https://github.com/pensarai/apex

AI-powered offensive security testing using autonomous agents, directly in your terminal.
https://github.com/pensarai/apex

agents ai ai-sdk anthropic cybersecurity offensive-security pentesting tui typescript vllm

Last synced: about 1 month ago
JSON representation

AI-powered offensive security testing using autonomous agents, directly in your terminal.

• Host: GitHub
• URL: https://github.com/pensarai/apex
• Owner: pensarai
• License: apache-2.0
• Created: 2025-10-10T01:25:55.000Z (9 months ago)
• Default Branch: canary
• Last Pushed: 2026-05-05T04:37:57.000Z (about 2 months ago)
• Last Synced: 2026-05-05T06:34:51.812Z (about 2 months ago)
• Topics: agents, ai, ai-sdk, anthropic, cybersecurity, offensive-security, pentesting, tui, typescript, vllm
• Language: TypeScript
• Homepage: https://pensarai.com
• Size: 32.4 MB
• Stars: 271
• Watchers: 1
• Forks: 48
• Open Issues: 76
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Security: SECURITY.md
  • Agents: AGENTS.md

Awesome Lists containing this project

README

          
Pensar Apex




AI-powered penetration testing using autonomous agents — directly in your terminal. Run blackbox and whitebox pentests that explore, reason, and surface real vulnerabilities.





Want to run from the cloud or integrate it with your CI/CD? See Pensar Console.





  

  

  

  

  

  



## Use Cases

### Developers

- Run `/pentest` before merging a PR — catch vulnerabilities as naturally as running tests

- Get actionable findings with severity scores, evidence, and suggested fixes — no security background needed

- Integrate into CI/CD via headless CLI commands or Pensar Console

### Security Engineers

- Deploy agent-driven swarm testing across large attack surfaces

- Use `/operator` mode for manual investigation, exploit chaining, and validation

- Automate repetitive testing workflows with persistent memory that accumulates across engagements

- Scale across teams and projects through Pensar Console

## Installation

| Method                          | Command                                              |

| ------------------------------- | ---------------------------------------------------- |

| **Quick Install** (macOS/Linux) | `curl -fsSL https://pensarai.com/install.sh \| bash` |

| **Homebrew**                    | `brew tap pensarai/tap && brew install apex`         |

| **npm**                         | `npm install -g @pensar/apex`                        |

| **Windows** (PowerShell)        | `irm https://www.pensarai.com/apex.ps1 \| iex`       |

## Usage

Open the Apex TUI:

```bash

pensar

```

### Headless CLI

Run pentests without the TUI for scripting, CI, or evalgate integration:

```bash

# Basic pentest

pensar pentest --target https://example.com

# With extended thinking and task-driven mode

pensar pentest --target https://example.com --extended-thinking --task-driven

# Whitebox (with source code access)

pensar pentest --target https://example.com --cwd ./my-app

# Targeted pentest with specific objectives

pensar targeted-pentest --target https://example.com --objective "Test authentication bypass"

```

| Flag                           | Command                   | Description                                    |

| ------------------------------ | ------------------------- | ---------------------------------------------- |

| `--target `               | pentest, targeted-pentest | Target URL (required)                          |

| `--cwd `                 | pentest                   | Source code path for whitebox mode             |

| `--mode `                | pentest                   | `exfil` for pivoting and flag extraction       |

| `--model `              | pentest, targeted-pentest | AI model (default: auto-selected)              |

| `--extended-thinking`          | pentest                   | Enable extended thinking for supported models  |

| `--task-driven`                | pentest                   | Enable task-driven architecture (experimental) |

| `--prompt `       | pentest                   | Custom guidance for the agent                  |

| `--threat-model ` | pentest                   | Threat model to guide testing                  |

| `--objective `           | targeted-pentest          | Testing objective (repeatable)                 |

### W&B Weave Tracing

Stream step-level agent traces to Weights & Biases Weave for analysis and fine-tuning:

```bash

export WANDB_API_KEY=your-key

export WANDB_ENTITY=your-entity

# WANDB_PROJECT defaults to "apex-traces"

pensar pentest --target https://example.com

```

Traces include reasoning steps, tool calls, token usage, and state checkpoints. When credentials are not set, tracing is silently disabled.

## Kali Linux Container (Optional)

For **best performance**, run Apex in the included Kali Linux container with preconfigured pentest tools:

```bash

cd container

cp env.example .env  # add your API keys

docker compose up --build -d

docker compose exec kali-apex bash

```

Inside the container, run:

```bash

pensar

```

---

### ⚠️ Responsible Use

This repository contains tools for **authorized security testing** only.

Before use, please read and agree to the [Responsible Use Disclosure](./RESPONSIBLE_USE.md).