Automated web application penetration testing powered by Claude AI
Automatically discovers, exploits, and reports vulnerabilities in web applications using AI-driven reasoning. Give it a target URL — it figures out the rest.
| Target | Steps | Findings | Time |
|---|---|---|---|
| OWASP Juice Shop | 5 | 9 (7 Critical) | ~8 min |
| DVWA Low/Med/High | 3 | SQLi+XSS+CMDi | ~5 min |
| WordPress | 6 | User enum, XML-RPC, REST API | ~10 min |
- WordPress — user enumeration, plugin CVE lookup, XML-RPC brute force, REST API mapping
- REST API / JWT — SQLi dump, hash cracking, auth bypass, BOLA, IDOR
- PHP apps — CSRF-aware sessions, form-based auth, DVWA all difficulty levels
- Tor routing on every request (
--torflag) - Randomized User-Agent rotation
- Adaptive delays (3-7s with Tor)
- WAF detection and auto-backoff
- Professional pentest report generation
- AI-written finding descriptions
- CVSS 3.1 scoring
- Evidence files saved per finding
git clone https://github.com/CyberWardion/ai-pentest-agent
cd ai-pentest-agent
pip install anthropic requests pysocks urllib3
cp config/.env.example config/.env
# Add your ANTHROPIC_API_KEY to .env# Activate environment
source venv/bin/activate
set -a; source config/.env; set +a
# Test against OWASP Juice Shop (local)
python3 scripts/ai_agent_v4.py \
--target http://localhost:3000 \
--client "JuiceShop" \
--steps 10
# Real target with Tor routing
python3 scripts/ai_agent_v4.py \
--target https://target.com \
--client "ClientName" \
--steps 12 \
--tor
# WordPress deep exploitation
python3 scripts/wp_exploit.py https://target.com --tor
# Plugin CVE lookup
python3 scripts/cve_lookup.py
# DVWA all difficulty levels
python3 scripts/dvwa_test.py http://localhost:8080| Script | Purpose |
|---|---|
ai_agent_v4.py |
Main AI agent — full automated engagement |
ai_report.py |
Professional report generator |
wp_exploit.py |
WordPress smart exploitation |
wp_deep_scan.py |
WordPress API + CVE scanning |
cve_lookup.py |
Plugin CVE lookup via Wordfence API |
dvwa_test.py |
DVWA Low/Medium/High/Impossible |
js_secrets.py |
JavaScript secret scanning |
dork_recon.py |
Google dork reconnaissance |
sessions.py |
JWT session management |
crack_hashes.py |
MD5 hash cracking via rockyou |
# OWASP Juice Shop
docker run -d -p 3000:3000 bkimminich/juice-shop
# DVWA
docker run -d -p 8080:80 vulnerables/web-dvwa
# Tor
systemctl start torThis tool is for authorized security testing only.
- Only test systems you own or have written authorization to test
- Unauthorized testing is illegal under computer fraud laws worldwide
- The authors take no responsibility for misuse
Built by CyberWardion — Professional cybersecurity services.