Share
## https://sploitus.com/exploit?id=22F7DDD1-166E-535D-964F-0CFC46467456
# ๐Ÿ” AI Pentest Agent v4

> Automated web application penetration testing powered by Claude AI

![Python](https://img.shields.io/badge/Python-3.13-blue)
![License](https://img.shields.io/badge/License-MIT-green)
![Tor](https://img.shields.io/badge/OPSEC-Tor%20Routing-purple)
![AI](https://img.shields.io/badge/AI-Claude%20Sonnet-orange)

## ๐ŸŽฏ What It Does

Automatically discovers, exploits, and reports vulnerabilities in web applications using AI-driven reasoning. Give it a target URL โ€” it figures out the rest.
## โšก Results

| Target | Steps | Findings | Time |
|--------|-------|----------|------|
| OWASP Juice Shop | 5 | 9 (7 Critical) | ~8 min |
| DVWA Low/Med/High | 3 | SQLi+XSS+CMDi | ~5 min |
| WordPress | 6 | User enum, XML-RPC, REST API | ~10 min |

## ๐Ÿ› ๏ธ Capabilities

### App Detection (automatic)
- **WordPress** โ€” user enumeration, plugin CVE lookup, XML-RPC brute force, REST API mapping
- **REST API / JWT** โ€” SQLi dump, hash cracking, auth bypass, BOLA, IDOR
- **PHP apps** โ€” CSRF-aware sessions, form-based auth, DVWA all difficulty levels

### OPSEC
- Tor routing on every request (`--tor` flag)
- Randomized User-Agent rotation
- Adaptive delays (3-7s with Tor)
- WAF detection and auto-backoff

### Reporting
- Professional pentest report generation
- AI-written finding descriptions
- CVSS 3.1 scoring
- Evidence files saved per finding

## ๐Ÿ“ฆ Install

```bash
git clone https://github.com/CyberWardion/ai-pentest-agent
cd ai-pentest-agent
pip install anthropic requests pysocks urllib3
cp config/.env.example config/.env
# Add your ANTHROPIC_API_KEY to .env
```

## ๐Ÿš€ Usage

```bash
# Activate environment
source venv/bin/activate
set -a; source config/.env; set +a

# Test against OWASP Juice Shop (local)
python3 scripts/ai_agent_v4.py \
  --target http://localhost:3000 \
  --client "JuiceShop" \
  --steps 10

# Real target with Tor routing
python3 scripts/ai_agent_v4.py \
  --target https://target.com \
  --client "ClientName" \
  --steps 12 \
  --tor

# WordPress deep exploitation
python3 scripts/wp_exploit.py https://target.com --tor

# Plugin CVE lookup
python3 scripts/cve_lookup.py

# DVWA all difficulty levels
python3 scripts/dvwa_test.py http://localhost:8080
```

## ๐Ÿ“ Scripts

| Script | Purpose |
|--------|---------|
| `ai_agent_v4.py` | Main AI agent โ€” full automated engagement |
| `ai_report.py` | Professional report generator |
| `wp_exploit.py` | WordPress smart exploitation |
| `wp_deep_scan.py` | WordPress API + CVE scanning |
| `cve_lookup.py` | Plugin CVE lookup via Wordfence API |
| `dvwa_test.py` | DVWA Low/Medium/High/Impossible |
| `js_secrets.py` | JavaScript secret scanning |
| `dork_recon.py` | Google dork reconnaissance |
| `sessions.py` | JWT session management |
| `crack_hashes.py` | MD5 hash cracking via rockyou |

## ๐Ÿ”ง Lab Setup

```bash
# OWASP Juice Shop
docker run -d -p 3000:3000 bkimminich/juice-shop

# DVWA
docker run -d -p 8080:80 vulnerables/web-dvwa

# Tor
systemctl start tor
```

## โš ๏ธ Legal

This tool is for **authorized security testing only**.

- Only test systems you own or have **written authorization** to test
- Unauthorized testing is illegal under computer fraud laws worldwide
- The authors take no responsibility for misuse

## ๐Ÿข About

Built by [CyberWardion](https://cyberwardion.com) โ€” Professional cybersecurity services.