pentest-ai

v0.10.2 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 25d Offensive & Pentesting

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

ai-security bug-bounty claude ctf security exploit

+12 more

exploit-chaining hacking-tools mcp model-context-protocol nmap offensive-security osint penetration-testing pentest-ai pentesting python vulnerability-scanning

Affected surfaces

auth

Summary

AI summary

Updates Deprecated, Tests, and docs/credentialed-scans.md across a mixed release.

Full changelog

Added — auth profile system

A complete redesign of how ptai handles target credentials. See docs/credentialed-scans.md.

pentest-ai auth profile add <name> — interactive wizard to create an auth profile
pentest-ai auth profile list / show / remove / use / current — full CRUD
pentest-ai auth profile import-from-flags — one-line migration from legacy --login-* flags
--auth-profile <name> flag on ptai start — replaces 6+ legacy flags
pentest-ai chain prof1=target1 prof2=target2 ... — sequential multi-target scans, each with its own auth context
Playbooks accept auth_profile: <name> key
Four credential sources: env vars, 1Password CLI (op://), HashiCorp Vault, AWS Secrets Manager

Security

MCP credential safety: authenticated_scan, test_web_app, test_active_directory, test_cloud now accept auth_profile parameter. Credentials are resolved server-side and never enter the LLM context window. Previously, raw passwords flowed through the MCP request payload to Claude / Cursor / Desktop. Recommended security update for all MCP users.
Profile file at ~/.pentest-ai/auth-profiles.yaml enforced at mode 0600 on every write; refuses to load if perms are wider.
New SecureCredential in-memory class redacts on repr/str/format/json/pickle.
Resolvers fail closed: missing dependency or unreachable backend raises SecurityError instead of falling back to a plaintext prompt.
Playbooks refuse to load if they contain bare password:, token:, or secret: keys (defense in depth against committing creds to YAML).

Deprecated (will be removed in 0.11)

MCP password= / bearer_token= / credentials= parameters. Use auth_profile=. Old params still work but emit a deprecation warning.
--basic-auth user:pass CLI flag (passes credential on argv). Use a profile.

Backward compatibility

All existing CLI flags (--login-url, --login-user, --login-password-env, etc.) continue to work unchanged. Migration is optional; the new system is purely additive until 0.11.

Tests

94 new tests across credential resolvers, profile manager, MCP integration, chain command, playbook integration, and migration tooling
5 sentinel-leak tests verifying credential values never appear in profile files, logs, MCP payloads, or process argv
All 586 existing tests still pass

Security Fixes

MCP credentials no longer flow through LLM context; resolved server‑side via auth_profile parameter
Profile file enforced with mode 0600; SecureCredential redacts sensitive data; resolvers fail closed on missing dependencies; playbooks reject bare password/token/secret keys

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track pentest-ai

Get notified when new releases ship.

About pentest-ai

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

All releases →