u/Away_Replacement8719

Repo: https://github.com/FrancescoStabile/numasec

I got tired of using coding agents (Codex, Claude Code...) for cybersecurity stuff, they are amazing for code, but security work is not just “read repo, edit file, run tests”.

Cyber is messy with terminals, browser research, scanners, lot of tools (kali suite is the perfect example), notes, screenshots, findings, scope, reports: unlike coding in security the context is fragmented, it is built over time, there are many different paths, it is literally impossible to effectively use current AI agents as support during a pentest or bug bounty currently.

I hated having to explain the target again and again, paste tool output into a chat, keep notes somewhere else and then rebuild the whole story at the end.

So I built numasec, it is an open-source AI security agent that lives in the terminal, it's multi-agent with 5 specialized agents (Pentest, Hacking, OSINT, Appsec, and a generalist Security agent i call it my personal Jarvis) it knows which local tools are available, follows security strategies, switches modes, keeps context and helps move through security workflows.

Not illegal hacker magic, just the agent I wanted for security work, to me it really feels like Jarvis wired into Kali linux.

Better than I expected, V4 Flash managed to keep track of the machine, reason through failed paths, build the kill chain and step after step obtained root access and both the flags.

I’m not claiming it is Deepseek Mythos ahahah but it's a pretty solid result in my opinion (no writeup search, i've seen the entire run and saved it, not even training data cause it's a recent room).

Bonus points: never refuse to perform cyber tasks, not only with CTF, i did OSINT/Bug Bounty too.

I got tired of using coding agents (Codex, Claude Code...) for cybersecurity stuff, they are amazing for code, but security work is not just “read repo, edit file, run tests”.

It is messy with terminals, browser research, scanners, lot of tools (i use kali a lot), notes, screenshots, findings, scope, reports: unlike coding in security the context is fragmented, it is built over time, there are many different paths, it is literally impossible to effectively use current AI agents as support during a pentest or bug bounty currently.
I hated having to explain the target again and again, paste tool output into a chat, keep notes somewhere else and then rebuild the whole story at the end.

So I built numasec, it is an open-source AI security agent that lives in the terminal, it's multi-agent with 5 specialized agents (Pentest, Hacking, OSINT, Appsec, and a generalist Security agent i call it my personal Jarvis) it knows which local tools are available, follows security strategies, switches modes, keeps context and helps move through security workflows.

Listen, not a Burp replacement or other well known tools (numasec can use them), not illegal hacker magic, just the agent I wanted for security work, it really feels like Jarvis wired into a Kali workflow.

Repo:
https://github.com/FrancescoStabile/numasec

npm install -g numasec

Instead of jumping between terminal, browser, notes, screenshots, scanners and reports: knows which tools are available, perform recon, exploit, osint and knows the context (I hate having to explain everything every time), I was tired using AI via the web or having to settle for agents designed for coding.
Definitely a huge step forward, feels like Jarvis wired into Kali linux.

repo: https://github.com/FrancescoStabile/numasec