Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Armur-Ai/Pentest-Swarm-AI/llms.txt

Use this file to discover all available pages before exploring further.

Pentest Swarm AI is an open-source autonomous penetration testing framework built around a true swarm architecture. Unlike pipeline-based tools that dispatch agents in a fixed order, Pentest Swarm AI uses a stigmergic blackboard: agents coordinate by reading and writing findings to shared state, allowing attack chains to emerge naturally without a central planner. One command, one API key, and the swarm handles the rest.

Quickstart

Run your first autonomous pentest scan in under 5 minutes with a single command.

Installation

Install via Homebrew, Docker, or Go — pick the method that fits your workflow.

CLI Reference

Every command, subcommand, and flag documented with real examples and defaults.

Swarm Architecture

Understand how the stigmergic blackboard and pheromone system coordinate agents.

What makes this a swarm?

Most “multi-agent” security tools are pipelines: a planner dispatches to specialists in a fixed sequence. Pentest Swarm AI is built differently:

Stigmergy

Agents coordinate through a shared blackboard, not a central orchestrator. Findings carry pheromone weights that guide other agents toward high-value targets.

Emergence

Attack chains appear that no single agent planned. A recon finding triggers the classifier; a high-severity classification wakes the exploit agent automatically.

Decentralization

Each agent runs its own trigger predicate. Add a new agent with its own predicate and it joins the swarm without rewriting the orchestrator.

Get started in three steps

1

Install pentestswarm

Install via Homebrew on macOS, pull the Docker image, or use go install for the latest build.
brew install Armur-Ai/tap/pentestswarm
2

Set your API key

Run pentestswarm init to store your Claude API key in the OS keychain, or export it as an environment variable.
export PENTESTSWARM_ORCHESTRATOR_API_KEY=sk-ant-your-key-here
3

Launch the swarm

Point the swarm at a target you have authorization to test. The --scope flag enforces boundaries — it is validated at every tool execution.
pentestswarm scan example.com --scope example.com --swarm --follow

Explore the documentation

Bug Bounty Guide

Import scope from HackerOne, Bugcrowd, or Intigriti and generate platform-ready submission reports.

GitHub Actions

Run automated security scans in CI with SARIF output that lands in the GitHub Security tab.

Playbooks

Use and author YAML playbooks for OWASP Top 10, bug bounty, ASM, and CTF scenarios.

MCP Integration

Connect pentestswarm as an MCP server to Claude Desktop or Cursor for AI-assisted pentesting.

Security Hardening

Four-layer defense against memory-injection attacks: pheromone clamping, Ed25519 provenance, and more.

Deployment

Deploy with Docker Compose, configure Postgres and Redis, and run in production environments.
Pentest Swarm AI is designed exclusively for authorized security testing, bug bounty programs, CTF competitions, and educational research. You must have explicit written permission from the target system owner before running any scan. See the legal notice for full details.

Build docs developers (and LLMs) love

Get started for freeTalk to us