AIRecon: AI-Powered Penetration Testing Tool with Kali Linux Sandbox

AIRecon is an autonomous penetration testing agent designed for offline operation. It integrates a self-hosted Ollama LLM with a Kali Linux Docker sandbox. This combination automates end-to-end security assessments, critically ensuring no data exposure to the cloud.

Developed by researcher pikpikcu, it eliminates the prohibitive cost of commercial API-based models like GPT-4 or Claude for recursive recon workflows that can demand thousands of LLM calls per session.

Commercial AI-powered security tools send target intelligence to external servers and require ongoing API subscriptions. AIRecon flips this model entirely; all tool output, vulnerability reports, and session data stay on the operator’s machine.

It integrates natively with Caido proxy, offering five built-in tools: list, replay, automate (using §FUZZ§ markers), findings, and scope management. This makes it particularly well-suited for bug bounty hunters and red teamers who operate under strict data-handling policies.

AIRecon structures every engagement through four automated phases, each with defined objectives, recommended tools, and automatic transition criteria. Phase enforcement is intentionally soft; the agent is guided but never blocked, and checkpoints fire every 5 iterations (phase evaluation), every 10 (self-evaluation), and every 15 (context compression).

The full stack includes the Kali sandbox, browser automation, a custom fuzzer, Schemathesis API fuzzing, and Semgrep SAST for static source analysis.

One of AIRecon’s standout features is its optional airecon-dataset companion, which indexes approximately 1.09 million security records into local SQLite FTS5 databases including CVEs, red team techniques, CTF writeups, Nuclei templates, and bug bounty payloads all completely offline.

The LLM autonomously calls dataset_search before attempting unfamiliar techniques, grounding its decisions in real indexed data rather than pure hallucination. Session memory persists in ~/.airecon/memory/airecon.db, storing findings, WAF bypass patterns, tool reliability scores, and per-target attack chain discoveries that shape future behavior.

AIRecon requires a model with native tool-calling support and extended thinking (<think> blocks). Models below 8B parameters are strongly discouraged due to frequent hallucinations, invented CVEs, and unreliable tool calls. Recommended configurations:

AIRecon ships with 57 built-in skill files and 289 keyword-to-skill auto-mappings covering the most common offensive techniques. The community airecon-skills repository adds 57 additional CLI-based playbooks for CTF, bug bounty, and penetration testing engagements.

MCP server integration is also supported via ~/.airecon/mcp.json, allowing the agent to dynamically expose external tooling such as custom XSS generators or proprietary API scanners as first-class agent tools.

Installation & Google Colab Support

Installation from GitHub requires Python 3.12+, Docker 20.10+, and a running Ollama instance, and can be completed in a single command:

bashcurl -fsSL https://raw.githubusercontent.com/pikpikcu/airecon/refs/heads/main/scripts/install.sh | bash

For operators without sufficient local VRAM, AIRecon supports a Google Colab T4 GPU tunnel setup via Cloudflare, allowing a free-tier Colab session to serve the model while AIRecon’s TUI runs locally.

The free T4 GPU (15 GB VRAM) supports qwen3.5:9b, though sessions are capped at 12 hours and are not suited for deep autonomous recon that exceeds that window.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.