Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Armur-Ai/Pentest-Swarm-AI/llms.txt

Use this file to discover all available pages before exploring further.

Pentest Swarm AI is a tool built for authorized security testing. Before running a scan against any system, you must have explicit written permission from the system’s owner — or an unambiguous grant of authorization such as an active bug bounty program scope or a CTF machine you have registered access to. The tool’s scope enforcement is technical; the authorization requirement is legal. No configuration option, flag, or source modification changes the law.
Legal Disclaimer: Pentest Swarm AI is designed exclusively for authorized security testing, bug bounty programs, CTF competitions, and educational research. You must obtain explicit written permission from the target system owner before running any scan. Unauthorized access to computer systems is illegal under the Computer Fraud and Abuse Act (CFAA), the Computer Misuse Act, and equivalent laws worldwide. The authors and contributors of this project accept no liability for misuse, damage, or any illegal activity conducted with this tool. By using this software, you agree that you are solely responsible for ensuring your use complies with all applicable laws and regulations. Do not use this tool against systems you do not own or have explicit authorization to test.

Authorization Requirement

Authorization is the single most important prerequisite for running a pentest swarm campaign. The following situations constitute authorized use:
A written document — email, contract, or signed scope agreement — that explicitly names the target systems and the types of testing permitted. This is the baseline requirement for professional engagements. Keep a copy accessible before running any campaign.
Programs on HackerOne, Bugcrowd, Intigriti, or equivalent platforms publish explicit scope definitions listing which domains, IP ranges, and applications are in scope. Scanning assets listed as in scope in an active program constitutes authorization. Scanning assets listed as out of scope — even within the same organization — does not.The tool’s --scope flag enforces this boundary at the tool layer and at the executor. Passing a scope that matches the program’s in-scope assets is the correct usage pattern.
Capture-the-flag platforms (Hack The Box, TryHackMe, PicoCTF, etc.) grant explicit authorization to attack machines as part of the challenge. Your registration and the platform’s terms of service constitute authorization for those specific machines.
Your own servers, VMs, cloud accounts, and lab environments. Self-hosted systems where you are the legal operator do not require external authorization — but be careful about shared hosting, managed services, and cloud providers’ acceptable-use policies, which may impose additional constraints even on your own resources.
Situations that do not constitute authorization:
  • Believing a system is insecure or poorly defended
  • Wanting to demonstrate a vulnerability to a vendor without prior engagement
  • Running a scan “just to see” on a domain that looks interesting
  • Having previously had authorized access that has since expired
  • A verbal or informal indication that testing would be welcome

AGPL-3.0 License

Pentest Swarm AI is released under the GNU Affero General Public License v3.0 (AGPL-3.0). The AGPL was chosen specifically to close the SaaS-fork loophole: anyone who improves this tool and offers it commercially as a network service must share their modifications with the community under the same license terms. The project was made open source; the license keeps it open source as it scales.
Use casePermitted?Obligation
Run on your own infrastructure (CI, laptop, internal red team)✅ YesNone
Use on authorized bug-bounty programs or professional pentests✅ YesNone
Fork for private experiments✅ YesNone
Distribute a modified binary✅ YesShare your modifications under AGPL-3.0
Run a modified version as a paid SaaS or network service✅ YesShare your modifications under AGPL-3.0
The AGPL’s network-use clause (§13) is the critical difference from GPL: if you modify Pentest Swarm AI and run the modified version as a service that others interact with over a network, you must make the corresponding source code available to those users. This applies even if you never distribute a binary. The full license text is available at github.com/Armur-Ai/Pentest-Swarm-AI/blob/main/LICENSE.

Scope Enforcement

The --scope flag is the technical implementation of your authorization boundary. It is enforced at two independent layers so that no single code path can bypass it: Tool layerscope.Validate(target, scope) is called before any security tool (subfinder, httpx, nuclei, naabu, katana, nmap, etc.) executes against a host. It validates IPs against allowed CIDRs (with exclusion support), and domains against an allowlist (with wildcard and subdomain matching). Executor layerscope.ValidateCommand(cmd, scope) scans the full command string with a pattern that extracts every IP address and domain-like string, then validates each against the scope before the command runs. This catches cases where a tool would construct a target URL dynamically. 
// internal/scope/validator.go

// ValidateCommand extracts all IPs and domains from a command string and
// validates each against the scope. Returns ErrScopeViolation if any
// target is out of scope. This is called before every command execution —
// no exceptions.
func ValidateCommand(cmd string, scope ScopeDefinition) error {
    matches := ipAndDomainPattern.FindAllString(cmd, -1)
    for _, match := range matches {
        if isCommonNonTarget(match) {
            continue
        }
        if err := Validate(match, scope); err != nil {
            return fmt.Errorf("command contains out-of-scope target: %w", err)
        }
    }
    return nil
}
scope.enforce_strict is hardcoded to true in the configuration schema and cannot be disabled via config file, environment variable, or CLI flag. This is an intentional safety constraint documented explicitly in config.example.yaml: ALWAYS true — cannot be disabled. Safety constraint.
Scope enforcement is a defense-in-depth measure — it reduces the blast radius of a misconfigured campaign, but it is not a substitute for obtaining proper authorization before you start.

Responsible Disclosure

If you discover a security vulnerability in Pentest Swarm AI itself — not in a target system, but in the tool’s own code — follow responsible disclosure:
  1. Do not open a public GitHub issue. Public disclosure before a patch is available gives attackers information that can be used against other users of the tool.
  2. Email the security inbox listed in SECURITY.md in the repository root, or open a private GitHub Security Advisory via the repository’s Security tab.
  3. Include a reproducible proof-of-concept, the affected version, and your proposed severity assessment. The maintainers aim to acknowledge reports within one business day and to publish a patch within 90 days for critical issues.
  4. Dependencies — vulnerabilities in upstream packages used by Pentest Swarm AI should be reported through the same channel. The maintainers will coordinate disclosure with the relevant upstream project.
From CONTRIBUTING.md:
Don’t open a public issue. Email the security inbox listed in SECURITY.md, or open a private GitHub Security Advisory. Same applies to vulnerabilities in dependencies.
If your use case isn’t clearly covered by the authorization scenarios above or by the license table, open an issue on GitHub and ask. The maintainers would rather answer a question about permitted use than discover an unauthorized use after the fact. See github.com/Armur-Ai/Pentest-Swarm-AI/issues.

Hardening

Four-layer defense against MINJA and MemoryGraft memory-injection attacks

Deployment

Docker Compose setup, database migrations, and production configuration

Build docs developers (and LLMs) love

Get started for freeTalk to us