{"id":"bhavsec-autopentest-ai","name":"autopentest-ai","homepage":null,"repo_url":"https://github.com/bhavsec/autopentest-ai","category":"security","subcategories":[],"tags":["security","pentesting","web-application-testing","mcp","owasp","portswigger","owasp-wstg","daST","agentic-ai"],"what_it_does":"AutoPentest is an agentic pentesting MCP server for web applications. It orchestrates multiple role-specialized agents (Scout/Analyzer/Exploiter/Reporter) across a structured multi-phase workflow that crawls and maps an application, then performs OWASP WSTG-aligned testing and PortSwigger technique-based exploitation attempts, producing evidence-backed reports and doing quality-gated verification. It also bundles security tooling in Docker and includes browser-based testing via a Playwright MCP component (per README).","use_cases":["Automating web application security testing aligned with OWASP WSTG and PortSwigger technique references","Generating evidence-based pentest reports with reproducible CLI/curl-style commands","Assessing common vulnerability classes such as XSS, SQLi, SSRF, SSTI, IDOR, and related injection/auth/business-logic issues","Regression-style coverage verification of an app across repeated engagements","Agentic discovery and verification workflows with multi-stage proof requirements"],"not_for":["Production incident response or on-the-fly triage without authorization/testing scope","Testing targets without explicit permission (it is designed for offensive/security testing)","Highly regulated environments where automated exploitation tooling is disallowed","Purposes other than web application security assessment (e.g., generic network scanning only)"],"best_when":"You need structured, evidence-based web app security testing with OWASP/PortSwigger coverage and can run it in an isolated environment with appropriate authorization.","avoid_when":"You cannot control the tool’s runtime behavior (e.g., untrusted networks/targets), lack permission/scope, or need a purely passive scanner with no active probing/exploitation.","alternatives":["OWASP ZAP (passive/active scanning)","Burp Suite (Enterprise/Community with scanning extensions)","Nuclei/Httpx/Ffuf-based workflow with custom scripts","Commercial SAST/DAST platforms (e.g., Burp Enterprise, Invicti, Acunetix, Qualys)","Custom agentic pentest workflows using open-source recon/exploitation tooling"],"af_score":49.5,"security_score":29.8,"reliability_score":33.8,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:23:53.565248+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["README implies it can be run offline (Ollama) or with Claude Code; no explicit auth method described for the MCP server API in provided README excerpt"],"oauth":false,"scopes":false,"notes":"The provided README excerpt does not document authentication requirements for the MCP server (e.g., API keys, bearer tokens, or session auth). Therefore auth posture for programmatic access cannot be determined from available data."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing/hosting model information was provided; repository appears to be open-source/self-hostable tooling."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":49.5,"security_score":29.8,"reliability_score":33.8,"mcp_server_quality":75.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":60.0,"rate_limit_clarity":25.0,"tls_enforcement":20.0,"auth_strength":20.0,"scope_granularity":40.0,"dependency_hygiene":45.0,"secret_handling":30.0,"security_notes":"Security considerations are mixed: the tool is intended for offensive testing and bundles many scanners/exploit tools. The provided README excerpt does not document network transport/security controls (TLS requirements) for the MCP server, secret handling practices, or authentication/authorization for connecting agents to the MCP server. It does describe some safety-related controls at the workflow level (quality gates, evidence requirements, 'no finding without proof'), but those are not a substitute for access control. Docker and bundled tooling increase supply-chain exposure; dependency hygiene/CVE status is not documented in the provided excerpt.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":30.0,"error_recovery":70.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Tooling is designed for active security testing; agents may generate high request volume (crawler/scanners). Ensure strict rate limiting/scope controls in your environment.","Because it orchestrates multiple phases and subagents, failures mid-phase may require resume/checkpointing; verify that checkpoints are correctly persisted in your runtime.","The README describes evidence/quality gates, but the excerpt does not show concrete MCP error schemas or retry/idempotency guarantees; agent implementations should treat operations as potentially non-idempotent."]}}