Navigation: Home > Getting Started
This guide will help you set up and run your first penetration test with PentestAgent in under 15 minutes.
Minimum:
- 8GB RAM
- 10GB free disk space (for Docker image)
- Internet connection (for initial setup and API calls)
Recommended:
- 16GB+ RAM (for better performance)
- SSD storage
- Stable internet connection
PentestAgent works on:
- macOS (M1/M2/M3 ARM64 and Intel)
- Linux (Ubuntu, Debian, Arch, etc.)
- Windows (via WSL2 or Docker Desktop)
For Docker (Recommended):
- Docker Desktop installed (download here)
- Docker running with at least 4GB memory allocation
For Local Installation:
- Python 3.10+ installed
- pip package manager
- Git
Docker is the easiest and most complete way to run PentestAgent. The Kali Docker image includes all penetration testing tools pre-installed.
docker pull ghcr.io/ldesignlab/pentestagent:kali-arm64Intel/AMD (amd64): build locally with docker compose --profile kali build (see Docker Setup).
What you get:
- ✅ All Kali pentesting tools (nmap, metasploit, sqlmap, hydra, gobuster, nikto, etc.)
- ✅ PentestAgent with all dependencies
- ✅ RAG knowledge base (54 security documents)
- ✅ Prebuilt ARM64 image; build locally for amd64
Image size: ~10-11 GB uncompressed
docker images | grep ldesignlab/pentestagentYou should see:
ghcr.io/ldesignlab/pentestagent kali-arm64 <image-id> <size>
Success! You're ready to configure authentication.
PentestAgent requires an LLM provider. Choose the option that best fits your needs:
Need completely free option?
├─ YES → Use Option D (LM Studio - local models)
└─ NO ↓
Have Claude Max/Pro subscription?
├─ YES → Use Option A (OAuth - no API costs)
└─ NO ↓
Need production reliability?
├─ YES → Use Option B (Claude API - paid but reliable)
└─ NO → Use Option C (OpenAI API)
Best for: Development, testing, most pentesting tasks
Cost: Free (included with Claude Max/Pro subscription)
Limitations: Rate limits, no extended thinking
# Install Claude Code CLI
npm install -g @anthropic-ai/claude-code
# Authenticate
claude setup-tokenCreate .env file in your project directory:
CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-...
PENTESTAGENT_MODEL=claude-sonnet-4-20250514Best for: Production pentesting, long engagements
Cost: Pay-per-use (see Anthropic pricing)
Benefits: Higher rate limits, extended thinking support
- Go to console.anthropic.com
- Sign up or log in
- Navigate to API Keys
- Create a new key
Create .env:
ANTHROPIC_API_KEY=sk-ant-...
PENTESTAGENT_MODEL=claude-sonnet-4-20250514Best for: Testing OpenAI models
Cost: Pay-per-use (see OpenAI pricing)
- Go to platform.openai.com
- Sign up or log in
- Navigate to API Keys
- Create a new key
Create .env:
OPENAI_API_KEY=sk-...
PENTESTAGENT_MODEL=gpt-5Best for: Complete privacy, no API costs, offline testing
Cost: Free
Requirements: 16GB+ RAM, GPU recommended
- Download LM Studio
- Install and open LM Studio
- Download a model (recommended: bytedance/seed-oss-36b or similar)
- Start the local server (Settings → Server → Start)
Create .env:
LMSTUDIO_ENABLED=true
LMSTUDIO_BASE_URL=http://localhost:1234/v1
LMSTUDIO_MODEL=your-model-name
PENTESTAGENT_EMBEDDINGS=local # Use local embeddingsFor Docker: Use http://host.docker.internal:1234/v1 as the base URL.
See also: Complete LM Studio Setup Guide
Now let's run your first penetration test!
docker run -it --rm \
--privileged \
--cap-add=NET_ADMIN \
--cap-add=NET_RAW \
--network host \
-v "$(pwd)/loot:/app/loot" \
-v "$(pwd)/output:/app/output" \
-e CLAUDE_CODE_OAUTH_TOKEN="$(grep CLAUDE_CODE_OAUTH_TOKEN .env | cut -d= -f2)" \
-e PENTESTAGENT_MODEL="claude-sonnet-4-20250514" \
ghcr.io/ldesignlab/pentestagent:kali-arm64This launches the Terminal UI (TUI) with real-time tool execution visibility.
Once in the TUI, try this command:
/agent scan localhost for open ports
What happens:
- Agent analyzes your request
- Selects appropriate tools (nmap)
- Executes the scan
- Interprets results
- Saves findings to
loot/notes.json
Press F1 to switch to notes view and see your findings.
# Activate virtual environment (if not already)
source venv/bin/activate # Linux/macOS
.\venv\Scripts\Activate.ps1 # Launch TUI
pentestagent
# Or launch with target
pentestagent -t 192.168.1.1Then run the same /agent scan localhost for open ports command.
After running a test, check these locations:
1. Notes Database: loot/notes.json
- Structured findings
- Categories: credential, vulnerability, finding, artifact
- Searchable and filterable
2. Logs: loot/logs/<timestamp>/
- Debug logs
- Tool execution traces
- Error messages
3. Reports: loot/reports/ (if report generation enabled)
- Markdown reports
- Auto-generated summaries
Keyboard shortcuts:
F1- Toggle notes panelF2- Toggle tool execution sidebarF3- Toggle helpCtrl+C- Exit
Notes View Features:
- Filter by category
- Sort by severity
- Export to markdown
- Search by keywords
# View all notes
pentestagent notes
# Filter by category
pentestagent notes --category vulnerability
# Export to markdown
pentestagent notes --export report.md{
"timestamp": "2026-01-01T12:00:00",
"category": "vulnerability",
"description": "Open SSH port detected on 192.168.1.100",
"details": {
"port": 22,
"service": "ssh",
"version": "OpenSSH 7.4",
"severity": "info"
}
}Congratulations! You've successfully run your first PentestAgent scan. Here's what to explore next:
Assist Mode (Interactive chat):
/assist how do I test for SQL injection?
Agent Mode (Autonomous execution):
/agent enumerate web directories on example.com
Crew Mode (Multi-agent orchestration):
/crew perform complete web app pentest on example.com
Learn more: Modes Guide
Playbooks provide structured, multi-phase pentesting workflows:
Available playbooks:
thp3_recon- Complete reconnaissancethp3_web- Web application testingthp3_network- Network penetration testing
Usage:
pentestagent run -t example.com --playbook thp3_webLearn more: Playbooks Guide
Extended Thinking (deeper reasoning):
# Add to .env
PENTESTAGENT_EXTENDED_THINKING=trueWeb Search (live CVE lookups):
# Add to .env
TAVILY_API_KEY=tvly-xxx...MCP Integration (30+ tool servers):
# See pentestagent/mcp/docker_defaults.json- Docker Setup Guide - Advanced Docker configuration
- Environment Variables - Complete env var reference
- Performance Tuning - Token optimization
- GitHub Issues: Report bugs or request features
- Discussions: Ask questions
- Contributing: Developer Guide
Solution:
# Or on Linux:
sudo systemctl start dockerSolution: Double-check your .env file exists and contains the correct variables for your chosen auth method.
Solution:
# Make sure virtual environment is activated
source venv/bin/activate # Linux/macOS
.\venv\Scripts\Activate.ps1 # WindowsSolution:
# Create loot directory with correct permissions
mkdir -p loot output
chmod 777 loot output # Or use your user's permissionsCommon Commands:
# Launch TUI
pentestagent
# Run with target
pentestagent -t <target>
# Run playbook
pentestagent run -t <target> --playbook <name>
# View notes
pentestagent notes
# Get help
pentestagent --helpTUI Commands:
/agent <task> - Run autonomous agent
/crew <task> - Run multi-agent crew
/assist <question> - Ask for help
/target <ip/url> - Set target
/tools - List available tools
/notes - View findings
/clear - Clear screen
/exit - Exit TUI
See also: Quick Reference Guide
- Troubleshooting: Common issues and solutions
- Documentation: Full documentation index
- Support: GitHub Issues
🎉 You're ready to start pentesting with AI!
Return to README | Continue to Quick Reference