PentestGPT setup guide provides everything you need to install, configure, and effectively use this revolutionary AI-powered penetration testing tool. Whether you’re a beginner or experienced security professional, this comprehensive step-by-step guide will walk you through every step from installation to advanced usage techniques.

What is PentestGPT?

PentestGPT is an open-source project harnessing artificial intelligence to enhance penetration testing capabilities. Developed by GreyDGL, this tool streamlines and automates various aspects of security assessments, making comprehensive penetration tests more accessible to both seasoned professionals and newcomers. Unlike traditional penetration testing tools, PentestGPT shows you how this AI assistant maintains contextual awareness throughout testing sessions, preventing the information loss that commonly occurs with standard GPT models.

PentestGPT System Requirements

Before beginning the PentestGPT setup process, ensure your system meets these requirements:

• Operating System: Linux, macOS, or Windows
• Python Version: Python 3.10 or higher
• API Access: OpenAI, Google, or Deepseek API key
• Payment Method: Linked to your chosen AI provider account
• Internet Connection: Stable connection for API calls

Step-by-Step PentestGPT Installation Guide

Method 1: Quick Installation with pip

The fastest way to complete the PentestGPT setup is using pip installation:

# Install PentestGPT directly from GitHub
pip3 install git+https://github.com/GreyDGL/PentestGPT

Method 2: Development Installation

For customisation and development, this PentestGPT setup recommends cloning the repository:

# Clone the repository
git clone https://github.com/GreyDGL/PentestGPT
cd PentestGPT

# Install in development mode
pip3 install -e .

PentestGPT API Configuration Setup

OpenAI Configuration (Recommended)

The PentestGPT recommends OpenAI for optimal performance:

# Export your OpenAI API key
export OPENAI_API_KEY='your_openai_api_key_here'

# Optional: Set custom base URL if needed
export OPENAI_BASEURL='https://api.openai.com/v1'

Alternative API Providers

This guide also supports alternative providers:

# For Google Gemini
export GOOGLE_API_KEY='your_google_api_key_here'

# For Deepseek
export DEEPSEEK_API_KEY='your_deepseek_api_key_here'

Testing Your Installation

Verify your PentestGPT configuration with the connection test:

pentestgpt-connection

Expected output should show successful API connection and model access confirmation.

PentestGPT Basic Usage Commands

Starting PentestGPT

Launch PentestGPT with default settings:

# Start with default GPT-4o model
pentestgpt

# Specify different models
pentestgpt --reasoning_model=gpt-4o --parsing_model=gpt-4o

Essential Commands

Once running, use these core commands from the PentestGPT guide:

• help: Display available commands and guidance
• next: Input test results and receive next step recommendations
• more: Get detailed explanations of current testing phase
• todo: View current task list and objectives
• discuss: Engage in conversation with the AI assistant
• quit: Exit and save session logs

Advanced Command Options

# View available models
pentestgpt --models

# Enable logging for improvement
pentestgpt --logging

# Custom log directory
pentestgpt --logDir /path/to/custom/logs

# Multiple model specification
pentestgpt --reasoning deepseek-r1 --parsing gpt-4o

PentestGPT Practical Usage Workflow Guide

Phase 1: Initial Reconnaissance

Start your penetration test by engaging with PentestGPT:

1. Launch PentestGPT with your preferred model
2. Describe your target environment
3. Follow AI-generated reconnaissance steps
4. Input command outputs using the next command

Phase 2: Vulnerability Assessment

Continue the assessment phase:

1. Share scan results with PentestGPT
2. Use more for detailed vulnerability analysis
3. Follow suggested verification steps
4. Document findings in the ongoing session

Phase 3: Exploitation and Testing

Execute the penetration testing phase:

1. Follow AI-recommended exploitation strategies
2. Input exploitation results for next-step guidance
3. Use discuss for complex scenario clarification
4. Maintain session context for comprehensive testing

Sub-task Handler Usage

The PentestGPT includes powerful sub-task handlers accessed via the more command:

Sub-task Commands

• brainstorm: Generate multiple solution approaches
• discuss: Deep-dive into specific technical issues
• continue: Return to main testing session
• help: Sub-task specific guidance

Input Methods and Data Types

PentestGPT supports various input types:

• tool: Security tool outputs (nmap, burp, etc.)
• web: Web page content and analysis
• default: General information and observations
• user-comments: Personal notes and insights

Use <SHIFT + right arrow> to complete input and <ENTER> for new lines.

Model Selection and Performance

Available Models

Current PentestGPT supports:

OpenAI Models:

• gpt-4o (default, recommended)
• o3, o4-mini
• gpt4all (local option)

Google Models:

• gemini-2.5-flash
• gemini-2.5-pro

Deepseek Models:

• deepseek-r1
• deepseek-v3

Performance Recommendations

After empirical evaluation, we find that GPT-4 performs better than GPT-3.5 and other LLMs in terms of penetration testing reasoning. In fact, GPT-3.5 leads to failed test in simple tasks.

Local Model Configuration

For organisations requiring local deployment, PentestGPT includes local model support:

# Use local GPT4ALL models
pentestgpt --reasoning=gpt4all --parsing=gpt4all

Configure custom models by updating module_mapping in pentestgpt/utils/APIs/module_import.py.

Troubleshooting Common Issues

API Connection Problems

1. Verify API key export: echo $OPENAI_API_KEY
2. Check account billing setup
3. Test with pentestgpt-connection
4. Confirm internet connectivity

Installation Issues

1. Ensure Python 3.10+ installation
2. Update pip: pip3 install --upgrade pip
3. Clear pip cache: pip3 cache purge
4. Install from fresh clone

Performance Optimisation

1. Use GPT-4o for best results
2. Maintain clear, specific inputs
3. Leverage session context effectively
4. Regular session saves with quit

Report Generation and Logging

Automatic Logging

PentestGPT includes comprehensive logging:

• Session logs saved to logs directory
• Automatic report generation on exit
• Human-readable format conversion available

Report Processing

Generate professional reports:

python3 utils/report_generator.py <log_file>

Educational Applications

PentestGPT serves as an exceptional educational tool, fostering learning and skill development in penetration testing. Unlike many regular LLMs that restrict cybersecurity-related queries due to potential malicious use, PentestGPT is specifically designed for penetration testing.

Learning Benefits

• Unrestricted cybersecurity guidance
• Step-by-step methodology explanation
• Real-world scenario practice
• Continuous skill development

Integration with Existing Tools

Burp Suite Integration

When exploring new technology and incorporating it into your methodology, it’s always a good idea to start by examining what other folks in your space are already doing with that technology. When I initially started going down this path, my BHIS colleague Derek Banks introduced me to a project called burpference.

Future Developments and Related Projects

Cybersecurity AI (CAI) Evolution

The original PentestGPT development team has launched Cybersecurity AI (CAI), representing the next evolution:

• Enhanced online searching capabilities
• Retrieval-augmented generation (RAG)
• Advanced prompting techniques
• Continuous security testing features

CAI Repository: https://github.com/aliasrobotics/CAI

Technical Paper: https://arxiv.org/pdf/2504.06017

Upcoming Features

PentestGPT v1.0 development includes:

• Improved user interface
• Enhanced model support
• Advanced reporting capabilities
• Better integration options

Additional Resources and Community

Video Tutorials

PentestGPT Installation:

HTB-Jarvis Demonstrations:

HTB-Lame demonstration:

Community Support

Discord Channel: https://discord.gg/eC34CEfEkK

GitHub Repository: https://github.com/GreyDGL/PentestGPT

Related Learning Resources

For additional cybersecurity and AI penetration testing insights:

Advanced Configuration and Customisation

Custom API Endpoints

Configure custom endpoints for enterprise deployments:

export OPENAI_BASEURL='https://your-custom-endpoint.com/v1'

Environment Variables

Complete environment setup:

# Core configuration
export OPENAI_API_KEY='your_key'
export PENTESTGPT_LOG_LEVEL='INFO'
export PENTESTGPT_SESSION_DIR='/path/to/sessions'

# Model preferences
export PENTESTGPT_DEFAULT_MODEL='gpt-4o'
export PENTESTGPT_FALLBACK_MODEL='gpt-4'

Conclusion

This comprehensive guide provides everything needed to successfully install, configure, and utilise this AI-powered penetration testing tool. From basic installation to advanced configuration, the setup guide ensures you can leverage artificial intelligence to enhance your cybersecurity testing capabilities effectively. Remember that PentestGPT serves as an assistant similar to Kali-GPT (but PentestGPT is free) to augment human expertise, not replace it. The tool excels at automation, pattern recognition, and guidance, but skilled security professionals remain essential for complex decision-making and strategic testing approaches. Whether you’re conducting educational exercises, professional assessments, or research activities, this PentestGPT setup guide establishes the foundation for successful AI-enhanced penetration testing workflows.