PentestGPT setup guide provides everything you need to install, configure, and effectively use this revolutionary AI-powered penetration testing tool. Whether you’re a beginner or experienced security professional, this comprehensive step-by-step guide will walk you through every step from installation to advanced usage techniques.
Developed by GreyDGL, this tool streamlines and automates various aspects of security assessments, making comprehensive penetration tests more accessible to both seasoned professionals and newcomers.
Table of Contents
What is PentestGPT?
PentestGPT is an open-source project harnessing artificial intelligence to enhance penetration testing capabilities. Developed by GreyDGL, this tool streamlines and automates various aspects of security assessments, making comprehensive penetration tests more accessible to both seasoned professionals and newcomers. Unlike traditional penetration testing tools, PentestGPT shows you how this AI assistant maintains contextual awareness throughout testing sessions, preventing the information loss that commonly occurs with standard GPT models.
PentestGPT System Requirements
Before beginning the PentestGPT setup process, ensure your system meets these requirements:
- Operating System: Linux, macOS, or Windows
- Python Version: Python 3.10 or higher
- API Access: OpenAI, Google, or Deepseek API key
- Payment Method: Linked to your chosen AI provider account
- Internet Connection: Stable connection for API calls
Step-by-Step PentestGPT Installation Guide
Method 1: Quick Installation with pip
The fastest way to complete the PentestGPT setup is using pip installation:
# Install PentestGPT directly from GitHub pip3 install git+https://github.com/GreyDGL/PentestGPT
Method 2: Development Installation
For customisation and development, this PentestGPT setup recommends cloning the repository:
# Clone the repository git clone https://github.com/GreyDGL/PentestGPT cd PentestGPT # Install in development mode pip3 install -e .
PentestGPT API Configuration Setup
OpenAI Configuration (Recommended)
The PentestGPT recommends OpenAI for optimal performance:
# Export your OpenAI API key export OPENAI_API_KEY='your_openai_api_key_here' # Optional: Set custom base URL if needed export OPENAI_BASEURL='https://api.openai.com/v1'
Alternative API Providers
This guide also supports alternative providers:
# For Google Gemini export GOOGLE_API_KEY='your_google_api_key_here' # For Deepseek export DEEPSEEK_API_KEY='your_deepseek_api_key_here'
Testing Your Installation
Verify your PentestGPT configuration with the connection test:
pentestgpt-connection
Expected output should show successful API connection and model access confirmation.
PentestGPT Basic Usage Commands
Starting PentestGPT
Launch PentestGPT with default settings:
# Start with default GPT-4o model pentestgpt # Specify different models pentestgpt --reasoning_model=gpt-4o --parsing_model=gpt-4o
Essential Commands
Once running, use these core commands from the PentestGPT guide:
help: Display available commands and guidancenext: Input test results and receive next step recommendationsmore: Get detailed explanations of current testing phasetodo: View current task list and objectivesdiscuss: Engage in conversation with the AI assistantquit: Exit and save session logs
Advanced Command Options
# View available models pentestgpt --models # Enable logging for improvement pentestgpt --logging # Custom log directory pentestgpt --logDir /path/to/custom/logs # Multiple model specification pentestgpt --reasoning deepseek-r1 --parsing gpt-4o
PentestGPT Practical Usage Workflow Guide
Phase 1: Initial Reconnaissance
Start your penetration test by engaging with PentestGPT:
- Launch PentestGPT with your preferred model
- Describe your target environment
- Follow AI-generated reconnaissance steps
- Input command outputs using the
nextcommand
Phase 2: Vulnerability Assessment
Continue the assessment phase:
- Share scan results with PentestGPT
- Use
morefor detailed vulnerability analysis - Follow suggested verification steps
- Document findings in the ongoing session
Phase 3: Exploitation and Testing
Execute the penetration testing phase:
- Follow AI-recommended exploitation strategies
- Input exploitation results for next-step guidance
- Use
discussfor complex scenario clarification - Maintain session context for comprehensive testing
Sub-task Handler Usage
The PentestGPT includes powerful sub-task handlers accessed via the more command:
Sub-task Commands
brainstorm: Generate multiple solution approachesdiscuss: Deep-dive into specific technical issuescontinue: Return to main testing sessionhelp: Sub-task specific guidance
Input Methods and Data Types
PentestGPT supports various input types:
- tool: Security tool outputs (nmap, burp, etc.)
- web: Web page content and analysis
- default: General information and observations
- user-comments: Personal notes and insights
Use <SHIFT + right arrow> to complete input and <ENTER> for new lines.
Model Selection and Performance
Available Models
Current PentestGPT supports:
OpenAI Models:
- gpt-4o (default, recommended)
- o3, o4-mini
- gpt4all (local option)
Google Models:
- gemini-2.5-flash
- gemini-2.5-pro
Deepseek Models:
- deepseek-r1
- deepseek-v3
Performance Recommendations
After empirical evaluation, we find that GPT-4 performs better than GPT-3.5 and other LLMs in terms of penetration testing reasoning. In fact, GPT-3.5 leads to failed test in simple tasks.
Local Model Configuration
For organisations requiring local deployment, PentestGPT includes local model support:
# Use local GPT4ALL models pentestgpt --reasoning=gpt4all --parsing=gpt4all
Configure custom models by updating module_mapping in pentestgpt/utils/APIs/module_import.py.
Troubleshooting Common Issues
API Connection Problems
- Verify API key export:
echo $OPENAI_API_KEY - Check account billing setup
- Test with
pentestgpt-connection - Confirm internet connectivity
Installation Issues
- Ensure Python 3.10+ installation
- Update pip:
pip3 install --upgrade pip - Clear pip cache:
pip3 cache purge - Install from fresh clone
Performance Optimisation
- Use GPT-4o for best results
- Maintain clear, specific inputs
- Leverage session context effectively
- Regular session saves with
quit
Report Generation and Logging
Automatic Logging
PentestGPT includes comprehensive logging:
- Session logs saved to
logsdirectory - Automatic report generation on exit
- Human-readable format conversion available
Report Processing
Generate professional reports:
python3 utils/report_generator.py <log_file>
Educational Applications
PentestGPT serves as an exceptional educational tool, fostering learning and skill development in penetration testing. Unlike many regular LLMs that restrict cybersecurity-related queries due to potential malicious use, PentestGPT is specifically designed for penetration testing.
Learning Benefits
- Unrestricted cybersecurity guidance
- Step-by-step methodology explanation
- Real-world scenario practice
- Continuous skill development
Integration with Existing Tools
Burp Suite Integration
When exploring new technology and incorporating it into your methodology, it’s always a good idea to start by examining what other folks in your space are already doing with that technology. When I initially started going down this path, my BHIS colleague Derek Banks introduced me to a project called burpference.
Future Developments and Related Projects
Cybersecurity AI (CAI) Evolution
The original PentestGPT development team has launched Cybersecurity AI (CAI), representing the next evolution:
- Enhanced online searching capabilities
- Retrieval-augmented generation (RAG)
- Advanced prompting techniques
- Continuous security testing features
CAI Repository: https://github.com/aliasrobotics/CAI
Technical Paper: https://arxiv.org/pdf/2504.06017
Upcoming Features
PentestGPT v1.0 development includes:
- Improved user interface
- Enhanced model support
- Advanced reporting capabilities
- Better integration options
Additional Resources and Community
Video Tutorials
PentestGPT Installation:
HTB-Jarvis Demonstrations:
HTB-Lame demonstration:
Community Support
Discord Channel: https://discord.gg/eC34CEfEkK
GitHub Repository: https://github.com/GreyDGL/PentestGPT
Related Learning Resources
For additional cybersecurity and AI penetration testing insights:
Advanced Configuration and Customisation
Custom API Endpoints
Configure custom endpoints for enterprise deployments:
export OPENAI_BASEURL='https://your-custom-endpoint.com/v1'
Environment Variables
Complete environment setup:
# Core configuration export OPENAI_API_KEY='your_key' export PENTESTGPT_LOG_LEVEL='INFO' export PENTESTGPT_SESSION_DIR='/path/to/sessions' # Model preferences export PENTESTGPT_DEFAULT_MODEL='gpt-4o' export PENTESTGPT_FALLBACK_MODEL='gpt-4'
Conclusion
This comprehensive guide provides everything needed to successfully install, configure, and utilise this AI-powered penetration testing tool. From basic installation to advanced configuration, the setup guide ensures you can leverage artificial intelligence to enhance your cybersecurity testing capabilities effectively. Remember that PentestGPT serves as an assistant similar to Kali-GPT (but PentestGPT is free) to augment human expertise, not replace it. The tool excels at automation, pattern recognition, and guidance, but skilled security professionals remain essential for complex decision-making and strategic testing approaches. Whether you’re conducting educational exercises, professional assessments, or research activities, this PentestGPT setup guide establishes the foundation for successful AI-enhanced penetration testing workflows.
Discover more from blackMORE Ops
Subscribe to get the latest posts sent to your email.