Disclosure: I work on Darkmoon, one entry in this list. This is a neutral survey of the open source AI pentest field, not a ranking, so you can pick what fits your scope.
The assistants
PentestGPT (GreyDGL) and Nebula (berylliumsec) put an LLM next to the operator for recon, reasoning and notes. Great for learning and augmenting a human.
The autonomous agents
Strix, PentAGI, Shannon and CAI push toward autonomy on the application or source layer, each with a different focus and license.
The MCP and multi surface tools
HexStrike exposes 150 plus tools over MCP. Darkmoon runs an MCP host across web, cloud, AD, Kubernetes and internal networks with playbooks and an evidence trail.
How to read the field
There is no single winner. Match the tool to your scope, your license needs and whether you want an assistant, an agent or an orchestrator.
Try it
Star and try the ones that fit your work. Corrections to this survey are welcome.
- Repo (GPLv3): https://github.com/ASCIT31/Dark-Moon
- Docs: https://docs.dark-moon.org/
- Demo: https://youtu.be/1bFRVuMkZzY
Built by pentesters, open sourced for pentesters. Feedback on the methodology and the evidence trail is genuinely welcome.
Top comments (0)