🤖 PentestGPT Setup Guide: Complete AI Penetration Testing

PentestGPT setup guide provides everything you need to install, configure, and effectively use this revolutionary AI-powered penetration testing tool. Whether you’re a beginner or experienced security professional, this comprehensive step-by-step guide will walk you through every step from installation to advanced usage techniques.

Developed by GreyDGL, this tool streamlines and automates various aspects of security assessments, making comprehensive penetration tests more accessible to both seasoned professionals and newcomers.

Table of Contents

What is PentestGPT?

PentestGPT is an open-source project harnessing artificial intelligence to enhance penetration testing capabilities. Developed by GreyDGL, this tool streamlines and automates various aspects of security assessments, making comprehensive penetration tests more accessible to both seasoned professionals and newcomers. Unlike traditional penetration testing tools, PentestGPT shows you how this AI assistant maintains contextual awareness throughout testing sessions, preventing the information loss that commonly occurs with standard GPT models.

PentestGPT System Requirements

Before beginning the PentestGPT setup process, ensure your system meets these requirements:

Operating System: Linux, macOS, or Windows
Python Version: Python 3.10 or higher
API Access: OpenAI, Google, or Deepseek API key
Payment Method: Linked to your chosen AI provider account
Internet Connection: Stable connection for API calls

Step-by-Step PentestGPT Installation Guide

Method 1: Quick Installation with pip

The fastest way to complete the PentestGPT setup is using pip installation:

# Install PentestGPT directly from GitHub
pip3 install git+https://github.com/GreyDGL/PentestGPT

Method 2: Development Installation

For customisation and development, this PentestGPT setup recommends cloning the repository:

# Clone the repository
git clone https://github.com/GreyDGL/PentestGPT
cd PentestGPT

# Install in development mode
pip3 install -e .

PentestGPT API Configuration Setup

OpenAI Configuration (Recommended)

The PentestGPT recommends OpenAI for optimal performance:

# Export your OpenAI API key
export OPENAI_API_KEY='your_openai_api_key_here'

# Optional: Set custom base URL if needed
export OPENAI_BASEURL='https://api.openai.com/v1'

Alternative API Providers

This guide also supports alternative providers:

# For Google Gemini
export GOOGLE_API_KEY='your_google_api_key_here'

# For Deepseek
export DEEPSEEK_API_KEY='your_deepseek_api_key_here'

Testing Your Installation

Verify your PentestGPT configuration with the connection test:

pentestgpt-connection

Expected output should show successful API connection and model access confirmation.

PentestGPT Basic Usage Commands

Starting PentestGPT

Launch PentestGPT with default settings:

# Start with default GPT-4o model
pentestgpt

# Specify different models
pentestgpt --reasoning_model=gpt-4o --parsing_model=gpt-4o

Essential Commands

Once running, use these core commands from the PentestGPT guide:

help: Display available commands and guidance
next: Input test results and receive next step recommendations
more: Get detailed explanations of current testing phase
todo: View current task list and objectives
discuss: Engage in conversation with the AI assistant
quit: Exit and save session logs

Advanced Command Options

# View available models
pentestgpt --models

# Enable logging for improvement
pentestgpt --logging

# Custom log directory
pentestgpt --logDir /path/to/custom/logs

# Multiple model specification
pentestgpt --reasoning deepseek-r1 --parsing gpt-4o

PentestGPT Practical Usage Workflow Guide

Phase 1: Initial Reconnaissance

Start your penetration test by engaging with PentestGPT:

Launch PentestGPT with your preferred model
Describe your target environment
Follow AI-generated reconnaissance steps
Input command outputs using the next command

Phase 2: Vulnerability Assessment

Continue the assessment phase:

Share scan results with PentestGPT
Use more for detailed vulnerability analysis
Follow suggested verification steps
Document findings in the ongoing session

Phase 3: Exploitation and Testing

Execute the penetration testing phase:

Follow AI-recommended exploitation strategies
Input exploitation results for next-step guidance
Use discuss for complex scenario clarification
Maintain session context for comprehensive testing

Sub-task Handler Usage

The PentestGPT includes powerful sub-task handlers accessed via the more command:

Sub-task Commands

brainstorm: Generate multiple solution approaches
discuss: Deep-dive into specific technical issues
continue: Return to main testing session
help: Sub-task specific guidance

Input Methods and Data Types

PentestGPT supports various input types:

tool: Security tool outputs (nmap, burp, etc.)
web: Web page content and analysis
default: General information and observations
user-comments: Personal notes and insights

Use <SHIFT + right arrow> to complete input and <ENTER> for new lines.

Model Selection and Performance

Available Models

Current PentestGPT supports:

OpenAI Models:

gpt-4o (default, recommended)
o3, o4-mini
gpt4all (local option)

Google Models:

gemini-2.5-flash
gemini-2.5-pro

Deepseek Models:

deepseek-r1
deepseek-v3

Performance Recommendations

After empirical evaluation, we find that GPT-4 performs better than GPT-3.5 and other LLMs in terms of penetration testing reasoning. In fact, GPT-3.5 leads to failed test in simple tasks.

Local Model Configuration

For organisations requiring local deployment, PentestGPT includes local model support:

# Use local GPT4ALL models
pentestgpt --reasoning=gpt4all --parsing=gpt4all

Configure custom models by updating module_mapping in pentestgpt/utils/APIs/module_import.py.

Troubleshooting Common Issues

API Connection Problems

Verify API key export: echo $OPENAI_API_KEY
Check account billing setup
Test with pentestgpt-connection
Confirm internet connectivity

Installation Issues

Ensure Python 3.10+ installation
Update pip: pip3 install --upgrade pip
Clear pip cache: pip3 cache purge
Install from fresh clone

Performance Optimisation

Use GPT-4o for best results
Maintain clear, specific inputs
Leverage session context effectively
Regular session saves with quit

Report Generation and Logging

Automatic Logging

PentestGPT includes comprehensive logging:

Session logs saved to logs directory
Automatic report generation on exit
Human-readable format conversion available

Report Processing

Generate professional reports:

python3 utils/report_generator.py <log_file>

Educational Applications

PentestGPT serves as an exceptional educational tool, fostering learning and skill development in penetration testing. Unlike many regular LLMs that restrict cybersecurity-related queries due to potential malicious use, PentestGPT is specifically designed for penetration testing.

Learning Benefits

Unrestricted cybersecurity guidance
Step-by-step methodology explanation
Real-world scenario practice
Continuous skill development

Integration with Existing Tools

Burp Suite Integration

When exploring new technology and incorporating it into your methodology, it’s always a good idea to start by examining what other folks in your space are already doing with that technology. When I initially started going down this path, my BHIS colleague Derek Banks introduced me to a project called burpference.

Future Developments and Related Projects

Cybersecurity AI (CAI) Evolution

The original PentestGPT development team has launched Cybersecurity AI (CAI), representing the next evolution:

Enhanced online searching capabilities
Retrieval-augmented generation (RAG)
Advanced prompting techniques
Continuous security testing features

CAI Repository: https://github.com/aliasrobotics/CAI

Technical Paper: https://arxiv.org/pdf/2504.06017

Upcoming Features

PentestGPT v1.0 development includes:

Improved user interface
Enhanced model support
Advanced reporting capabilities
Better integration options

Additional Resources and Community

Video Tutorials

PentestGPT Installation:

HTB-Jarvis Demonstrations:

HTB-Lame demonstration:

Community Support

Discord Channel: https://discord.gg/eC34CEfEkK

GitHub Repository: https://github.com/GreyDGL/PentestGPT

Related Learning Resources

For additional cybersecurity and AI penetration testing insights:

Advanced Configuration and Customisation

Custom API Endpoints

Configure custom endpoints for enterprise deployments:

export OPENAI_BASEURL='https://your-custom-endpoint.com/v1'

Environment Variables

Complete environment setup:

# Core configuration
export OPENAI_API_KEY='your_key'
export PENTESTGPT_LOG_LEVEL='INFO'
export PENTESTGPT_SESSION_DIR='/path/to/sessions'

# Model preferences
export PENTESTGPT_DEFAULT_MODEL='gpt-4o'
export PENTESTGPT_FALLBACK_MODEL='gpt-4'

Conclusion

This comprehensive guide provides everything needed to successfully install, configure, and utilise this AI-powered penetration testing tool. From basic installation to advanced configuration, the setup guide ensures you can leverage artificial intelligence to enhance your cybersecurity testing capabilities effectively. Remember that PentestGPT serves as an assistant similar to Kali-GPT (but PentestGPT is free) to augment human expertise, not replace it. The tool excels at automation, pattern recognition, and guidance, but skilled security professionals remain essential for complex decision-making and strategic testing approaches. Whether you’re conducting educational exercises, professional assessments, or research activities, this PentestGPT setup guide establishes the foundation for successful AI-enhanced penetration testing workflows.