An agent that runs full security assessments end-to-end.
You define the scope. You review the findings.
Quick Start • What It Does • Installation • User Guide • Agent Tools
AIDA turns any LLM into an autonomous pentester capable of assessing web applications, APIs, and infrastructure. The agent reasons, understands application logic, executes commands in an isolated container, and documents every finding with the commands used.
Claude + AIDA isn't just talk. It produces results that end up in CVE databases.
| ID | Severity | Project | Description |
|---|---|---|---|
| CVE-2026-32034 |  |
openclaw/openclaw | Insecure HTTP permits hijacking |
| GHSA-xfvv-ggvq-pchh |  |
appsmithorg/appsmith | RCE via newline injection in env variable endpoint |
| GHSA-vvxf-f8q9-86gh |  |
appsmithorg/appsmith | SSRF via SMTP test endpoint — internal port scanning |
More under responsible disclosure — awaiting publication.
AIDA was built to give your AI everything a pentester needs to work.
A fully equipped execution environment. A Docker container loaded with Linux pentesting tools — nmap, sqlmap, ffuf, nuclei, and anything else it needs. If a tool is missing, the agent installs it.
Custom exploitation via Python. The agent generates and executes Python scripts on the fly — custom payloads, encoding tricks, protocol quirks, or any logic that off-the-shelf tools can't handle.
Burp-level HTTP control. The agent sends and manipulates HTTP requests directly — headers, cookies, body, auth tokens. Stored credentials are auto-injected via placeholders. Same power as Burp Repeater, without the UI overhead.
A persistent notebook. The agent logs what it knows about the application, maps attack paths, records observations, flags interesting behaviors, and documents every confirmed vulnerability — commands used, raw output, full context. Stop an engagement and resume it days later for retest, deeper analysis, or handoff.
You review. The AI hands you findings with full context notes, commands, reproduction steps, and the reasoning that led there. You reproduce, triage, prioritize, and report.
Your expertise stays where it matters. The grunt work runs on its own.
Prerequisites: Docker Desktop + any AI client (Claude, Gemini, GPT...)
git clone https://github.com/Vasco0x4/AIDA.git
cd AIDA
./start.shDashboard: http://localhost:31337
./start.sh --dev— hot reload for contributors./start.sh --lan— share across your local network
# Auto-detects Claude or Kimi CLI
python3 aida.py --assessment "target-corp"
# Force a specific model
python3 aida.py --assessment "target-corp" --cli claude
# No confirmation prompts
python3 aida.py --assessment "target-corp" --yesLoad assessment 'target-corp' and start the pentest on https://example.com
Scope: all subdomains, authentication flows, API endpoints
Exclude: brute-force on /login
Full setup for all AI clients → INSTALLATION.md
AIDA is model-agnostic. Any LLM with tool-calling support works.
| Client | Setup |
|---|---|
| Claude Code | python3 aida.py (automatic) |
| Kimi CLI | python3 aida.py (automatic) |
| External API (OpenAI-compatible) | python3 aida.py --base-url |
| Claude Desktop | MCP config |
| ChatGPT Desktop | MCP config |
| Gemini CLI | MCP config |
The smarter the model, the deeper the engagement. Swap models without changing anything else.
| Tool | |
|---|---|
execute() |
Run any command in the pentesting container |
scan() |
nmap, gobuster, ffuf, nikto, dirb |
subdomain_enum() |
Subdomain discovery |
ssl_analysis() |
TLS/SSL audit |
tech_detection() |
Technology fingerprinting |
python_exec() |
Execute Python in the container |
http_request() |
HTTP client with credential auto-substitution |
add_card() |
Log a finding — CVSS 4.0 auto-scored |
credentials_add() |
Store credentials, auto-injected via {{PLACEHOLDER}} |
Built-in aida-pentest container (~2 GB, starts automatically). Plug in Exegol for 400+ tools — switchable anytime from the dashboard.
Full reference → MCP_TOOLS.md
- Authentication — JWT, admin/user roles, first-run setup wizard
- PDF reports — one-click export per assessment
- CVSS 4.0 — automatic scoring on every finding
- Attack timeline — auto-generated per engagement
- Notifications — Telegram, Slack, Email with optional PDF attachment
- Assessment templates — start from predefined methodologies
aida-pentestcontainer — lightweight built-in environment, no Exegol requiredpython_exec+http_request— advanced execution tools- Cross-assessment findings view — aggregate and filter findings across all engagements
- Security hardening — Docker socket proxy, path traversal prevention, localhost-only DB
!! Run locally or on your LAN. Do not expose the dashboard to the public. !!
| INSTALLATION.md | Full setup — all AI clients |
| USER_GUIDE.md | Platform usage guide |
| MCP_TOOLS.md | Agent tool reference |
| ARCHITECTURE.md | Technical deep dive |
AIDA is actively developed.
Planned:
- OWASP testing guidelines integration
- Multi-agent mode — specialized sub-agents per phase
- Active Directory / internal network module
- Enhanced CLI capabilities
Issues and PRs welcome → GitHub Issues
AGPL v3 — free and open source.
- Anthropic MCP — the tool-calling protocol powering agent actions
- Exegol — supported as alternative container
- The security community for the open-source tooling
Need help? vasco0x4 on Discord