pentest-ai-agents stands out by turning Claude Code into a multi-specialist offensive security assistant without adding any runtime dependencies or orchestration layers. Instead of relying on code-heavy agents or complex infrastructure, it uses 35 standalone markdown files, each loaded with instructions tailored to a specific offensive security domain. Claude Code routes natural language tasks to the appropriate subagent automatically, making this a compelling example of how far prompt engineering can be pushed as an architectural pattern.
How pentest-ai-agents structures offensive security workflows
At its core, pentest-ai-agents is a collection of 35 Claude Code subagents, each defined as an individual markdown file. These subagents cover a broad range of offensive security disciplines, including reconnaissance, web application testing, Active Directory assessment, cloud security, mobile and wireless testing, social engineering, payload crafting, reverse engineering, exploit chaining, detection engineering, forensics, and STIG auditing.
The design is minimalistic: there are no servers, no Python or other language dependencies, and no orchestration frameworks. Deployment is as simple as copying the markdown files into the ~/.claude/agents/ directory. Claude Code then automatically routes incoming natural language queries to the most relevant subagent based on the embedded instructions in each markdown file.
This approach leans heavily on prompt engineering as the architecture itself — the agents are effectively domain-specialist prompts encoded in markdown. The system relies entirely on Claude Code’s internal routing capabilities, avoiding the complexity and overhead of managing multiple processes or external services.
What makes pentest-ai-agents technically interesting
The zero-dependency, file-based subagent model is the defining technical choice here. Unlike many AI agent frameworks that require backend orchestration, containerization, or complex pipelines, pentest-ai-agents embraces a pure prompt-driven architecture. This has several implications:
Simplicity and portability: No installation of Python packages or servers means minimal friction to get started or to update. The entire multi-agent system is just a directory of markdown files.
Modularity: Each markdown file is a focused domain expert prompt, making it easy to add or modify agents independently without touching a centralized codebase.
Tradeoffs in scalability and context management: By offloading routing to Claude Code and relying on prompt instructions alone, there is no centralized state or memory management beyond what Claude Code provides. This limits more complex workflows that require multi-agent coordination or persistent context across sessions.
Code quality and maintenance: Since the “code” is mainly markdown prompts, there is no traditional codebase to maintain, which reduces bugs but also means no runtime error handling or debugging in the conventional sense.
Extensibility: The architecture supports natural language task descriptions for routing, but the system depends on Claude Code’s ability to interpret and dispatch effectively, which may vary with prompt changes or Claude updates.
Overall, pentest-ai-agents is an interesting case study in pushing the boundaries of what prompt engineering can achieve as a software architecture, especially for offensive security where domain expertise can be distilled into detailed instructions.
Quick start with pentest-ai-agents
Getting started is straightforward. The repo provides a single installation script that clones the repo and copies the agents to the proper Claude Code agents directory.
curl -fsSL https://raw.githubusercontent.com/0xSteph/pentest-ai-agents/main/install.sh | bash
This script is idempotent and safe to rerun for updates. After installation, you simply open Claude Code and start issuing natural language commands like:
Plan an internal network pentest for a 500-endpoint AD environment with a 2-week window.
Claude Code will route this to the engagement planner agent and generate a phased plan.
For those who prefer cloning first:
git clone https://github.com/0xSteph/pentest-ai-agents.git
cd pentest-ai-agents && ./install.sh --global
The install script offers various options such as installing for the current project only or using a “lite” mode for advisory agents. See the repo’s INSTALL.md for more detailed setup steps, including configuring Claude Code itself.
verdict: a lean prompt-engineering platform for offensive security specialists
pentest-ai-agents is well suited for offensive security practitioners who want to harness Claude Code’s AI capabilities without the overhead of managing orchestration frameworks or additional runtime dependencies. It excels at encapsulating specialized domain knowledge into modular prompt files, which can be a powerful way to automate and assist in security research tasks.
However, the tradeoff is clear: it depends heavily on Claude Code’s internal routing and prompt interpretation, with limited support for complex multi-agent coordination or persistent state. This makes it less suitable for workflows requiring tight integration between agents or long-running context.
For teams or individuals comfortable with prompt engineering and looking for a minimal, zero-dependency multi-agent security assistant, this repo is worth exploring. For more complex orchestration, additional tooling or frameworks might still be necessary.
The code is surprisingly clean given it’s mostly markdown instructions, and the install process is as frictionless as it gets. It’s a neat demonstration of how far you can push LLM-native tooling with just prompt engineering as architecture.
→ GitHub Repo: 0xSteph/pentest-ai-agents ⭐ 1,454 · Shell