Summary

Guardian is an enterprise-grade, AI-powered penetration testing automation CLI tool designed to orchestrate intelligent, adaptive security assessments. It leverages Google Gemini and LangChain to manage multi-agent workflows, integrating a comprehensive suite of 15 security tools. The platform aims to provide efficient, ethical, and detailed penetration testing for security professionals, researchers, and power users, automating complex tasks and generating professional reports.

How It Works

Guardian employs a multi-agent architecture comprising specialized AI agents: Planner, Tool Selector, Analyst, and Reporter. These agents collaborate, with Google Gemini providing strategic decision-making to analyze findings, adapt testing tactics based on discovered vulnerabilities, and filter false positives. This AI-driven approach allows for dynamic, intelligent penetration testing workflows that go beyond static scripts, offering a more comprehensive and efficient security assessment.

Quick Start & Requirements

• Primary Install/Run:
  • Docker (Recommended): Clone the repository, create a .env file with GOOGLE_API_KEY, build the Docker image (docker-compose build), and run tests (docker-compose run --rm guardian recon --domain example.com). This option includes all 15 security tools pre-installed.
  • Local Installation: Clone the repository, set up a Python virtual environment, install dependencies (pip install -e .), and initialize configuration (python -m cli.main init or .\guardian.bat init).
• Prerequisites:
  • Python 3.11 or higher.
  • Google Gemini API Key.
  • Git.
  • Optional: Numerous security tools (e.g., Nmap, httpx, nuclei, SQLMap) are recommended for full functionality; Guardian can adapt if they are missing but with reduced capabilities.
• Links:
  • Documentation: https://github.com/zakirkun/guardian-cli#documentation
  • Python Downloads: https://www.python.org/downloads/

Highlighted Details

• AI-Powered Intelligence: Features a multi-agent system for strategic planning, tool selection, analysis, and reporting, driven by Google Gemini for adaptive testing and false positive reduction.
• Extensive Tool Arsenal: Integrates 15 security tools including Nmap, Masscan, httpx, Subfinder, Amass, Nuclei, Nikto, SQLMap, WPScan, TestSSL, SSLyze, Gobuster, and FFuf.
• Professional Reporting: Generates reports in Markdown, HTML, and JSON formats, including executive summaries, detailed findings, and AI decision traces for transparency.
• Security & Compliance: Includes scope validation, audit logging, configurable human-in-the-loop confirmation prompts, and a safe mode to prevent destructive actions.
• Performance: Supports asynchronous and parallel tool execution for faster assessments and offers customizable workflows.

Maintenance & Community

The project is community-driven, with contributions welcomed via pull requests. A roadmap outlines future enhancements such as a web dashboard, PostgreSQL backend, MITRE ATT&CK mapping, and expanded AI model support. Community discussions and issue tracking are managed via GitHub.

Licensing & Compatibility

Guardian is licensed under the MIT License, which permits broad use, including commercial applications and integration into closed-source projects, with standard attribution requirements.

Limitations & Caveats

Guardian is strictly intended for authorized penetration testing and educational purposes; unauthorized use is illegal and the user assumes full responsibility for obtaining explicit permission. The tool's capabilities are reduced if optional external security tools are not installed. API rate limits apply, particularly for the free tier of Google Gemini, necessitating potential upgrades or throttling configurations. Windows users must use specific command prefixes (python -m cli.main or .\guardian.bat).