Summary

CyberStrike is an open-source AI agent automating penetration testing and offensive security. It transforms general LLMs into specialized, autonomous red team agents for reconnaissance, vulnerability discovery, exploitation, and reporting. Targeting pentesters, bug bounty hunters, and security teams, it streamlines assessments with a methodology-driven, LLM-agnostic approach.

How It Works

The core "intelligence layer" injects domain-specific context (OWASP, vulnerability patterns, attack chains) into LLM interactions. It normalizes diverse LLM outputs, prevents prompt leakage, auto-detects provider configurations, and orchestrates security tools. This empowers any LLM to act as a security specialist, ensuring consistent, framework-adherent testing without inherent security knowledge.

Quick Start & Requirements

Install via npm: npm i -g @cyberstrike-io/cyberstrike@latest. Other package managers and OS installers are supported. Requires an LLM provider subscription (e.g., Anthropic, OpenAI) or a locally hosted LLM (Ollama, LM Studio). Docs: docs.cyberstrike.io.

Highlighted Details

• Specialized Agents: 13+ purpose-built security agents for web (OWASP WSTG), cloud (CIS Benchmarks), mobile (MASTG/MASVS), and network security.
• LLM Agnostic: Supports over 15 LLM providers, including major cloud services and local models, ensuring flexibility and avoiding vendor lock-in.
• Remote Tool Execution (Bolt): Deploy and orchestrate security tools on remote servers for distributed scanning and diverse network positioning.
• HackBrowser: Integrated Chromium browser proxies traffic directly into the agent pipeline for automated analysis, mapping, and role/credential discovery.
• Web UI & Secure Remote Access: Browser-based interface for managing agents and findings, securely accessible remotely via Cloudflare Tunnel without inbound ports.

Maintenance & Community

Actively encourages community contributions to agents, MCP servers, and core features, guided by an ethical use policy. Community support via Discord and X.com.

Licensing & Compatibility

Licensed under AGPL-3.0-only (free for personal/open-source use; derivative works must be open-sourced). Commercial licensing available via direct contact. AGPL-3.0 is a strong copyleft license.

Limitations & Caveats

Strictly intended for authorized security testing. Effectiveness depends on LLM subscription costs or local hosting resource requirements. Advanced feature orchestration (Bolt, MCP) may involve a significant learning curve.