Most pentesting tools I’ve used fall into one of two buckets:
absurdly expensive enterprise SaaS
open-source tools that don’t help once scanning is done
PenPeeper is my attempt to fix that.
What it is
A free, open-source, self-hosted pentesting engagement manager that focuses on the boring but critical parts:
scoping & engagement tracking
vulnerability management
reporting
tying everything together in one workflow
The AI part (optional, not magic)
PenPeeper can integrate with local or external LLMs (Ollama, LM Studio, ChatGPT, Claude, Gemini, OpenRouter).
Runs on Windows (via WSL integration), MacOS, Linux
The goal isn’t “AI replaces pentesters.” It’s:
faster vuln analysis
better first-draft reports
less copy-pasting between tools
You can run it fully local. You can turn AI off entirely.
Why I built it
Commercial tools are overpriced and locked down. Most open-source tools stop at scanning. Reporting is still manual, repetitive, and error-prone.
That gap is what PenPeeper is trying to cover.
Status
Early but stable
Actively developed
Looking for real pentester feedback (not hype)
Links
Site: https://penpeeper.com
GitHub: https://github.com/chetstriker/PenPeeper
Feedback I want
What part of your pentest workflow is still the most painful?
Where does AI actually help vs get in the way?
What would make this worth using on a real engagement?
Happy to answer technical questions or take criticism.