Pentest Swarm AI is an autonomous penetration testing CLI built on a real swarm architecture — not a pipeline pretending to be one. By the end of this guide you will haveDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Armur-Ai/Pentest-Swarm-AI/llms.txt
Use this file to discover all available pages before exploring further.
pentestswarm installed, an API key configured, and a live scan running against an authorized target. The whole process takes under five minutes.
Authorization is required. You must have explicit written permission from the system owner before scanning any target. Unauthorized use of this tool violates the Computer Fraud and Abuse Act, the Computer Misuse Act, and equivalent laws worldwide. The authors accept no liability for misuse.
Homebrew (macOS)
brew upgrade. Docker
No local installation needed — pull and run in a single command:The Docker image ships with all 15 security tools pre-installed, so you can skip the prerequisites section entirely.
go install
main. Requires Go 1.24 or later. Make sure $(go env GOPATH)/bin is on your PATH.init prompts for your Claude API key, stores it in the OS native keychain (macOS Keychain, Linux Secret Service, or Windows Credential Manager), probes your system for security tools, and writes a starter ~/.pentestswarm/config.yaml. It is safe to re-run at any time.export PENTESTSWARM_ORCHESTRATOR_API_KEY=sk-ant-your-key-here
# or the short form that Claude tooling recognises:
export ANTHROPIC_API_KEY=sk-ant-your-key-here
The environment variable takes precedence over the keychain, so it is the right choice for automated pipelines.
--swarm activates the stigmergic scheduler — agents coordinate through a shared blackboard instead of running in a fixed sequence. --follow streams live agent events to the terminal as they happen.
██████ ██ ██ █████ ██████ ███ ███
██ ██ ██ ██ ██ ██ ██ ████ ████
███████ ██ █ ██ ███████ ██████ ██ ████ ██
██ ██ ███ ██ ██ ██ ██ ██ ██ ██ ██
███████ ███ ███ ██ ██ ██ ██ ██ ██
Pentest Swarm AI — swarms of agents, one mission
Target: example.com
Scope: example.com
Objective: find all vulnerabilities
Mode: manual
Provider: claude
─────────────────────────────────────────────────────
14:02:01 [think] enumerating subdomains for example.com
14:02:03 [>>] subfinder -d example.com
14:02:07 [<<] found 12 subdomains
14:02:07 [think] probing live hosts with httpx
14:02:09 [>>] httpx -l subdomains.txt -threads 50
14:02:14 [<<] 8 live hosts identified
14:02:14 [!] CVE-2024-XXXX matched on api.example.com:443
...
[DONE] Campaign complete.
The output shows every planned tool invocation and LLM decision step. Nothing touches the network.
Add
--estimate to print the expected LLM spend in USD and exit before any scanning begins. This works even without a valid API key: [estimate] target class: medium
[estimate] model: claude-sonnet-4-6
[estimate] expected LLM spend: $0.18 – $0.54
(No packets sent. Remove --estimate to run the scan.)
Reports are written to
./reports/ by default (override with --output <dir>). The default format is Markdown; use --format to change it:# Markdown (default)
pentestswarm scan example.com --scope example.com --format md
# HTML report
pentestswarm scan example.com --scope example.com --format html
# Machine-readable JSON
pentestswarm scan example.com --scope example.com --format json
# SARIF (for GitHub Code Scanning / CI)
pentestswarm scan example.com --scope example.com --format sarif
# All formats at once
pentestswarm scan example.com --scope example.com --format all
Installation
Detailed install instructions for every platform, including prerequisites and the
pentestswarm doctor health check.Configuration
Configure API keys, LLM providers, per-agent model overrides, scope enforcement, and integrations.
scan reference
Full reference for every flag accepted by
pentestswarm scan, including swarm vs. sequential mode.Bug Bounty guide
Run pentestswarm against a HackerOne or Bugcrowd program with the right scope, mode, and submission settings.