Pentest Swarm AI Tool With Live Access to nmap, sqlmap, Burp, Metasploit, and Others
Cybersecurity NewsArchived May 30, 2026✓ Full text saved
Pentest Swarm AI is the first open-source autonomous penetration testing platform built on a swarm intelligence architecture, not just multiple agents firing in a fixed sequence. Developed by Armur AI, it gives security professionals live, coordinated access to the full offensive stack, including nmap, SQLMap, Burp Suite, ZAP, and Metasploit, all driven by an AI […] The post Pentest Swarm AI Tool With Live Access to nmap, sqlmap, Burp, Metasploit, and Others appeared first on Cyber Security News
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security
Pentest Swarm AI Tool With Live Access to nmap, sqlmap, Burp, Metasploit, and Others
By Guru Baran
May 30, 2026
Pentest Swarm AI is the first open-source autonomous penetration testing platform built on a swarm intelligence architecture, not just multiple agents firing in a fixed sequence.
Developed by Armur AI, it gives security professionals live, coordinated access to the full offensive stack, including nmap, SQLMap, Burp Suite, ZAP, and Metasploit, all driven by an AI model of your choice.
What Makes It a True Swarm
Most tools marketed as “multi-agent” are actually pipelines — a single planner LLM dispatching specialists in a predetermined order: recon → classify → exploit → report. Pentest Swarm AI breaks this mold with three swarm-intelligence primitives:
Stigmergy — agents coordinate by reading and writing findings to a shared PostgreSQL-backed blackboard (pgvector), not via a central planner. Each finding carries a pheromone weight that biases other agents toward high-value paths and decays over time, letting stale attack paths die naturally.
Emergence — attack chains form without any agent prescribing them; a recon finding wakes the classifier, a high-severity CVE match triggers the exploit agent, and exploit results cycle back into the board.
Decentralization — each agent runs its own trigger predicate, so adding or removing an agent requires no orchestrator rewrite.
The platform ships with eight ProjectDiscovery tools stable out of the box — subfinder, httpx, nuclei, naabu, katana, dnsx, gau — plus a fully parsed nmap XML adapter with scope validation. sqlmap, Burp MCP bridge, Metasploit, and ZAP adapters are queued for Wave 2 of the roadmap, making the platform progressively more powerful without requiring a platform overhaul.
Getting started requires just one API key and one command:
bashexport PENTESTSWARM_ORCHESTRATOR_API_KEY=sk-ant-your-key-here
pentestswarm scan example.com --scope example.com --swarm --follow
It supports Claude (default, with prompt caching enabled for recon and classifier agents), Ollama for fully air-gapped local deployments, and any OpenAI-compatible model, giving teams the flexibility to balance cost, privacy, and capability. No GPU, no local model download required when using the cloud path.
Every campaign produces submission-ready output across four formats Markdown, HTML, JSON, and SARIF queried directly from the blackboard by a dedicated report agent.
Findings are automatically deduplicated, CVSS v3.1 scored per the FIRST specification, and scoped: the --scope flag is enforced both at the tool layer and the executor layer for defense-in-depth, making it safe for CI/CD pipelines and bug-bounty programs.
Tool Architecture Executes Memory True Swarm
Pentest Swarm AI Stigmergic blackboard Yes pgvector + pheromones ✅
PentestGPT Single-agent ReAct Suggests None ❌
PentAGI 4 agents + planner Yes pgvector Pipeline only
HexStrike MCP tool wrapper Delegates Stateless ❌
Table based on Pentest Swarm AI Comparison
GitHub Actions & MCP Integration
A ready-made GitHub Action ships with SARIF output, enabling automated pentesting directly within any CI/CD workflow. The pentestswarm mcp serve command exposes the entire swarm as an MCP server, integrating natively with Claude Desktop and Cursor for IDE-level offensive security testing.
Licensed under AGPL-3.0, Pentest Swarm AI is free for red teams, bug-bounty hunters, and internal security pipelines, with the copyleft clause ensuring that any commercial SaaS fork must return improvements to the open-source community. The project is available on GitHub.
Uncover Shadow APIs, close OWASP gaps — Join a Free Webinar to secure every API at runtime.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Guru Baranhttps://cybersecuritynews.com
Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments.
Trending News
CISA Warns of Drupal Core SQL Injection Vulnerability Exploited in Attacks
Hackers Hide Linux Payload Under SSH-Like Filename During Package Installation
New 7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code and Compromise Systems
Iranian APT Uses SEO Poisoning to Deliver Fake SQL Developer Malware Installer
Hackers Compromised 34 Packages in npm, PyPI, and Crates in New Supply Chain Attack
Latest News
Cyber Security News
GREYVIBE Hackers Leverage ChatGPT and Google Gemini to Fuel Cyberattacks
Cyber Security
Palo Alto Networks PAN-OS Authentication Vulnerability Bypass Exploited in the Wild
Technology
Post-quantum cryptography is not the future. It is your current reality.
Cyber Security News
Ransomware Uses SYSTEM Scheduled Task to Encrypt Local Drives With Elevated Privileges
Cyber Security News
JINX-0164 Threat Actor Using LinkedIn Social Engineering to Deploy Custom macOS Malware