ProjectTriage
An autonomous, hypothesis-driven pentesting agent that hunts like a researcher rather than a scanner: reasoning modules and scaffolding over a large tool surface.
Problem
Scanners pattern-match signatures; researchers form a hypothesis about how a specific application breaks and test it. I wanted an agent that does the second thing, which means the value cannot live in the tool count. It has to live in the reasoning that decides what to test next and the scaffolding that stops an LLM from looping forever or inventing a finding.
Architecture
A large Python codebase wiring 51+ tools to 19 reasoning modules, driven by Claude or a local Ollama model. The hard engineering is not the tools; it is the control loop: constraining the action space so the model picks valid next steps, detecting and breaking loops, and forcing every claimed finding back through evidence before it counts. Constrained actions are what turned a model that flailed into one that makes progress.
Outcome
A working autonomous hunt loop that reasons about a target instead of scanning it. It stays honest about its limits: an agent is only as trustworthy as the gate that refuses unverified output. Related writeup: Hypotheses over signatures.