CyberAI — AI-native multi-agent pentest platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for evkir from gravatar.com evkir

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: evkir
  • Tags ai , multi-agent , offensive-security , pentest , security
  • Requires: Python >=3.11
  • Provides-Extra: dev , test
Classifiers
Report project as malware

Project description

CI Python License Status LLM

🤖 CyberAI

OOB-driven, agent-trust-aware AI pentest platform

Built by someone who red-teams AI, not just with it.

What is CyberAI?

CyberAI is a multi-agent orchestration layer for offensive security. Five specialized agents — Recon, Intel, Exploit, Report, Web3 — run a typed, auditable pipeline that turns a target into actionable attack paths and a validated report.

Two things set it apart from "LLM wrapper over nmap":

  • OOB-driven exploitation. Blind vulns (SSRF, XXE, blind injection) are confirmed through out-of-band callbacks captured by phantom-grid, not guessed from response diffs.
  • Agent-trust-aware design. Every banner and tool output is treated as untrusted input: sanitized, injection-scanned, and parsed before it ever reaches the LLM context. Adversarial thinking is a design input, not a disclaimer.

Reach beyond the network: the Web3 agent runs Slither static analysis and maps detectors to Immunefi severity tiers for smart-contract audits.

Architecture +------------------+ target -----------> | Orchestrator | typed pipeline, dry-run, budget

+--------+---------+ injection-scan at phase boundaries

|

+-----------+----------+-----------+------------+

v v v v v

+------+ +------+ +--------+ +--------+ +------+

|Recon |-->|Intel |-->|Exploit |->|Report | | Web3 | (standalone)

+------+ +------+ +---+----+ +--------+ +--+---+

DNS NVD/CVE OOB | PoC judge | Slither

nmap EPSS nuclei H1-export | Immunefi

subdom prioritize | | severity

v

+-------------+

| phantom-grid| OOB callback capture

+-------------+ Observability: SQLite audit log . session export/import . cyberai replay

Interfaces: CLI . FastAPI dashboard (SSE) . MCP server (Claude Desktop) ### Agents

Agent Input Output Key tools
Recon target open ports, DNS, WHOIS, subdomains nmap (flag-whitelisted), async DNS, subdomain enum
Intel recon kb ranked CVEs NVD client, EPSS enrichment, risk prioritizer
Exploit intel kb attack paths, OOB findings nuclei, searchsploit, OOB/SSRF/XXE workflows
Report session kb structured Markdown / H1 export LLM summary + LLM-as-judge validation
Web3 .sol path / address severity-tiered findings Slither, Etherscan, Immunefi classifier

Security design

  • Agent trust boundaries — each agent runs with minimal permissions.
  • Untrusted input handling — banners sanitized, length-capped, marked UNTRUSTED before LLM context.
  • Prompt-injection detection — 33-pattern detector at every phase boundary; hits become MEDIUM findings, visible in the report.
  • Scope enforcement — wildcard + !-exclusion matching honors HackerOne / Bugcrowd briefs (cyberai scope import).
  • Audit trail — every agent action logged (JSONL or SQLite) with full inputs/outputs; sessions are replayable.

Quick start

git clone https://github.com/evkir/CyberAI.git
cd CyberAI
pip install -e .

cp config.example.yml config.yml
cp .env.example .env
# Edit .env — add OPENAI_API_KEY or ANTHROPIC_API_KEY (not needed for --dry-run)

# Dry-run: walks all 4 phases, no network, no API key
python -m cyberai scan example.com --dry-run

# Real scan, scope-restricted
python -m cyberai scan target.htb --scope '*.target.htb'

# Replay a saved session deterministically
python -m cyberai replay <session_id>

# Import a bug-bounty scope
python -m cyberai scope import h1 --program acme

# Status / config
python -m cyberai status

Web dashboard

uvicorn cyberai.web.app:app --reload
# http://127.0.0.1:8000  — session list, live SSE progress, report view

MCP server (Claude Desktop / Cursor)

python -m cyberai.mcp.server

Exposes recon/intel tools (nmap_scan, dns_enum, cve_search, epss_score, …) over the Model Context Protocol. See docs/mcp/integration.md.

Configuration

# config.yml
llm:
  provider: openai        # openai | anthropic
  model: gpt-4o
  max_tokens: 4096
  temperature: 0.2

phantom:
  grid_url: http://127.0.0.1:9090

output_dir: reports/
max_cost_usd: 0.0         # 0 = disabled; set to enforce a budget

Optional feature flags (default off, no-regression): use_native_tools, use_nuclei, use_llm_summary, use_judge.

Documentation

Doc What
docs/api/agents.md Agent API reference
docs/exploit/oob-exploitation-workflow.md OOB / SSRF walkthrough
docs/web3/web3-audit.md Smart-contract audit for Immunefi
docs/mcp/integration.md MCP server setup

Related tools

Tool Role
phantom-grid OOB interaction capture
phantom-intel CVE intelligence feed
reality-probe TLS analysis & config auditing

Requirements

  • Python 3.11+
  • OpenAI or Anthropic API key (not required for --dry-run)
  • Optional: phantom-grid (OOB), nuclei, slither, NVD API key

License

MIT — see LICENSE

Part of the evkir security toolchain.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for evkir from gravatar.com evkir

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: evkir
  • Tags ai , multi-agent , offensive-security , pentest , security
  • Requires: Python >=3.11
  • Provides-Extra: dev , test
Classifiers

Release history Release notifications | RSS feed

This version

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cyberai-1.0.0.tar.gz (181.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cyberai-1.0.0-py3-none-any.whl (132.5 kB view details)

Uploaded Python 3

File details

Details for the file cyberai-1.0.0.tar.gz.

File metadata

  • Download URL: cyberai-1.0.0.tar.gz
  • Upload date:
  • Size: 181.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for cyberai-1.0.0.tar.gz
Algorithm Hash digest
SHA256 a1d705eca3b19d936afbafd18406ba8ef121c41ff0057b6a838df1ee10ff4a47
MD5 9df5fb6a43f4f9ca4761f6e214ae4e93
BLAKE2b-256 025932775537c3c9cc0ac3c1d4b2e0e5f00aabd8cf3f178f3d0c6aa1abdef699

See more details on using hashes here.

Provenance

The following attestation bundles were made for cyberai-1.0.0.tar.gz:

Publisher: release.yml on evkir/CyberAI

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cyberai-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: cyberai-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 132.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for cyberai-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 8f8749e9fa0ccf836ba1551db92ce32fb2c7711046281b91c33bdac50dff9299
MD5 4162a42865e33b07f12e45625892644a
BLAKE2b-256 0b9f93434bdd19b3c148e201bb9ef9e46dd278d917eeb4df8b330aa341201159

See more details on using hashes here.

Provenance

The following attestation bundles were made for cyberai-1.0.0-py3-none-any.whl:

Publisher: release.yml on evkir/CyberAI

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page