docs: make Chinese README the default
CI / Test (push) Has been cancelled
CI / Type Check (push) Has been cancelled
CI / Docker Tests (push) Has been cancelled
CI / Build (push) Has been cancelled
CI / Lint (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 11:12:47 +00:00
parent 9b4c40f58c
commit 2b91a42d89
+74 -76
View File
@@ -1,3 +1,9 @@
<!-- WEHUB_ZH_README -->
> [!NOTE]
> 本文档由 WeHub 基于上游 README 翻译整理,属于社区翻译,非官方中文文档。
> [English](./README.en.md) · [原始项目](https://github.com/GreyDGL/PentestGPT) · [上游 README](https://github.com/GreyDGL/PentestGPT/blob/HEAD/README.md)
> 原作者、版权与许可证归属以原始项目及本仓库 LICENSE 文件为准。
<!-- Improved compatibility of back to top link: See: https://github.com/othneildrew/Best-README-Template/pull/73 -->
<a name="readme-top"></a>
@@ -16,19 +22,19 @@
<h3 align="center">PentestGPT</h3>
<p align="center">
AI-Powered Autonomous Penetration Testing Agent
AI 驱动的自主渗透测试智能体
<br />
<strong>Published at USENIX Security 2024</strong>
<strong>发表于 USENIX Security 2024</strong>
<br />
<br />
<a href="https://pentestgpt.com"><strong>Official Website: pentestgpt.com »</strong></a>
<a href="https://pentestgpt.com"><strong>官方网站:pentestgpt.com »</strong></a>
<br />
<br />
<a href="https://www.usenix.org/conference/usenixsecurity24/presentation/deng">Research Paper</a>
<a href="https://www.usenix.org/conference/usenixsecurity24/presentation/deng">研究论文</a>
·
<a href="https://github.com/GreyDGL/PentestGPT/issues">Report Bug</a>
<a href="https://github.com/GreyDGL/PentestGPT/issues">报告 Bug</a>
·
<a href="https://github.com/GreyDGL/PentestGPT/issues">Request Feature</a>
<a href="https://github.com/GreyDGL/PentestGPT/issues">请求功能</a>
</p>
</div>
@@ -37,51 +43,49 @@
---
## Demo
## 演示
### Installation
### 安装
[![Installation Demo](https://asciinema.org/a/761661.svg)](https://asciinema.org/a/761661)
[Watch on YouTube](https://www.youtube.com/watch?v=RUNmoXqBwVg)
[ YouTube 观看](https://www.youtube.com/watch?v=RUNmoXqBwVg)
### PentestGPT in Action
### PentestGPT 实战
[![PentestGPT Demo](https://asciinema.org/a/761663.svg)](https://asciinema.org/a/761663)
[Watch on YouTube](https://www.youtube.com/watch?v=cWi3Yb7RmZA)
[ YouTube 观看](https://www.youtube.com/watch?v=cWi3Yb7RmZA)
---
## What's New in v1.0 (Agentic Upgrade)
## v1.0 新特性(Agentic 升级)
- **Iteration Loop** - The agent runs continuously, maintains a context file with progress, and restarts with prior context when hitting limits. Loop terminates on flag capture or max iterations.
- **Autonomous Agent** - Agentic pipeline for intelligent, autonomous penetration testing
- **Session Persistence** - Save and resume penetration testing sessions
- **迭代循环(Iteration Loop** - 智能体持续运行,维护记录进度的上下文文件,并在触及限制时携带先前上下文重启。循环在捕获 flag 或达到最大迭代次数时终止。
- **自主智能体(Autonomous Agent** - 用于智能、自主渗透测试的智能体流水线
- **会话持久化(Session Persistence** - 保存并恢复渗透测试会话
> **Multi-model support** is available today in the interactive **modernized legacy** mode
> (`pentestgpt-legacy`) — OpenAI, Anthropic, Google Gemini, DeepSeek, xAI, Qwen, Moonshot, and
> local Ollama. See [Interactive Multi-LLM Mode](#interactive-multi-llm-mode-modernized-legacy).
> 交互式**现代化遗留(modernized legacy**模式现已支持**多模型**`pentestgpt-legacy`)—— OpenAI、Anthropic、Google Gemini、DeepSeek、xAI、Qwen、Moonshot 以及本地 Ollama。参见[交互式多 LLM 模式](#interactive-multi-llm-mode-modernized-legacy)。
---
## Features
## 功能特性
- **AI-Powered Challenge Solver** - Leverages LLM advanced reasoning to perform penetration testing and CTFs
- **Live Walkthrough** - Tracks steps in real-time as the agent works through challenges
- **Multi-Category Support** - Web, Crypto, Reversing, Forensics, PWN, Privilege Escalation
- **Real-Time Feedback** - Watch the AI work with live activity updates
- **Extensible Architecture** - Clean, modular design ready for future enhancements
- **AI 驱动的挑战求解器** - 利用 LLM 的高级推理能力执行渗透测试与 CTF
- **实时演练(Live Walkthrough** - 在智能体攻克挑战时实时跟踪步骤
- **多类别支持** - WebCryptoReversingForensicsPWN、权限提升(Privilege Escalation
- **实时反馈** - 通过实时活动更新观察 AI 的工作过程
- **可扩展架构** - 简洁、模块化的设计,便于未来增强
---
## Quick Start
## 快速开始
### Prerequisites
### 前置条件
- **Python 3.12+**
- **[uv](https://docs.astral.sh/uv/)** - Python package manager
- **Claude Code CLI** (`claude`) - installed and authenticated. See [Claude Code docs](https://docs.anthropic.com/en/docs/claude-code)
- **[uv](https://docs.astral.sh/uv/)** - Python 包管理器
- **Claude Code CLI** (`claude`) - 已安装并完成认证。参见 [Claude Code 文档](https://docs.anthropic.com/en/docs/claude-code)
### Installation
### 安装
```bash
git clone https://github.com/GreyDGL/PentestGPT.git
@@ -89,18 +93,18 @@ cd PentestGPT
make install # runs uv sync
```
### Commands Reference
### 命令参考
| Command | Description |
|---------|-------------|
| `make install` | Install dependencies |
| `make test` | Run all tests |
| `make check` | Run lint + typecheck |
| `make build` | Build distributable package |
| `make install` | 安装依赖 |
| `make test` | 运行全部测试 |
| `make check` | 运行 lint + typecheck |
| `make build` | 构建可分发包 |
---
## Usage
## 用法
```bash
# Run against a target
@@ -113,29 +117,24 @@ pentestgpt --target 10.10.11.50 --instruction "WordPress site, focus on plugin v
pentestgpt --target 10.10.11.234 --max-iterations 5
```
The agent runs in an **iteration loop**: it works autonomously, maintains a context file with progress, and restarts with prior context when hitting limits. The loop terminates on flag capture or max iterations (default: 10).
智能体在**迭代循环**中运行:它自主工作,维护记录进度的上下文文件,并在触及限制时携带先前上下文重启。循环在捕获 flag 或达到最大迭代次数(默认:10)时终止。
---
## Interactive Multi-LLM Mode (modernized legacy)
## 交互式多 LLM 模式(现代化遗留)
The classic, human-in-the-loop PentestGPT from the USENIX 2024 paper is preserved and
modernized as `pentestgpt-legacy`. It runs three cooperating LLM sessions —
**reasoning / generation / parsing** — that maintain a **Pentesting Task Tree (PTT)** while you
drive the session interactively (`next`, `more`, `todo`, `discuss`). Unlike the autonomous agent
(Claude-only), this mode talks **natively** to many providers via their official SDKs.
USENIX 2024 论文中的经典人机协同 PentestGPT 得以保留,并现代化为 `pentestgpt-legacy`。它运行三个协作的 LLM 会话——**推理 / 生成 / 解析**——在由你交互式驱动会话的同时(`next``more``todo``discuss`)维护**渗透测试任务树(Pentesting Task TreePTT**。与自主智能体(仅 Claude)不同,此模式通过各提供商的官方 SDK **原生**对接多家提供商。
### Configure providers
### 配置提供商
Set an API key for any provider you want to use (in your environment or `.env` — see
`.env.example`). Only the providers you configure are enabled.
为要使用的任意提供商设置 API 密钥(在环境变量中或 `.env` 中——参见 `.env.example`)。仅启用已配置的提供商。
```bash
OPENAI_API_KEY=... ANTHROPIC_API_KEY=... GEMINI_API_KEY=... # or GOOGLE_API_KEY
DEEPSEEK_API_KEY=... GROK_API_KEY=... QWEN_API_KEY=... KIMI_API_KEY=...
```
### Run
### 运行
```bash
# Auto-pick the best available models for each session
@@ -154,10 +153,9 @@ pentestgpt-legacy --list-models
pentestgpt-legacy --smoke-test
```
### Supported models (web-verified June 2026)
### 支持的模型(2026 年 6 月经网页核实)
`pentestgpt-legacy --list-models` always renders the live registry. Re-run `--smoke-test`
after model IDs change. Current snapshot:
`pentestgpt-legacy --list-models` 始终渲染实时注册表。模型 ID 变更后请重新运行 `--smoke-test`。当前快照:
| Provider | Current models | Legacy (kept) | Env key |
|----------|----------------|---------------|---------|
@@ -166,25 +164,25 @@ after model IDs change. Current snapshot:
| **Google Gemini** | `gemini-3.1-pro`, `gemini-3.5-flash`, `gemini-3-pro`, `gemini-3.1-flash-lite` | `gemini-2.5-pro`, `gemini-2.5-flash` | `GEMINI_API_KEY` / `GOOGLE_API_KEY` |
| **DeepSeek** | `deepseek-v4-flash`, `deepseek-v4-pro` | `deepseek-chat`, `deepseek-reasoner` | `DEEPSEEK_API_KEY` |
| **xAI Grok** | `grok-4.3` | — | `GROK_API_KEY` / `XAI_API_KEY` |
| **Alibaba Qwen** | `qwen3.7-max`, `qwen3.5-flash` | `qwen3-max` | `QWEN_API_KEY` / `DASHSCOPE_API_KEY` |
| **Moonshot Kimi** | `kimi-k2.6` | — | `KIMI_API_KEY` (`.cn` default; set `MOONSHOT_BASE_URL` for `.ai`) |
| **Alibaba Qwen** | `qwen3.7-max`, `qwen3.5-flash`, `qwen3-max` | `QWEN_API_KEY` / `DASHSCOPE_API_KEY` |
| **Moonshot Kimi** | `kimi-k2.6` | — | `KIMI_API_KEY` (`.cn` 默认;设置 `MOONSHOT_BASE_URL` 以使用 `.ai`) |
| **Local (Ollama)** | `ollama:<model>` (e.g. `ollama:qwen3`) | — | none (`OLLAMA_BASE_URL`) |
> The registry lives in `pentestgpt_legacy/llm/registry.py` (the single source of truth).
> Adding a model is one `ModelSpec` entry; OpenAI-compatible providers reuse one connector.
> 注册表位于 `pentestgpt_legacy/llm/registry.py`(唯一真实来源)。
> 添加模型只需一条 `ModelSpec` 条目;OpenAI 兼容提供商复用同一连接器。
---
## Telemetry
## 遥测(Telemetry
PentestGPT collects anonymous usage data to help improve the tool. This data is sent to our [Langfuse](https://langfuse.com) project and includes:
- Session metadata (target type, duration, completion status)
- Tool execution patterns (which tools are used, not the actual commands)
- Flag detection events (that a flag was found, not the flag content)
PentestGPT 收集匿名使用数据以帮助改进工具。这些数据会发送至我们的 [Langfuse](https://langfuse.com) 项目,包括:
- 会话元数据(目标类型、持续时间、完成状态)
- 工具执行模式(使用了哪些工具,而非实际命令)
- Flag 检测事件(检测到 flag,而非 flag 内容)
**No sensitive data is collected** - command outputs, credentials, or actual flag values are never transmitted.
**不收集敏感数据** - 命令输出、凭据或实际 flag 值绝不会被传输。
### Opting Out
### 选择退出
```bash
# Via command line flag
@@ -196,22 +194,22 @@ export LANGFUSE_ENABLED=false
---
## Benchmarks
## 基准测试
PentestGPT achieved an **86.5% success rate** (90/104 benchmarks) on the XBOW validation suite:
PentestGPT 在 XBOW 验证套件上达到 **86.5% 成功率**104 项基准中的 90 项):
- **Cost**: Average $1.11, Median $0.42 per successful benchmark
- **Time**: Average 6.1 minutes, Median 3.3 minutes per successful benchmark
- **Success rates by difficulty**:
- Level 1: 91.1%
- Level 2: 74.5%
- Level 3: 62.5%
- **成本**:每项成功基准平均 $1.11,中位数 $0.42
- **时间**:每项成功基准平均 6.1 分钟,中位数 3.3 分钟
- **按难度划分的成功率**
- Level 191.1%
- Level 274.5%
- Level 362.5%
---
## Citation
## 引用
If you use PentestGPT in your research, please cite our paper:
若你在研究中使用 PentestGPT,请引用我们的论文:
```bibtex
@inproceedings{299699,
@@ -230,19 +228,19 @@ If you use PentestGPT in your research, please cite our paper:
---
## License
## 许可证
Distributed under the MIT License. See `LICENSE.md` for more information.
根据 MIT License 发布。更多信息请参见 `LICENSE.md`
**Disclaimer**: This tool is for educational purposes and authorized security testing only. The authors do not condone any illegal use. Use at your own risk.
**免责声明**:本工具仅供教育用途和经授权的安全测试(authorized security testing)使用。作者不赞成任何非法用途。使用风险自负。
---
## Acknowledgments
## 致谢
- Research supported by [Quantstamp](https://www.quantstamp.com/) and [NTU Singapore](https://www.ntu.edu.sg/)
- 研究得到 [Quantstamp](https://www.quantstamp.com/) [NTU Singapore](https://www.ntu.edu.sg/) 的支持
<p align="right">(<a href="#readme-top">back to top</a>)</p>
<p align="right">(<a href="#readme-top">返回顶部</a>)</p>
<!-- MARKDOWN LINKS & IMAGES -->
[contributors-shield]: https://img.shields.io/github/contributors/GreyDGL/PentestGPT.svg?style=for-the-badge