{"id":35683799,"url":"https://github.com/pensarai/apex","last_synced_at":"2026-05-11T23:03:06.020Z","repository":{"id":319948893,"uuid":"1073345719","full_name":"pensarai/apex","owner":"pensarai","description":"AI-powered offensive security testing using autonomous agents, directly in your terminal.","archived":false,"fork":false,"pushed_at":"2026-05-05T04:37:57.000Z","size":34011,"stargazers_count":271,"open_issues_count":76,"forks_count":48,"subscribers_count":1,"default_branch":"canary","last_synced_at":"2026-05-05T06:34:51.812Z","etag":null,"topics":["agents","ai","ai-sdk","anthropic","cybersecurity","offensive-security","pentesting","tui","typescript","vllm"],"latest_commit_sha":null,"homepage":"https://pensarai.com","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pensarai.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2025-10-10T01:25:55.000Z","updated_at":"2026-05-05T04:32:11.000Z","dependencies_parsed_at":"2026-02-12T00:05:02.828Z","dependency_job_id":null,"html_url":"https://github.com/pensarai/apex","commit_stats":null,"previous_names":["pensarai/apex"],"tags_count":485,"template":false,"template_full_name":null,"purl":"pkg:github/pensarai/apex","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pensarai%2Fapex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pensarai%2Fapex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pensarai%2Fapex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pensarai%2Fapex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pensarai","download_url":"https://codeload.github.com/pensarai/apex/tar.gz/refs/heads/canary","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pensarai%2Fapex/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32781561,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-08T08:22:46.396Z","status":"ssl_error","status_checked_at":"2026-05-08T08:22:45.650Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agents","ai","ai-sdk","anthropic","cybersecurity","offensive-security","pentesting","tui","typescript","vllm"],"created_at":"2026-01-05T21:11:57.171Z","updated_at":"2026-05-11T23:03:05.983Z","avatar_url":"https://github.com/pensarai.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003ePensar Apex\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\nAI-powered penetration testing using autonomous agents — directly in your terminal. Run blackbox and whitebox pentests that explore, reason, and surface real vulnerabilities.\n\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\nWant to run from the cloud or integrate it with your CI/CD? See \u003ca href=\"https://docs.pensar.dev/console\"\u003ePensar Console\u003c/a\u003e.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://www.npmjs.com/package/@pensar/apex\"\u003e\u003cimg src=\"https://img.shields.io/npm/v/@pensar/apex?label=latest\" alt=\"npm version\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.npmjs.com/package/@pensar/apex\"\u003e\u003cimg src=\"https://img.shields.io/npm/v/@pensar/apex/canary?label=prerelease\u0026color=yellow\" alt=\"npm prerelease version\"\u003e\u003c/a\u003e\n  \u003c!-- \u003ca href=\"https://www.npmjs.com/package/@pensar/apex\"\u003e\u003cimg src=\"https://img.shields.io/npm/dm/@pensar/apex\" alt=\"npm downloads\"\u003e\u003c/a\u003e --\u003e\n  \u003ca href=\"./LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-Apache--2.0-blue\" alt=\"Apache 2.0 License\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://docs.pensar.dev/apex\"\u003e\u003cimg src=\"https://img.shields.io/badge/docs-docs.pensar.dev/apex-purple?logo=readthedocs\u0026logoColor=white\" alt=\"Documentation\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://discord.gg/pensar\"\u003e\u003cimg src=\"https://img.shields.io/badge/Discord-Join%20Us-5865F2?logo=discord\u0026logoColor=white\" alt=\"Discord\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003c!-- \u003cp align=\"center\"\u003e\n  \u003cimg src=\"screenshot.png\" alt=\"Pensar Apex Screenshot\" width=\"800\"\u003e\n\u003c/p\u003e --\u003e\n\n## Use Cases\n\n### Developers\n\n- Run `/pentest` before merging a PR — catch vulnerabilities as naturally as running tests\n- Get actionable findings with severity scores, evidence, and suggested fixes — no security background needed\n- Integrate into CI/CD via headless CLI commands or Pensar Console\n\n### Security Engineers\n\n- Deploy agent-driven swarm testing across large attack surfaces\n- Use `/operator` mode for manual investigation, exploit chaining, and validation\n- Automate repetitive testing workflows with persistent memory that accumulates across engagements\n- Scale across teams and projects through Pensar Console\n\n## Installation\n\n| Method                          | Command                                              |\n| ------------------------------- | ---------------------------------------------------- |\n| **Quick Install** (macOS/Linux) | `curl -fsSL https://pensarai.com/install.sh \\| bash` |\n| **Homebrew**                    | `brew tap pensarai/tap \u0026\u0026 brew install apex`         |\n| **npm**                         | `npm install -g @pensar/apex`                        |\n| **Windows** (PowerShell)        | `irm https://www.pensarai.com/apex.ps1 \\| iex`       |\n\n## Usage\n\nOpen the Apex TUI:\n\n```bash\npensar\n```\n\n### Headless CLI\n\nRun pentests without the TUI for scripting, CI, or evalgate integration:\n\n```bash\n# Basic pentest\npensar pentest --target https://example.com\n\n# With extended thinking and task-driven mode\npensar pentest --target https://example.com --extended-thinking --task-driven\n\n# Whitebox (with source code access)\npensar pentest --target https://example.com --cwd ./my-app\n\n# Targeted pentest with specific objectives\npensar targeted-pentest --target https://example.com --objective \"Test authentication bypass\"\n```\n\n| Flag                           | Command                   | Description                                    |\n| ------------------------------ | ------------------------- | ---------------------------------------------- |\n| `--target \u003curl\u003e`               | pentest, targeted-pentest | Target URL (required)                          |\n| `--cwd \u003cpath\u003e`                 | pentest                   | Source code path for whitebox mode             |\n| `--mode \u003cmode\u003e`                | pentest                   | `exfil` for pivoting and flag extraction       |\n| `--model \u003cmodel\u003e`              | pentest, targeted-pentest | AI model (default: auto-selected)              |\n| `--extended-thinking`          | pentest                   | Enable extended thinking for supported models  |\n| `--task-driven`                | pentest                   | Enable task-driven architecture (experimental) |\n| `--prompt \u003ctext\\|@file\u003e`       | pentest                   | Custom guidance for the agent                  |\n| `--threat-model \u003ctext\\|@file\u003e` | pentest                   | Threat model to guide testing                  |\n| `--objective \u003ctext\u003e`           | targeted-pentest          | Testing objective (repeatable)                 |\n\n### W\u0026B Weave Tracing\n\nStream step-level agent traces to Weights \u0026 Biases Weave for analysis and fine-tuning:\n\n```bash\nexport WANDB_API_KEY=your-key\nexport WANDB_ENTITY=your-entity\n# WANDB_PROJECT defaults to \"apex-traces\"\npensar pentest --target https://example.com\n```\n\nTraces include reasoning steps, tool calls, token usage, and state checkpoints. When credentials are not set, tracing is silently disabled.\n\n## Kali Linux Container (Optional)\n\nFor **best performance**, run Apex in the included Kali Linux container with preconfigured pentest tools:\n\n```bash\ncd container\ncp env.example .env  # add your API keys\ndocker compose up --build -d\ndocker compose exec kali-apex bash\n```\n\nInside the container, run:\n\n```bash\npensar\n```\n\n---\n\n### ⚠️ Responsible Use\n\nThis repository contains tools for **authorized security testing** only.\nBefore use, please read and agree to the [Responsible Use Disclosure](./RESPONSIBLE_USE.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpensarai%2Fapex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpensarai%2Fapex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpensarai%2Fapex/lists"}