AI-Driven Security Assessment (AIDA) connects AI assistants to a real pentesting environment, enabling them to execute commands and perform security assessments autonomously. It targets security professionals and researchers seeking to leverage AI for practical, adaptive penetration testing, moving beyond theoretical advice to actual execution and exploitation. The primary benefit is transforming AI from a security consultant into an autonomous security researcher capable of complex, multi-step attacks.

How It Works

AIDA integrates AI clients with a pentesting environment through the Model Context Protocol (MCP). Users can choose between a lightweight built-in container (aida-pentest) or a comprehensive Exegol container with over 400 tools. This architecture allows for direct execution of commands within the chosen environment, maintains persistent memory and context across sessions in a structured database, and automatically documents findings as structured cards. The AI can then chain discoveries to build multi-step exploits and adapt its testing methodology based on real-time findings, rather than relying on fixed patterns.

Quick Start & Requirements

• Primary install/run command:

  git clone https://github.com/Vasco0x4/AIDA.git
  cd AIDA
  ./start.sh
  

  The ./start.sh script prompts for container choice on the first run. The dashboard is accessible at http://localhost:5173.
• Prerequisites: Docker Desktop, an AI client (e.g., Claude Code, Kimi CLI, Gemini CLI, ChatGPT Desktop).
• Container choices: aida-pentest (default, ~2 GB) or Exegol (400+ tools, ~20-40 GB).
• Links: Quick Start, Installation, User Guide, Architecture, Demo Video.

Highlighted Details

• Direct execution of over 400 pentesting tools via MCP.
• Persistent memory and structured database for maintaining context and findings.
• Automated documentation of findings with severity, proof, and technical analysis.
• AI-driven attack chain construction and adaptive testing methodology.
• Compatibility with any AI client supporting the MCP standard.

Maintenance & Community

AIDA is actively developed, with planned features including a frontend redesign, authentication system, and enhanced error handling. For assistance or contributions, contact vasco0x4 on Discord.

Licensing & Compatibility

The project is licensed under AGPL v3, requiring any modifications and deployments (including network services) to be open-sourced under the same license. Commercial licensing is available for organizations requiring proprietary modifications.

Limitations & Caveats

AIDA is currently in alpha, recommended for local use only, and lacks an authentication system. Users should be aware of potential bugs, rough edges (e.g., browser alerts for errors, manual WebSocket reconnections), and the need to change default database credentials in .env before deployment. The web interface should not be exposed publicly without additional security hardening.