Autonomous AI Pentester — find vulnerabilities before hackers do
Project description
🥀 Briar — Autonomous AI Pentester
Find vulnerabilities before hackers do. Free. Open Source. No Docker.
Briar is an autonomous AI pentester. It scans web applications, injects real payloads, validates exploits, and generates professional security reports — powered by 11 AI providers including a completely free local mode via Ollama.
pip install briar-pentest && briar setup && briar scan -u https://target.com --deep
What Briar Found — Real Example
Against a file server on port 666 (ransomware-like deployment):
| # | Vulnerability | Severity | CVSS |
|---|---|---|---|
| 1 | Path Traversal | 🔴 Critical | 9.1 |
| 2 | IDOR — File Enumeration | 🟠 High | 7.5 |
| 3 | Unauthenticated File Access | 🔴 Critical | 9.1 |
| 4 | Arbitrary File Upload (RCE) | 🔴 Critical | 9.8 |
| 5 | Directory Listing | 🟠 High | 6.5 |
| 6 | HTTP Verb Tampering | 🟡 Medium | 5.0 |
| 7 | Missing Security Headers | 🟢 Low | 3.1 |
| 8 | SSRF via URL param | 🟠 High | 8.6 |
| 9 | Reflected XSS | 🟠 High | 7.2 |
| 10 | Sensitive File Exposure | 🟡 Medium | 5.3 |
Each finding includes: copy-paste curl PoC, CVSS score, tech-specific remediation (nginx/Apache/Flask/Express code).
Features
| Category | Details |
|---|---|
| 🤖 11 AI Providers | Ollama (free, local), OpenAI, Claude, DeepSeek, Groq, Mistral, xAI/Grok, Google/Gemini, OpenRouter, Together, Custom |
| 🛡️ 12 Security Agents | Recon, Injection, XSS, SSRF, Auth, AuthZ, CSRF, Upload, Traversal, RCE, API, Secrets |
| 🎯 No Exploit, No Report | Every High/Critical finding replayed and confirmed before reporting |
| 🔌 Blackbox + Whitebox | Works with just a URL. Add -r /path/to/source for code-aware analysis |
| 📡 Port Scanning | 24 common ports scanned during recon |
| 📓 LLM-Wiki (Obsidian) | Interlinked vault, frontmatter YAML, index, log, canvas mindmap — Karpathy pattern |
| 📄 Reports | Markdown, Word (.docx), Excel (.xlsx), HTML slides |
| 📊 Charts | Donut severity, heatmap severity×endpoint, bar charts (type + agent) |
| 🌐 Dashboard | Web UI on port 8233 (FastAPI) with live scan launcher |
| 💾 Workspaces | Resume interrupted scans, checkpoint after every agent |
| ⚙️ YAML Config | Authenticated scanning, login flows, custom rules (avoid/focus paths) |
| 🐳 No Docker Required | Native Python. pip install and go. Docker optional. |
Quick Start
# Install
pip install briar-pentest
# Configure (pick Ollama for free local AI)
briar setup
# Quick scan
briar scan -u https://target.com --quick
# Deep scan with browser exploits
briar scan -u https://target.com --deep
# With config file (authenticated)
briar scan -c config.yaml
# Resume interrupted scan
briar scan --resume workspace-name
# Web dashboard
briar serve # → http://localhost:8233
Config File (YAML)
target:
url: http://localhost:3000
provider: deepseek
mode: deep
authentication:
login_url: /rest/user/login
method: json
credentials:
email: admin@test.com
password: admin123
rules:
avoid:
- path: /logout
focus:
- path: /api
- path: /rest
Commands
briar Show banner + version
briar status Show configured provider + API key
briar setup Pick AI provider (interactive)
briar scan Run pentest (-u URL, --quick, --deep, -c config.yaml)
briar serve Start web dashboard (:8233)
briar workspaces List saved workspaces
briar resume Resume an interrupted scan
Install from Source
git clone https://github.com/Stiimy/briar
cd briar
pip install -e .
briar setup
License: AGPL-3.0 — Free. Forever.
"No exploit, no report."
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file briar_pentest-0.4.17.tar.gz.
File metadata
- Download URL: briar_pentest-0.4.17.tar.gz
- Upload date:
- Size: 56.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
59e98456b34287861ce0fc35af26a413507124acfb1b44f209f83177d6651589
|
|
| MD5 |
182e811ce5759eaa93e583dd60d4dec5
|
|
| BLAKE2b-256 |
94b096726ab1846684d6c108083924fe2832cb743e71fe696a9c56650120771e
|
File details
Details for the file briar_pentest-0.4.17-py3-none-any.whl.
File metadata
- Download URL: briar_pentest-0.4.17-py3-none-any.whl
- Upload date:
- Size: 75.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
77d2971c8420035f5b8e9168f3bdabf1f5c4db842513e9b88c9ce877e37a102e
|
|
| MD5 |
5d9a923c915519e2294b2ad3dcaa610a
|
|
| BLAKE2b-256 |
11ed90d032580bd32482f9f92731ab28844e30c98eca03dbf59190c3e98c0180
|
