WatchTowerPT: An LLM-Powered Intelligent Agent Framework for Automated Penetration Testing

WatchTowerPT is an AI-driven autonomous penetration testing tool built on the Claude Code SDK, capable of executing a complete professional penetration testing workflow from reconnaissance to post-exploitation, credential collection, and lateral movement. It marks the entry of penetration testing into a new era of intelligence and automation, aiming to address the pain points of traditional penetration testing—such as reliance on expert experience, high costs, and difficulty in scaling—while providing organizations with efficient and professional security assessment capabilities.

Traditional penetration testing relies heavily on the experience and manual operations of security experts, leading to high costs and difficulty in scaling. WatchTowerPT is designed specifically for authorized targets, adhering to the PTES (Penetration Testing Execution Standard) and CPTS (Hack The Box Certified Penetration Testing Specialist) methodologies. It is not just a collection of tools but an intelligent agent system with decision-making capabilities, able to dynamically adjust testing strategies based on the target environment.

WatchTowerPT supports two methodologies:

1. PTES Six-Phase Methodology: Covers reconnaissance, enumeration, vulnerability analysis, exploitation, post-exploitation, and report generation—suitable for structured penetration testing projects;
2. CPTS Non-Linear Methodology: Uses a host-based state machine model (Discover → Scan → Enumerate → Exploit → Pillage → Control), suitable for flexible Hack The Box-style testing scenarios, allowing path adjustments based on the actual conditions of the host.

The core features of WatchTowerPT include:

• Red Team Mode: Focuses on Remote Code Execution (RCE), using a 12-vector attack queue priority strategy to simulate real attacker behavior;
• Real-Time Dashboard TUI: A dual-panel interface with activity logs on the left and real-time statistics (discoveries, host status, etc.) on the right;
• Professional Report Generation: Automatically generates Markdown/HTML reports containing CVSS scores, PoC commands, and evidence; tool execution records are saved as HTML evidence;
• Multi-Target Parallel Testing: Supports simultaneous testing of multiple targets (3 concurrent agents by default);
• Vulnerability Validation: An independent agent reconfirms potential vulnerabilities to eliminate false positives.

For enterprise-level scenarios, WatchTowerPT provides:

• Active Directory (AD) Specialized Support: Complete AD attack chain (Kerbrute enumeration, AS-REP Roasting, Kerberoasting, BloodHound analysis, DCSync, etc.);
• Evasion Modes: Non-evasive (fast testing), hybrid (balance speed and stealth), evasive (timing/sharding techniques to reduce detection probability);
• NordVPN IP Rotation: Automatically rotates IP when blocked, respecting Kill Switch settings;
• Zero Telemetry Commitment: Does not collect analytical data; all data is retained locally to ensure the security of sensitive testing data.

Tool Integration

• Checks the availability of over 35 tools at startup and automatically installs missing ones (supports package managers like apt, pip, etc.);
• Session Management: Use Ctrl+W to browse/restore/delete historical sessions; use --resume SESSION_ID to continue testing;
• Operator Notes: Use Ctrl+N to add sticky notes, which are automatically saved to disk.

Typical Use Cases

1. Standard PTES Testing: watchtowerpt --target 10.10.11.50
2. Red Team Data Collection: watchtowerpt --target 10.10.11.50 --red-team
3. Internal AD Environment Testing: watchtowerpt --target 10.10.10.0/24 --methodology greybox --ad-domain inlanefreight.local --dc-ip 10.10.10.1

Technical Architecture

Developed based on Python 3.12+, it depends on Node.js 20+ (Claude Code CLI) and the uv package manager. An Anthropic API key or Claude subscription is required for configuration.

Compliance Considerations

Explicitly intended for authorized penetration testing; must be used within legal boundaries. The zero telemetry design ensures data security.

Industry Impact

WatchTowerPT represents the deep application of AI in the cybersecurity field. It improves testing efficiency, reduces reliance on manual experience, enables more organizations to obtain professional-level security assessment capabilities, and is expected to become a standard industry configuration.