frontpage.

PenPeeper – An Open-Source Pentesting Engagement Manager (with Optional AI)

Most pentesting tools I’ve used fall into one of two buckets:

absurdly expensive enterprise SaaS

open-source tools that don’t help once scanning is done

PenPeeper is my attempt to fix that.

What it is

A free, open-source, self-hosted pentesting engagement manager that focuses on the boring but critical parts:

scoping & engagement tracking

vulnerability management

reporting

tying everything together in one workflow

The AI part (optional, not magic)

PenPeeper can integrate with local or external LLMs (Ollama, LM Studio, ChatGPT, Claude, Gemini, OpenRouter).

Runs on Windows (via WSL integration), MacOS, Linux

The goal isn’t “AI replaces pentesters.” It’s:

faster vuln analysis

better first-draft reports

less copy-pasting between tools

You can run it fully local. You can turn AI off entirely.

Why I built it

Commercial tools are overpriced and locked down. Most open-source tools stop at scanning. Reporting is still manual, repetitive, and error-prone.

That gap is what PenPeeper is trying to cover.

Status

Early but stable

Actively developed

Looking for real pentester feedback (not hype)

Links

Site: https://penpeeper.com

GitHub: https://github.com/chetstriker/PenPeeper

Feedback I want

What part of your pentest workflow is still the most painful?

Where does AI actually help vs get in the way?

What would make this worth using on a real engagement?

Happy to answer technical questions or take criticism.

'AI' is a dick move, redux

The source code was the moat. But not anymore

Does anyone else feel like their inbox has become their job?

An AI model that can read and diagnose a brain MRI in seconds

Dev with 5 of experience switched to Rails, what should I be careful about?

AlphaFace: High Fidelity and Real-Time Face Swapper Robust to Facial Pose

Scientists discover “levitating” time crystals that you can hold in your hand

Rammstein – Deutschland (C64 Cover, Real SID, 8-bit – 2019) [video]

Tell HN: Yet Another Round of Zendesk Spam

Postgres Message Queue (PGMQ)

Show HN: Django-rclone: Database and media backups for Django, powered by rclone

NY lawmakers proposed statewide data center moratorium

OpenClaw AI chatbots are running amok – these scientists are listening in

Show HN: AI agent forgets user preferences every session. This fixes it

Introduce the Vouch/Denouncement Contribution Model

Show HN: SSHcode – Always-On Claude Code/OpenCode over Tailscale and Hetzner

Microsoft appointed a quality czar. He has no direct reports and no budget

Multi-agent coordination on Claude Code: 8 production pain points and patterns

Washington Post CEO Will Lewis Steps Down After Stormy Tenure

DevXT – Building the Future with AI That Acts

A Minimal OpenClaw Built with the OpenCode SDK

The silent death of Good Code

The Internal Negotiation You Have When Your Heart Rate Gets Uncomfortable

Show HN: Glance – Fast CSV inspection for the terminal (SIMD-accelerated)

Busy for the Next Fifty to Sixty Bud

Imperative

Show HN: I decomposed 87 tasks to find where AI agents structurally collapse

I went back to Linux and it was a mistake

Octrafic – open-source AI-assisted API testing from the CLI

US Accuses China of Secret Nuclear Testing