Skip to content

pensarai/apex

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

738 Commits
.github
.github
 
 
.vscode
.vscode
 
 
assets/wordlists
assets/wordlists
 
 
benchmarks
benchmarks
 
 
bin
bin
 
 
container
container
 
 
decisions
decisions
 
 
fern
fern
 
 
scripts
scripts
 
 
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
.prettierrc
.prettierrc
 
 
AGENTS.md
AGENTS.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
RESPONSIBLE_USE.md
RESPONSIBLE_USE.md
 
 
SECURITY.md
SECURITY.md
 
 
biome.jsonc
biome.jsonc
 
 
bun.lock
bun.lock
 
 
knip.json
knip.json
 
 
loader-demo.tsx
loader-demo.tsx
 
 
package.json
package.json
 
 
pensar.svg
pensar.svg
 
 
screenshot.png
screenshot.png
 
 
tsconfig.json
tsconfig.json
 
 
vitest.config.ts
vitest.config.ts
 
 

Repository files navigation

Pensar Apex

AI-powered penetration testing using autonomous agents — directly in your terminal. Run blackbox and whitebox pentests that explore, reason, and surface real vulnerabilities.

Want to run from the cloud or integrate it with your CI/CD? See Pensar Console.

npm version npm prerelease version Apache 2.0 License Documentation Discord

Use Cases

Developers

  • Run /pentest before merging a PR — catch vulnerabilities as naturally as running tests
  • Get actionable findings with severity scores, evidence, and suggested fixes — no security background needed
  • Integrate into CI/CD via headless CLI commands or Pensar Console

Security Engineers

  • Deploy agent-driven swarm testing across large attack surfaces
  • Use /operator mode for manual investigation, exploit chaining, and validation
  • Automate repetitive testing workflows with persistent memory that accumulates across engagements
  • Scale across teams and projects through Pensar Console

Installation

Method Command
Quick Install (macOS/Linux) curl -fsSL https://pensarai.com/install.sh | bash
Homebrew brew tap pensarai/tap && brew install apex
npm npm install -g @pensar/apex
Windows (PowerShell) irm https://www.pensarai.com/apex.ps1 | iex

Usage

Open the Apex TUI:

pensar

Headless CLI

Run pentests without the TUI for scripting, CI, or evalgate integration:

# Basic pentest
pensar pentest --target https://example.com

# With extended thinking and task-driven mode
pensar pentest --target https://example.com --extended-thinking --task-driven

# Whitebox (with source code access)
pensar pentest --target https://example.com --cwd ./my-app

# Targeted pentest with specific objectives
pensar targeted-pentest --target https://example.com --objective "Test authentication bypass"
Flag Command Description
--target <url> pentest, targeted-pentest Target URL (required)
--cwd <path> pentest Source code path for whitebox mode
--mode <mode> pentest exfil for pivoting and flag extraction
--model <model> pentest, targeted-pentest AI model (default: auto-selected)
--extended-thinking pentest Enable extended thinking for supported models
--task-driven pentest Enable task-driven architecture (experimental)
--prompt <text|@file> pentest Custom guidance for the agent
--threat-model <text|@file> pentest Threat model to guide testing
--objective <text> targeted-pentest Testing objective (repeatable)

W&B Weave Tracing

Stream step-level agent traces to Weights & Biases Weave for analysis and fine-tuning:

export WANDB_API_KEY=your-key
export WANDB_ENTITY=your-entity
# WANDB_PROJECT defaults to "apex-traces"
pensar pentest --target https://example.com

Traces include reasoning steps, tool calls, token usage, and state checkpoints. When credentials are not set, tracing is silently disabled.

Kali Linux Container (Optional)

For best performance, run Apex in the included Kali Linux container with preconfigured pentest tools:

cd container
cp env.example .env  # add your API keys
docker compose up --build -d
docker compose exec kali-apex bash

Inside the container, run:

pensar

⚠️ Responsible Use

This repository contains tools for authorized security testing only. Before use, please read and agree to the Responsible Use Disclosure.

About

AI-powered offensive security testing using autonomous agents, directly in your terminal.

pensar.dev

Topics

typescript ai tui cybersecurity pentesting agents offensive-security ai-sdk anthropic vllm

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

275 stars

Watchers

1 watching

Forks

49 forks
Report repository

Releases 496

v1.8.0 Latest
May 1, 2026
+ 495 releases

Contributors

Languages