Hugging Face's logo

Spaces:
ScottzillaSystems
/
Pentesting-Agent-Zero
Running

App Files Community
ScottzillaSystems commited on
Commit
1e3916f
Β·
verified Β·
1 Parent(s): a8c5381

Upload README.md

Browse files
Files changed (1) hide show
  1. README.md +81 -7
README.md CHANGED
@@ -1,13 +1,87 @@
1
  ---
2
  title: Pentesting Agent Zero
3
- emoji: ⚑
4
- colorFrom: red
5
- colorTo: red
6
  sdk: gradio
7
- sdk_version: 6.14.0
8
- python_version: '3.13'
9
  app_file: app.py
10
- pinned: false
 
 
 
 
 
 
 
 
11
  ---
12
 
13
- Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
  ---
2
  title: Pentesting Agent Zero
3
+ emoji: πŸ›‘οΈ
4
+ colorFrom: gray
5
+ colorTo: green
6
  sdk: gradio
7
+ sdk_version: 5.0.0
 
8
  app_file: app.py
9
+ pinned: true
10
+ mcp: true
11
+ tags:
12
+ - mcp-server
13
+ - security
14
+ - pentesting
15
+ - agent
16
+ - autonomous
17
+ - prompt-injection-defense
18
  ---
19
 
20
+ # πŸ›‘οΈ Pentesting Agent Zero
21
+
22
+ **Autonomous AI-Driven Penetration Testing Agent**
23
+
24
+ Agent Zero is a cutting-edge autonomous penetration testing agent that combines:
25
+ - **MCP Server Integration** β€” 13 pentesting tools exposed as MCP endpoints
26
+ - **smolagents AI Agent** β€” Autonomous task decomposition and tool orchestration
27
+ - **Nettacker Integration** β€” OWASP Nettacker for automated vulnerability scanning
28
+ - **Automatic Prompt Injection Defense** β€” All model inputs automatically scanned and sanitized
29
+
30
+ ## πŸš€ Quick Start
31
+
32
+ 1. Open the Space at https://huggingface.co/spaces/ScottzillaSystems/Pentesting-Agent-Zero
33
+ 2. Type a pentesting task: e.g., "Scan ports on scanme.nmap.org"
34
+ 3. Use `/help` for command reference
35
+
36
+ ## πŸ”Œ MCP Integration
37
+
38
+ This Space exposes all pentesting tools as MCP endpoints. Connect via:
39
+
40
+ - **MCP Endpoint**: `https://scottzillasystems-pentesting-agent-zero.hf.space/gradio_api/mcp/sse`
41
+ - **Tool Schema**: `https://scottzillasystems-pentesting-agent-zero.hf.space/gradio_api/mcp/schema`
42
+
43
+ Add to your MCP client configuration:
44
+ ```json
45
+ {
46
+ "mcpServers": {
47
+ "agent-zero": {
48
+ "url": "https://scottzillasystems-pentesting-agent-zero.hf.space/gradio_api/mcp/sse"
49
+ }
50
+ }
51
+ }
52
+ ```
53
+
54
+ ## πŸ› οΈ Available MCP Tools
55
+
56
+ | Tool | Description |
57
+ |------|-------------|
58
+ | `nmap_scan` | Network port scanning with Nmap |
59
+ | `subdomain_enum` | Subdomain enumeration via DNS & cert transparency |
60
+ | `osint_gather` | OSINT gathering with theHarvester |
61
+ | `web_vuln_scan` | Web vulnerability scanning (Nikto + Nuclei) |
62
+ | `sql_injection_test` | SQL injection testing with SQLMap |
63
+ | `password_audit` | Password/hash cracking with hashcat/john |
64
+ | `directory_bruteforce` | Directory bruteforce with gobuster/ffuf |
65
+ | `packet_capture` | Network packet capture with tshark |
66
+ | `nettacker_scan` | OWASP Nettacker automated scanning |
67
+ | `exploit_search` | ExploitDB/searchsploit lookup |
68
+ | `generate_report` | Pentest report generation |
69
+ | `ai_security_analysis` | AI-powered security analysis |
70
+ | `agent_status` | Agent status and health check |
71
+
72
+ ## πŸ›‘οΈ Prompt Injection Defense
73
+
74
+ Agent Zero implements automatic prompt injection protection across all AI model interactions:
75
+ - Pattern-based detection (18+ injection patterns)
76
+ - Regex-based boundary detection
77
+ - Instruction integrity seals with hash verification
78
+ - Automatic input sanitization
79
+ - Real-time defense logging
80
+
81
+ ## ⚠️ Disclaimer
82
+
83
+ **FOR AUTHORIZED TESTING ONLY.** Agent Zero must only be used against systems you own or have explicit written permission to test. Unauthorized scanning may be illegal in your jurisdiction.
84
+
85
+ ## πŸ“„ License
86
+
87
+ MIT β€” See LICENSE file.