-AI | No description | ⭐ 0 | 👁️ 0 | Auto-Pentest-GPT-AI |
| 2026-04-03 | AI-Infra-Guard | A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation. | ⭐ 3392 | 👁️ 27 | AI-Infra-Guard |
| 2026-04-02 | pentagi | Fully autonomous AI Agents system capable of performing complex penetration testing tasks | ⭐ 14083 | 👁️ 106 | pentagi |
| 2026-04-01 | strix | Open-source AI hackers to find and fix your app’s vulnerabilities. | ⭐ 23124 | 👁️ 124 | strix |
| 2026-04-01 | nebula | AI-powered penetration testing assistant for automating recon, note-taking, and vulnerability analysis. | ⭐ 921 | 👁️ 16 | nebula |
| 2026-03-25 | pentestagent | PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows. | ⭐ 1847 | 👁️ 20 | pentestagent |
| 2026-03-24 | reaper | Live validation proxy tool for testing web app vulnerabilities | ⭐ 832 | 👁️ 23 | reaper |
| 2026-03-10 | mcp-security-hub | A growing collection of MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei, SQLMap, Hashcat and more. | ⭐ 504 | 👁️ 5 | mcp-security-hub |
| 2026-03-06 | hexstrike-ai | HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities. | ⭐ 7859 | 👁️ 146 | hexstrike-ai |
| 2026-01-02 | PentestGPT | Automated Penetration Testing Agentic Framework Powered by Large Language Models | ⭐ 12387 | 👁️ 273 | PentestGPT |
| 2025-08-27 | HackingBuddyGPT | Helping Ethical Hackers use LLMs in 50 Lines of Code or less.. | ⭐ 1017 | 👁️ 19 | HackingBuddyGPT |
| 2025-07-31 | AISA-Scanner | AISA-Scanner is an AI-powered autonomous vulnerability scanner that maps CVEs to metasploit exploits, MITRE, CEH, and SANS, delivering intelligent, real-time risk reports. | ⭐ 35 | 👁️ 1 | AISA-Scanner |
| 2022-02-15 | AutoPentest-DRL | AutoPentest-DRL: Automated Penetration Testing Using Deep Reinforcement Learning | ⭐ 428 | 👁️ 9 | AutoPentest-DRL |
| 2021-06-29 | GyoiThon | GyoiThon is a growing penetration test tool using Machine Learning. | ⭐ 815 | 👁️ 65 | GyoiThon |
Commercial
| Company | Tool | Description | Country (Origin) | Major Shareholder Country | Link |
|---|---|---|---|---|---|
| Aikido Security | Attack (AI Pentesting) | Autonomous AI-powered penetration testing that discovers, exploits, and validates vulnerabilities across web apps/APIs with audit-ready reports in hours. | USA | USA | https://www.aikido.dev/attack/aipentest |
| Penti AI | AI Pentesting Software | AI-driven pentest platform that combines agentic AI vulnerability detection with human expert validation and compliance-ready reporting. | USA | USA | https://www.pentiai.com/features/ai-pentesting |
| Penligent | Agentic AI Hacker | AI-powered pentest agent with autonomy, CVE exploitation, customizable workflows, and compliance-focused reporting for offensive security teams. | USA | USA | https://www.penligent.ai/ |
| Zerod | PentAI | Autonomous AI pentesting platform that runs deep scans on web apps and APIs with multi-agent detection and prioritized actionable insights. | USA | USA | https://www.zerod.io/solutions/pentai |