New Offline AI Agent Automates Penetration Testing with Local LLM and Kali Sandbox

Autonomous Security Testing Without Cloud Exposure

A new open-source penetration testing tool called AIRecon enables fully autonomous security assessments using a locally hosted AI model and a Kali Linux Docker sandbox. Developed by researcher pikpikcu, the tool runs entirely offline, eliminating the need to send target data to external cloud APIs. This design addresses privacy concerns for bug bounty hunters and red teamers who must keep all reconnaissance data, vulnerability reports, and session information on their own machines.

Contents

Autonomous Security Testing Without Cloud Exposure Key Features and Offline Intelligence

AIRecon integrates with the Caido proxy and includes five built-in tools for listing, replaying, automating with fuzzing markers, managing findings, and controlling scope. The system structures each engagement into four automated phases with defined objectives and transition criteria. It also features built-in checkpointing that evaluates progress every 5 iterations, triggers self-evaluation every 10 iterations, and compresses context every 15 iterations.

Key Features and Offline Intelligence

A standout capability is the optional airecon-dataset companion, which indexes approximately 1.09 million security records into local SQLite databases. This includes CVEs, red team techniques, CTF writeups, Nuclei templates, and bug bounty payloads, all accessible offline. When encountering unfamiliar techniques, the AI autonomously searches this dataset before taking action, grounding its decisions in real indexed data rather than relying on generative guesses.

The tool requires an LLM with native tool-calling support and extended thinking capabilities. Models below 8 billion parameters are discouraged due to hallucination risks. Recommended configurations range from the Qwen3.5 122B model requiring 48 GB of VRAM for best results, down to a 9B model needing just 6 GB for a minimum viable setup. AIRecon ships with 57 built-in skill files and 289 keyword-to-skill auto-mappings, with additional community playbooks available for CTF, bug bounty, and penetration testing scenarios.

Source: Cyber Security News

New Offline AI Agent Automates Penetration Testing with Local LLM and Kali Sandbox

AIRecon runs autonomous penetration tests using a locally hosted LLM and Kali Linux Docker sandbox, keeping all data and vulnerability reports offline.

Autonomous Security Testing Without Cloud Exposure

Key Features and Offline Intelligence

Trending

Nissan Employee Data Exposed in Oracle PeopleSoft Zero-Day Attack

C++ Rewrite Fuels Global Surge in Millenium RAT Infections

Google Patches Critical Sandbox Escape Flaws in Chrome 149

119 Edge Extensions Hidden Stego Malware Reaches 2.6 Million Installs

U.S. State Department Offers $10 Million Reward for Russian Hacker Groups Targeting Encrypted Messaging Apps

Related Stories

Checkmarx Breach Exposes GitHub Repository Data on Dark Web

Mistic Backdoor Linked to KongTuke Access Broker Enables Stealthy Ransomware-Ready Intrusions

Malicious npm Packages Use Ethereum Smart Contracts to Conceal Malware Payloads

Google Expands Scope of Salesloft Drift Breach, Warns OAuth Token Theft Reached Google Workspace Emails