Guardian is an enterprise-level AI penetration testing tool by Zakir Kun on GitHub. It combines OpenAI GPT-4, Anthropic Claude, Google Gemini, and OpenRouter in a single multi-agent system for smart security assessments and thorough evidence collection.
It employs four active agents: Planner, Tool Selector, Analyst, and Reporter. They collaborate on each project to ensure optimal outcomes. The Planner agent sets the assessment strategy, the Tool Selector picks from 19 security tools, the Analyst interprets results and filters out false positives, and the Reporter creates professional documentation.
19-Tool Arsenal with Intelligent Orchestration:
Guardian combines 19 proven security tools across essential areas, such as network scanning, web reconnaissance, subdomain discovery, vulnerability scanning, SSL/TLS analysis, content discovery, and advanced security analysis.
| Tool | Purpose | Installation |
|---|---|---|
| nmap | Port scanning | apt install nmap / choco install nmap |
| masscan | Ultra-fast scan | apt install masscan / Build from source |
| httpx | HTTP probing | go install github.com/projectdiscovery/httpx/cmd/httpx@latest |
| subfinder | Subdomain enum | go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest |
| amass | Network mapping | go install github.com/owasp-amass/amass/v4/...@master |
| nuclei | Vuln scanning | go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest |
| whatweb | Tech fingerprint | gem install whatweb / apt install whatweb |
| wafw00f | WAF detection | pip install wafw00f |
| nikto | Web vuln scan | apt install nikto |
| sqlmap | SQL injection | pip install sqlmap / apt install sqlmap |
| wpscan | WordPress scan | gem install wpscan |
| testssl | SSL/TLS testing | Download from testssl.sh |
| sslyze | SSL/TLS analysis | pip install sslyze |
| gobuster | Directory brute | go install github.com/OJ/gobuster/v3@latest |
| ffuf | Web fuzzing | go install github.com/ffuf/ffuf/v2@latest |
| arjun | Parameter discovery | pip install arjun |
| xsstrike | Advanced XSS | git clone https://github.com/s0md3v/XSStrike |
| gitleaks | Secret scanning | go install github.com/zricethezav/gitleaks/v8@latest |
| cmseek | CMS detection | pip install cmseek |
| dnsrecon | DNS enumeration | pip install dnsrecon |
The framework includes ready-to-use workflows for Recon, Web, Network, and Autonomous modes, which can be customized using YAML files.
Reports are created in Markdown, HTML, or JSON formats, containing raw tool output, AI decision processes, and executive summaries. Each finding connects to its source command execution with a 2,000-character evidence snippet, allowing complete session reconstruction.
Guardian has essential safety features for authorized use. It automatically blacklists private RFC-1918 address ranges and defaults to a safe mode to prevent harmful actions.
The framework needs Python 3.11 or higher and at least one AI provider API key to work, supporting environment variable key management on Linux, macOS, and Windows.
Version 2.0.0 of Guardian features a web dashboard for visualization, a PostgreSQL backend for multi-session tracking, mapping to MITRE ATT&CK for findings, plugin system support, CI/CD pipeline integration, and compatibility with additional models like Llama and Mistral.
The project is on GitHub and is meant for authorized penetration testing, security research, and educational use.
InfoSecBulletin Cybersecurity for mankind
