AI coding agents can now run full penetration tests autonomously. pentest-agent is a CLI that gives agents like OpenClaw, Claude Code, and Codex full, programmatic control over the RedVeil platform — create projects, launch scans, triage findings, and generate reports, all from a single terminal session.
AI coding agents are becoming the first line of defense in development workflows. They review pull requests, refactor code, and resolve tickets. But when it comes to security, they hit a wall — there is no standard, scriptable way for an agent to say “test this app for vulnerabilities and tell me what to fix.”
RedVeil is an AI-powered penetration testing platform that delivers the depth of manual security testing with the speed and scalability of automation. Intelligent AI agents simulate real attacker behavior, validate exploitable vulnerabilities with proof-of-concept evidence, and produce audit-ready reports — on demand, in hours instead of weeks.
pentest-agent closes the gap between coding agents and security testing. Every command emits structured JSON, follows predictable conventions, and works headlessly — exactly what an agent needs to operate without supervision.
A CLI built from day one for headless, agent-driven environments. Authenticate once and let your agent run the entire penetration test lifecycle.
Store a token via environment variable or the device auth flow.
Point at a web app, API, network, or cloud account.
Start, pause, resume, cancel, or schedule scans and poll for status.
List vulnerabilities, inspect evidence, mark false positives, or kick off retests.
Produce executive, technical, or compliance PDFs.
Estimate ops cost before scanning and verify budget availability.
Every response is parseable JSON. An agent can inspect each result, decide what to do next, and keep going — no human in the loop.
Any agent that can execute shell commands can use pentest-agent. Here's how it works with three leading platforms.
Open-source agent framework built for autonomous software engineering. Agents call pentest-agent commands as tool actions within their task loop.
Register pentest-agent commands as available tools and let your OpenClaw agent orchestrate full security test lifecycles as part of its workflow.
Anthropic's agentic coding tool that operates directly in your terminal. Give it access to the CLI and it runs complete security workflows end to end.
Point Claude Code at a codebase, install pentest-agent, and ask it to run a penetration test. It handles auth, scanning, triage, and reporting autonomously.
OpenAI's cloud-based coding agent that runs tasks in parallel sandboxed environments. CLI access enables fully autonomous penetration testing.
Add pentest-agent to your Codex environment setup. The agent can create projects, launch scans, analyze findings, and generate reports without human intervention.
With pentest-agent in the toolchain, teams are wiring up workflows that were not possible before.
A coding agent runs a pentest after merging a feature branch, blocks the deploy if critical findings appear, and opens fix PRs automatically.
After an agent remediates a vulnerability, it calls finding retest to verify the fix without waiting for a human to click a button.
Cron-triggered scans that generate attestation reports and push them to a shared drive, fully unattended.
Agents call usage estimate-project and usage check before starting a scan, avoiding surprise overages and staying within budget.
Install pentest-agent, authenticate, and run your first scan in under a minute. Full documentation is available in the CLI reference.