Playbooks are YAML files that define structured, multi-phase attack campaigns. Each playbook names a sequence of phases, the security tools that run in each phase, the options passed to those tools, and aDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Armur-Ai/Pentest-Swarm-AI/llms.txt
Use this file to discover all available pages before exploring further.
post_analysis prompt that instructs the LLM how to interpret the tool output. The PlaybookRunner translates the playbook into a campaign objective and hands it to the swarm engine for execution.
Built-in playbooks
Seven playbooks ship with Pentest Swarm AI, covering the most common engagement types:| Playbook | Tags | Description |
|---|---|---|
bug-bounty | bug-bounty, external, web, recon, active | End-to-end bug bounty swarm: subdomain enumeration → web surface mapping → nuclei scan → SQLi/SSRF/IDOR escalation. Dedup-ready output for HackerOne and Bugcrowd. |
owasp-top10 | web, owasp, comprehensive | Comprehensive web assessment covering all OWASP Top 10 categories: injection, auth, access control, misconfig, and vulnerable components. |
external-asm | asm, external, monitoring, passive-first | Scheduled ASM playbook for cron use. Passive OSINT first, then DNS resolution, port and service fingerprinting, web fingerprinting, and a critical/high-only vuln sweep. |
ci-cd-security | ci, cd, sast, secrets, sbom, sarif | Source-side security for CI: gitleaks + trufflehog secret scanning, semgrep SAST, dependency audit. Emits SARIF; zero network traffic to production. |
internal-network | internal, network, authorized-only, high-risk | Authorized internal network pentest: CIDR sweep → service enumeration → optional Metasploit post-exploitation. Requires a signed scope file; cleanup always registered. |
ctf-solver | ctf, htb, thm, benchmark, autonomous | Autonomous CTF machine solver: enumerate → initial foothold → privilege escalation → flag collection → writeup. Retired machines only by default. |
api-security | api, rest, graphql | Focused REST and GraphQL API assessment: endpoint discovery via katana and gau, then nuclei checks for broken auth, BOLA/IDOR, mass assignment, and excessive data exposure. |
Running a playbook
./playbooks/ directory) or a direct file path, and supply --target. The runner resolves variable defaults, builds a campaign objective from the phase names and post_analysis prompts, and starts the campaign engine:
Playbook YAML structure
The complete schema, derived frominternal/plugins/types.go:
Variable type rules
| Type | Accepted values |
|---|---|
string | Any text |
int | Whole numbers |
bool | true or false |
list | Comma-separated string or YAML list |
secret | String; value is redacted from logs |
/^[a-z][a-z0-9_]*$/. A variable declared required: true with a non-empty default produces a validation warning — pick one.
OWASP Top 10 playbook — full example
Authoring your own playbook
Open the generated file in your editor. Define your phases, tools, and
post_analysis prompts. Reference declared variables with {{ variable_name }} syntax in tool options:name: My GraphQL Playbook
description: Targets GraphQL APIs for common misconfigurations.
author:
name: Your Name
github: your-handle
version: 0.1.0
tags: [graphql, api, web]
variables:
target_domain:
type: string
required: true
endpoint_path:
type: string
default: /graphql
phases:
- name: discovery
tools:
- name: httpx
options: { follow_redirects: true }
- name: katana
options: { depth: 2 }
post_analysis: |
Identify GraphQL endpoints. Look for /graphql, /api/graphql,
/v1/graphql, and GraphQL playground paths.
- name: graphql_audit
tools:
- name: nuclei
options:
templates: "graphql/"
post_analysis: |
Check for introspection enabled, mutations exposed without auth,
and batch query abuse potential.
name is presentversion is semver-like (warning only)author.name is set (warning if missing)/^[a-z][a-z0-9_]*$/string | int | bool | list | secret{{ foo }}) in tool options are declared in the variables block ✗ variable "MyVar": name must match /^[a-z][a-z0-9_]*$/
⚠ author.name is empty — unowned playbooks are hard to maintain
⚠ phase[1] ("graphql_audit").tools[0]: tool "graphql-scanner" is not known to this binary
Available tool names for playbook phases
These are the tool names the current binary recognises in phasetools[].name:
| Tool | What it does |
|---|---|
subfinder | Passive subdomain discovery via DNS sources and APIs |
amass | Deeper OSINT and ASM subdomain discovery; passive mode by default |
httpx | HTTP probing: status codes, tech detection, TLS info, response bodies |
nuclei | Template-based vulnerability scanning (ProjectDiscovery templates) |
naabu | Fast port scanning with rate control |
katana | JavaScript-aware web crawler and endpoint discovery |
dnsx | DNS resolution, reverse lookups, A/AAAA/CNAME enumeration |
gau | Fetch known URLs from Wayback Machine and Common Crawl |
nmap | Network port scanning and service/version fingerprinting |
ffuf | Content discovery and parameter fuzzing with FUZZ keyword |
gobuster | Directory and DNS enumeration |
sqlmap | Automated SQL injection detection and exploitation |
semgrep | Static analysis — SAST and supply-chain audit |
gitleaks | Secret scanning in git history |
trufflehog | Verified secret detection in commits and file systems |
metasploit, dalfox) generate a validation warning but are not rejected — they may be custom tool definitions loaded from your plugins/ directory at runtime.
Bug Bounty
See the bug-bounty playbook in action with scope imports and dedup.
ASM
Run the external-asm playbook on a schedule for continuous monitoring.
GitHub Actions
Execute playbooks inside CI with SARIF output and severity thresholds.
CTF Mode
Use the ctf-solver playbook to autonomously solve HackTheBox machines.