SwarmPentest

World's first open-source multi-agent automated penetration testing framework featuring a blackboard system and plug-in architecture for third-party agent integration, designed for LLM support.

Introduction

SwarmPentest is the world’s first open-source automated penetration testing framework that combines a true multi-agent architecture, a blackboard system for collaborative intelligence, and an open plug-in ecosystem for third-party agent integration. Each specialised agent is responsible for a specific phase of the penetration testing process, such as reconnaissance, port scanning, vulnerability assessment, exploitation, and reporting. All agents interact and share information via a centralised blackboard, which serves as a real-time global knowledge hub.

SwarmPentest features a flexible "Brain" agent designed to support integration with various large language models (LLMs) for advanced, intelligent task orchestration. The extensible plug-in architecture allows any developer or researcher to contribute their custom agents, making SwarmPentest not just a framework, but a scalable and collaborative platform for the next generation of automated security testing.

Features

• Multi-agent, modular architecture: each agent is responsible for a specific penetration testing step.
• Blackboard system: agents communicate and share information efficiently.
• Central Brain agent: responsible for global coordination and intelligent task assignment, with support for LLM-based decision-making.
• Easy extensibility: plugin mechanism allows third-party developers to add custom agents by simply dropping them into the plugins/ directory.
• Simple external tool interface: agents can call external tools (e.g., Nmap, Metasploit) via unified APIs (to be expanded).
• Clear code structure, suitable for both academic research and industrial applications.

核心特性

🤖 AI驱动的智能决策

• 动态阶段调整：LLM根据测试结果智能决定下一步行动
• 新发现触发重执行：发现新端口、服务或漏洞时自动重新执行相关阶段
• 智能体选择：可选择执行特定智能体而非整个阶段
• 自适应策略：根据攻击面变化动态调整测试策略

🔧 多智能体协同架构

• 专业化分工：每个智能体专注特定渗透测试阶段
• 统一通信：基于黑板模式的智能体间数据共享
• 并行执行：支持智能体并行运行提高效率
• 模块化设计：易于扩展和自定义新智能体

🎯 全面的测试覆盖

• 信息收集：域名、子域、WHOIS、DNS记录
• 资产发现：端口扫描、服务识别、Web应用发现
• 漏洞评估：自动化漏洞扫描和风险评估
• 攻击模拟：SQL注入、XSS、RCE等攻击测试
• 后渗透：权限提升、持久化、横向移动
• 专业报告：详细的渗透测试报告生成

系统架构

┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
│   LLM决策引擎    │    │   Brain控制器    │    │   黑板通信系统   │
│                │    │                │    │                │
│ • 阶段决策      │◄──►│ • 智能体调度     │◄──►│ • 数据共享      │
│ • 策略调整      │    │ • 执行协调      │    │ • 状态同步      │
│ • 重执行判断    │    │ • 结果分析      │    │ • 文件锁机制    │
└─────────────────┘    └─────────────────┘    └─────────────────┘
                                │
                                ▼
┌─────────────────────────────────────────────────────────────────┐
│                        专业智能体集群                            │
├─────────────┬─────────────┬─────────────┬─────────────┬─────────┤
│ 信息收集     │ 端口扫描     │ 漏洞扫描     │ 攻击利用     │ 报告生成 │
│ ReconAgent  │PortScanAgent│VulnScanAgent│ExploitAgent │ReportAgent│
└─────────────┴─────────────┴─────────────┴─────────────┴─────────┘

快速开始

环境要求

• Python 3.8+
• 大语言模型API密钥（OpenAI GPT-4、智谱GLM-4等）
• 安全工具（可选）：Nmap、Nuclei、Hydra等

安装步骤

1. 克隆项目

# 请将 YOUR_USERNAME 替换为实际的GitHub用户名
git clone https://github.com/YOUR_USERNAME/SwarmPentest.git
cd SwarmPentest

2. 创建虚拟环境

python -m venv .venv
source .venv/bin/activate  # Linux/macOS
# 或 .venv\Scripts\activate  # Windows

3. 安装依赖

pip install -r requirements.txt

4. 配置环境

cp .env.example .env
# 编辑 .env 文件，配置LLM API密钥和工具路径

基本使用

完整渗透测试

# 对目标域名进行完整渗透测试
python main.py --domain target-domain.com --output ./results

# 对IP地址进行测试
python main.py --ip 192.168.1.100 --output ./results

# 对IP段进行测试
python main.py --range 192.168.1.0/24 --output ./results

指定阶段执行

# 只执行信息收集、端口扫描和漏洞扫描阶段
python main.py --domain target-domain.com --phases recon portscan vulnscan --output ./results

# 只执行攻击利用阶段（需要先有扫描结果）
python main.py --domain target-domain.com --phases exploitation --output ./results

详细日志模式

# 启用详细日志输出，便于调试和分析
python main.py --domain target-domain.com --verbose --log-level DEBUG --output ./results

智能决策系统

动态重执行机制

SwarmPentest的核心创新是基于新发现的智能重执行机制：

• 端口发现触发：攻击成功后发现新端口，自动重新执行端口扫描和服务枚举
• 服务识别触发：发现新服务版本，自动重新执行漏洞扫描
• 漏洞发现触发：发现高危漏洞，优先执行相关攻击测试
• 权限提升触发：获得更高权限后，重新评估攻击面

LLM决策流程

当前阶段结果 → 全局数据分析 → 新发现检测 → 重执行判断 → 下一步决策
     ↓              ↓              ↓              ↓              ↓
  阶段输出      历史数据对比    变化点识别    影响评估      执行计划

配置说明

核心配置

# LLM配置
LLM_PROVIDER=openai
OPENAI_API_KEY=your_api_key
OPENAI_MODEL=gpt-4

# 工具路径
NMAP_PATH=/usr/bin/nmap
NUCLEI_PATH=/usr/local/bin/nuclei
HYDRA_PATH=/usr/local/bin/hydra

# 扫描配置
SCAN_TIMEOUT=180          # 扫描超时时间(秒) - 优化性能
WEB_SCAN_DEPTH=2          # Web扫描深度 - 减少扫描时间
CRACK_THREADS=10

# Nuclei性能优化配置
NUCLEI_CONCURRENCY=25      # 并发扫描数量
NUCLEI_BULK_SIZE=25        # 批量处理大小
NUCLEI_TIMEOUT=15          # 单个请求超时时间(秒)
NUCLEI_RATE_LIMIT=150      # 每秒请求数限制

高级配置

• 并行执行：PARALLEL_AGENTS=true
• 攻击性扫描：AGGRESSIVE_SCAN=false
• Nuclei性能优化：调整并发数、超时时间等参数提升扫描速度
• 自定义载荷：编辑 config/payloads.json
• 阶段依赖：配置 config/phases.py

扩展开发

创建自定义智能体

from core.agent_base import BaseAgent

class CustomAgent(BaseAgent):
    PHASES = "custom_phase"
    
    def __init__(self, llm_config=None):
        super().__init__("CustomAgent", llm_config)
    
    async def run(self, blackboard):
        """实现自定义逻辑"""
        # 获取黑板数据
        data = await blackboard.read()
        
        # 执行自定义测试
        result = await self.execute_custom_test(data)
        
        # 更新黑板
        await blackboard.update({
            "results": {
                "custom_phase": result
            }
        })
        
        return True

自定义决策提示

# 在.env中配置自定义决策模板
ENHANCED_DECISION_PROMPT_TEMPLATE="你的自定义决策提示模板"

输出结果

文件结构

results/
├── swarmpentest_results.json    # 完整测试结果
├── pentest_report.md           # 专业渗透测试报告
├── blackboard.json             # 智能体通信数据
└── logs/                       # 详细执行日志

报告内容

• 执行摘要：测试概况和关键发现
• 资产清单：发现的主机、端口、服务
• 漏洞详情：漏洞描述、风险等级、修复建议
• 攻击路径：成功的攻击链和权限提升路径
• 安全建议：针对性的安全加固建议

安全工具集成

工具	用途	必需性
Nmap	端口扫描、服务识别	必需
Nuclei	漏洞扫描	推荐
Hydra	密码破解	可选
SQLMap	SQL注入测试	可选
Nikto	Web漏洞扫描	可选
OWASP ZAP	Web应用安全测试	可选

详细安装说明请参考 TOOLS_INSTALLATION.md

License

This project is licensed under the AGPLv3 License.

Disclaimer / 免责声明

This project was independently developed by the author using personal time and personal equipment. It is not affiliated with or endorsed by any company or organization at present.

The author reserves the right to transfer, license, or integrate this project into any company or organization in the future, with all rights and interests subject to the relevant agreements at that time.

License

This project is licensed under the AGPLv3 License.

Disclaimer / 免责声明

This project was independently developed by the author using personal time and personal equipment. It is not affiliated with or endorsed by any company or organization at present.

The author reserves the right to transfer, license, or integrate this project into any company or organization in the future, with all rights and interests subject to the relevant agreements at that time.

贡献指南

欢迎贡献代码、报告问题或提出新功能建议。请遵循以下步骤：

1. Fork 仓库
2. 创建功能分支 (git checkout -b feature/amazing-feature)
3. 提交更改 (git commit -m 'Add some amazing feature')
4. 推送到分支 (git push origin feature/amazing-feature)
5. 创建 Pull Request

联系方式

如有问题或建议，请通过 Issues 或 Pull Requests 与我们联系。