What it does

pentest-ai-agents is a collection of 35 Claude Code subagents—plain text files you drop into ~/.claude/agents/. Describe your task in Claude Code and it routes to the right specialist: recon, web exploitation, Active Directory, cloud, mobile, social engineering, payload crafting, reverse engineering, detection engineering, even LLM red-teaming. There is no server to run and no Python dependencies to manage; the install script just copies files.

The interesting bit

The project treats Claude Code itself as the orchestration layer. A built-in scope guard hard-refuses DoS, mass scanning, and safety-of-life targets, while a SQLite findings database tracks vulnerabilities across sessions with tool-level filtering. A db/doctor.sh script audits which of the 80+ underlying CLI tools you actually have installed, showing checkmarks and install hints per agent.

Key highlights

• 35 agents covering the full kill chain from engagement planning to report generation
• Tier 1 (advisory) agents work out of the box; Tier 2 (execution-capable) agents require an explicit scope declaration
• Slash commands /recommend and /agents-for route tasks without memorizing agent names
• install.sh --tools optionally pulls the underlying toolchain via apt/brew/pacman + pipx/go/cargo
• Persistent SQLite findings database with migration scripts and JSON export
• New in v3.2: container breakout, C2 operator, opsec anonymizer, and LLM red-team agents

Caveats

• The README is upfront that this is “authorized penetration testing” only; the legal section exists but the burden of proper authorization is on you
• Actual tool execution depends on installing 80+ CLI tools yourself; the doctor script helps but does not automate everything

Verdict

Red teamers, pentesters, and CTF players who already live in Claude Code should grab this. If you want a GUI-driven security platform or do not have a Anthropic subscription, look elsewhere.