Micro-Agent Architecture¶
Inspired by XBOW's approach, every phase decomposes into parallel micro-agents at two dispatch levels.
Dispatch Levels Overview¶
graph TB
PENTEST["Penetration Test"]
PENTEST --> L1["Level 1: Docker Parallel<br/>Phases 0.5, 1, 2, 3"]
PENTEST --> L2["Level 2: Claude -p Parallel<br/>Phases 4, 5"]
L1 --> L1A["Subfinder<br/>DNS enum"]
L1 --> L1B["Httpx<br/>Live host check"]
L1 --> L1C["Nuclei<br/>Vulnerability scan"]
L1 --> L1D["Katana<br/>Crawling"]
L2 --> L2A["Wave 0: 3 Agents<br/>SQLi, XSS, IDOR"]
L2 --> L2B["Wave 1-11: 3 Agents<br/>Other test skills"]
L2 --> L2C["Phase 5: Verify<br/>PoC validation"]
L1A --> DOCKER["Docker Container<br/>pentest-tools"]
L1B --> DOCKER
L1C --> DOCKER
L1D --> DOCKER
L2A --> CLAUDE["Claude -p<br/>Multiple processes"]
L2B --> CLAUDE
L2C --> CLAUDE
DOCKER --> RESULTS["Results to Files<br/>logs/"]
CLAUDE --> RESULTS
style PENTEST fill:#9b30ff,color:#fff,stroke:#00e5ff,stroke-width:2px
style L1 fill:#4a148c,color:#fff
style L2 fill:#6a1b9a,color:#fff
style DOCKER fill:#7b1fa2,color:#fff
style CLAUDE fill:#8e24aa,color:#fff
style RESULTS fill:#0277bd,color:#fffDispatch Levels¶
Level 1: Docker Parallel (Phases 0.5, 1, 2, 3)¶
Deterministic CLI tool execution — no AI reasoning needed:
docker run --rm -v $(pwd):/work pentest-tools subfinder -d target.com > recon/subdomains.txt &
docker run --rm -v $(pwd):/work pentest-tools httpx -l recon/subdomains.txt > recon/alive.txt &
wait
Level 2: claude -p Parallel (Phases 4, 5)¶
AI-driven testing requiring reasoning, response analysis, and false positive elimination:
claude -p "<prompt>" \
--model "$MODEL" \
--max-turns 150 \
--dangerously-skip-permissions \
> "$EDIR/logs/$SKILL-agent.log" 2>&1 &
Parallelism Safety¶
- JITTER_MULT = N concurrent agents — scales jitter to maintain combined stealth rate
- 3 agents x base jitter 1-4s x JITTER_MULT=3 = 3-12s per agent = ~1 req/sec combined
- Max 3 agents per wave (stealth mode), 5 agents per wave (fast/bug-bounty mode)
- Fallback: sequential execution if
claudeCLI unavailable
Phase-Level Parallelism¶
| Phase | Dispatch Level | Parallel Units |
|---|---|---|
| 0.5 Walkthrough | L1 Docker | 1 per user role (max 3 per batch) |
| 1 Recon | L1 Docker | Wave A (3), Wave B (3), Wave C (3, bug-bounty only) |
| 2 Discovery | L1 Docker | Wave A (2), Wave B (3), Wave C (3) — B and C parallel |
| 3 Scan | L1 Docker | 3 parallel processes |
| 4 Testing | L2 claude -p | 12 waves x 3 agents |
| 5 Verification | L2 claude -p | 3 parallel batches (6+ findings) |