Claude Code & Gemini CLI agentic pentesting framework for grey-box SaaS testing.
# 1. Install tools
bash install-tools.sh
# 2. Symlink your Obsidian vault
ln -s ~/Documents/ObsidianVault/Pentests obsidian/vault
# 3. Launch Agent
gemini # or claude
# 4. Start engagement
/new-engagementGEMINI.md / CLAUDE.md — Bootstrap (loaded every session, < 60 lines)
AGENT.md — Full agent spec (loaded on demand)
SKILL.md — Skills index
TOOLS.md — Full toolchain reference
skills/ — Per-phase skill files (loaded progressively)
rules/ — Error handling, rate limiting, scope, destructive endpoint protection
commands/ — Agent slash commands
engagements/ — Per-engagement runtime state and reports (gitignored)
obsidian/ — Templates + vault symlink
install-tools.sh — One-shot tool installer
- Scope Definition →
/new-engagement - Authentication Setup → records curl replay for auto token refresh
- Discovery → subagent (nmap, ffuf, amass, katana, waybackurls)
- Fingerprinting → subagent (whatweb, wafw00f, trufflehog, GraphQL detection)
- Automated Scan → subagent (nuclei)
- API Testing → main context (sqlmap, jwt_tool, dalfox, kiterunner, graphql-cop)
- Reporting → Obsidian export
- State on disk, not in context — session, scope, findings live in JSON files
- Progressive disclosure — only the active phase's skill file is loaded
- Subagents for scans — discovery/nuclei run in isolated context windows
- Session-aware wrappers — every curl checks token health every 100 requests
- Destructive endpoint protection — logout/delete/modify-self blocked by default
- Phase compaction —
/compactruns at every phase boundary
This framework is for authorised penetration testing only. Always obtain written permission before testing any system.