githubinferredactive
CyberStrike
provenance:github:CyberStrikeus/CyberStrike
WHAT THIS AGENT DOES
CyberStrike is an AI tool that automatically tests the security of computer systems and websites, looking for potential weaknesses. It helps businesses identify and fix vulnerabilities before hackers can exploit them, reducing the risk of data breaches and cyberattacks. Security professionals and businesses concerned about online safety would find this tool valuable for proactively protecting their digital assets.
README
<p align="center">
<a href="README.md">English</a> |
<a href="README.zh.md">简体中文</a> |
<a href="README.zht.md">繁體中文</a> |
<a href="README.ko.md">한국어</a> |
<a href="README.de.md">Deutsch</a> |
<a href="README.es.md">Español</a> |
<a href="README.fr.md">Français</a> |
<a href="README.it.md">Italiano</a> |
<a href="README.da.md">Dansk</a> |
<a href="README.ja.md">日本語</a> |
<a href="README.pl.md">Polski</a> |
<a href="README.ru.md">Русский</a> |
<a href="README.bs.md">Bosanski</a> |
<a href="README.ar.md">العربية</a> |
<a href="README.no.md">Norsk</a> |
<a href="README.br.md">Português (Brasil)</a> |
<a href="README.th.md">ไทย</a> |
<a href="README.tr.md">Türkçe</a> |
<a href="README.uk.md">Українська</a> |
<a href="README.bn.md">বাংলা</a> |
<a href="README.el.md">Ελληνικά</a> |
<a href="README.vi.md">Tiếng Việt</a> |
<a href="README.hi.md">हिन्दी</a>
</p>
<p align="center">
<picture>
<source srcset="assets/social-preview-dark.svg" media="(prefers-color-scheme: dark)">
<source srcset="assets/social-preview-light.svg" media="(prefers-color-scheme: light)">
<img src="assets/social-preview-dark.svg" alt="CyberStrike" width="800">
</picture>
</p>
<h3 align="center">The first open-source AI agent built for offensive security.</h3>
<p align="center">
Automated penetration testing from your terminal — plug in your Claude, GPT, or any LLM subscription<br>
and turn it into an autonomous red team agent with 13+ specialized agents and 120+ OWASP test cases.
</p>
<p align="center">
<a href="#quick-start">Quick Start</a> •
<a href="#intelligence-layer">Intelligence Layer</a> •
<a href="#what-makes-it-different">What Makes It Different</a> •
<a href="#agents">Agents</a> •
<a href="#web-ui--remote-access">Web UI</a> •
<a href="#bolt--remote-tool-execution">Bolt</a> •
<a href="#mcp-ecosystem">MCP Ecosystem</a> •
<a href="#installation">Installation</a> •
<a href="https://docs.cyberstrike.io">Docs</a> •
<a href="https://cyberstrike.io">Website</a>
</p>
<p align="center">
<a href="https://www.npmjs.com/package/@cyberstrike-io/cyberstrike"><img alt="npm" src="https://img.shields.io/npm/v/@cyberstrike-io/cyberstrike?style=flat-square&color=00ff41" /></a>
<a href="https://www.npmjs.com/package/@cyberstrike-io/cyberstrike"><img alt="Downloads" src="https://img.shields.io/npm/dm/@cyberstrike-io/cyberstrike?style=flat-square&color=00ff41" /></a>
<a href="https://github.com/CyberStrikeus/CyberStrike/actions/workflows/publish.yml"><img alt="Build" src="https://img.shields.io/github/actions/workflow/status/CyberStrikeus/CyberStrike/publish.yml?style=flat-square&branch=dev" /></a>
<a href="https://discord.gg/snunAaHf6U"><img alt="Discord" src="https://img.shields.io/discord/1391832426048651334?style=flat-square&label=discord&color=00ff41" /></a>
<a href="https://github.com/CyberStrikeus/CyberStrike/blob/dev/LICENSE"><img alt="License" src="https://img.shields.io/badge/license-AGPL--3.0-00ff41?style=flat-square" /></a>
</p>
---
### Quick Start
```bash
npm i -g @cyberstrike-io/cyberstrike@latest && cyberstrike
```
That's it. CyberStrike launches a TUI in your terminal, asks for your LLM provider and API key on first run, and you're ready to go. Tell it what to test — it handles reconnaissance, vulnerability discovery, exploitation, and reporting autonomously.
> **Already have a Claude Code or OpenAI subscription?** CyberStrike's intelligence layer sits on top of your existing AI subscription. No separate API costs — your current plan powers an entire pentest toolkit.
Explore the full documentation at **[docs.cyberstrike.io](https://docs.cyberstrike.io)** or visit **[cyberstrike.io](https://cyberstrike.io)** for demos and guides.
---
### Intelligence Layer
CyberStrike isn't just a wrapper around an LLM. It's an intelligence layer that transforms any AI model into an offensive security specialist.
**How it works:** When you connect your LLM provider, CyberStrike injects domain-specific context — OWASP testing methodology, vulnerability patterns, attack chain reasoning, and tool orchestration logic — into every interaction. The model doesn't need to know security; CyberStrike teaches it.
**What the intelligence layer provides:**
- **Schema normalization** — Structured output from any provider, regardless of response format differences
- **Context guard** — Prevents prompt leakage and keeps the agent focused on the current test phase
- **Provider auto-detection** — Automatically identifies your LLM endpoint and configures the optimal transport
- **Tool orchestration** — Chains security tools intelligently based on findings, not fixed scripts
**15+ LLM providers supported out of the box:**
| Provider | Models | Notes |
| ------------------------- | ------------------------ | --------------------------------------- |
| **Anthropic** | Claude 4.5, Claude 4 | Best performance with extended thinking |
| **OpenAI** | GPT-4.1, o3, o4-mini | Full tool-use support |
| **Google** | Gemini 2.5 Pro/Flash | Long context for large codebases |
| **Amazon Bedrock** | All Bedrock models | IAM auth, no API keys needed |
| **Azure OpenAI** | All Azure-hosted models | Enterprise deployments |
| **Groq** | LLaMA, Mixtral | Ultra-fast inference |
| **Mistral** | Mistral Large, Codestral | European data residency |
| **DeepSeek** | DeepSeek V3, R1 | Cost-effective alternative |
| **OpenRouter** | 100+ models | Single API, any model |
| **Together AI** | Open-source models | Fine-tuning support |
| **Ollama** | Any GGUF model | Fully offline, local-only |
| **LM Studio** | Any local model | Desktop GUI + API server |
| **vLLM** | Any HuggingFace model | Self-hosted, GPU-optimized |
| **Any OpenAI-compatible** | — | Custom endpoints welcome |
> **Air-gapped environments?** Run CyberStrike entirely offline with Ollama or LM Studio. No data leaves your machine — ever.
---
### What Makes It Different
<table>
<tr>
<td width="50%">
**Specialized Security Agents, Not Generic Chat**
CyberStrike ships with 13+ agents purpose-built for security domains. Each agent carries domain-specific methodology, tool knowledge, and testing patterns. The web-application agent follows OWASP WSTG. The cloud-security agent knows CIS benchmarks. The mobile agent uses Frida and follows MASTG/MASVS. They don't guess — they follow proven offensive security frameworks.
</td>
<td width="50%">
**Intelligence Layer, Not Just an LLM Wrapper**
Most AI security tools are thin wrappers that send your prompt to an API. CyberStrike's intelligence layer normalizes outputs across 15+ providers, guards context between test phases, auto-detects your provider configuration, and orchestrates multi-step attack chains. The result: consistent, methodology-driven pentesting regardless of which model you use.
</td>
</tr>
<tr>
<td width="50%">
**Any LLM, Zero Lock-in**
Anthropic, OpenAI, Google, Amazon Bedrock, Azure, Groq, Mistral, DeepSeek, OpenRouter, Together AI — or run fully offline with Ollama and LM Studio. You choose the model. You own the results. As AI models get better and cheaper, CyberStrike gets better with them. Switch providers in seconds without reconfiguring anything.
</td>
<td width="50%">
**Remote Tool Execution with Bolt**
Your security tools don't have to run on your laptop. Deploy Bolt on one or many remote servers, pair with Ed25519 keys, a
[truncated…]PUBLIC HISTORY
First discoveredMar 31, 2026
IDENTITY
inferred
Identity inferred from code signals. No PROVENANCE.yml found.
Is this yours? Claim it →METADATA
platformgithub
first seenFeb 14, 2026
last updatedMar 30, 2026
last crawled17 days ago
version—
README BADGE
Add to your README:
