AIRecon is an autonomous cybersecurity agent designed to automate security assessments, penetration testing, and bug bounty reconnaissance. It addresses the high cost and privacy concerns of cloud-based AI models by offering a completely offline, self-hosted solution. The primary benefit is enabling recursive, autonomous reconnaissance workflows without API keys or data exfiltration, making it ideal for security professionals and researchers prioritizing privacy and cost-efficiency.

How It Works

AIRecon integrates a self-hosted Ollama Large Language Model (LLM) with a Kali Linux Docker sandbox and a Textual TUI. It operates on a privacy-first principle, ensuring all target intelligence, tool outputs, and reports remain local. The agent follows a structured RECON → ANALYSIS → EXPLOIT → REPORT pipeline, guided by soft phase enforcement and periodic checkpoints for self-evaluation and context compression. It requires LLMs capable of extended thinking and reliable tool-calling, with capabilities auto-detected via Ollama metadata.

Quick Start & Requirements

• Primary Install: The recommended one-line install command is curl -fsSL https://raw.githubusercontent.com/pikpikcu/airecon/refs/heads/main/install.sh | bash. A manual install from source is also available.
• Prerequisites: Python 3.12+, Docker 20.10+, Ollama (running), git, and curl are required.
• Model Requirements: A minimum of 30B parameters for the LLM is recommended (e.g., Qwen3 32B, requiring ~20 GB VRAM). Qwen3.5 122B (~48+ GB VRAM) is suggested for best quality. Models smaller than 30B are considered unreliable.
• Links: Install script: https://raw.githubusercontent.com/pikpikcu/airecon/refs/heads/main/install.sh

Highlighted Details

• Privacy First: All data remains on the user's machine; no target intelligence is sent to the cloud.
• Caido Native Integration: Features built-in tools for request listing, replaying, fuzzing, findings management, and scope definition within the Caido proxy.
• Full Stack Capabilities: Combines a Kali sandbox, browser automation, a custom fuzzer, Schemathesis API fuzzing, and Semgrep SAST.
• Extensible Skills: Includes a knowledge base with 57 built-in skill files and 289 keyword-to-skill mappings, extendable via the airecon-skills community library.

Maintenance & Community

The project encourages community involvement through the airecon-skills library. Specific details regarding core maintainers, sponsorships, or dedicated community channels (e.g., Discord, Slack) are not explicitly provided in the README.

Licensing & Compatibility

• License: MIT License.
• Compatibility: The permissive MIT license generally supports commercial use and integration into closed-source projects, provided attribution is maintained.

Limitations & Caveats

LLMs smaller than 30B parameters are reported as unreliable, potentially causing hallucinations or missed scope rules. Users may encounter Ollama Out-Of-Memory errors or agent stalls, often requiring VRAM adjustments or configuration tuning (e.g., reducing ollama_num_ctx or ollama_temperature). The tool is explicitly designated for educational purposes and authorized security assessments, with users assuming full responsibility for its application.