Secorizon
open source · research

SecorizonAI
Built by pentesters, for pentesters.

A terminal-native AI shell with shell access, methodology playbooks, and zero patience for cloud-AI condescension about whether you're authorized. Single binary, local model via Ollama, no telemetry, no rate-limited API.

View on GitHubRequest a demo
design

The four ideas

Things were already obvious to anyone who's stared at a cloud LLM saying "I can't help with that" mid-engagement. SecorizonAI is what happens when you build the agent the security industry actually needs.

The terminal is the UI

No web app, no electron, no daemon. Just `./secorizon` and you're talking to your model. Bracketed paste, raw-mode TTY, arrow-key history — the things you'd expect.

The model has shell access

Commands the AI runs in its tool-use loop run on your machine, in your shell, with your privileges. The agent does the work — it doesn't just tell you what to type.

System prompt + methodology guides

Plain markdown files define identity, rules, and workflow. Pentest playbooks for recon, web, code review, exploit dev. Edit, restart, redeploy in seconds.

Local-first

All inference happens on your hardware via Ollama. No cloud round-trip, no telemetry, no rate-limited API. Your engagement data never leaves the box.

internals

How it works

Every model response is a small JSON object — text for you, an optional shell command, a status flag. The shell parses it, runs the command, feeds the output back as the next user turn, and the loop continues. Simple, transparent, and trivially extensible.

  • Single Go binary. ~10MB, statically linked, one external dep.
  • JSON tool-use loop. Format-enforced via Ollama. The shell parses it, never trusts free-form prose.
  • No MCP required. Shell + curl is universal. MCP can layer on if you want it — it's not the primary path.
  • Methodology guides. Toggle on/off per session — load only the playbooks the engagement needs.
tool-use response · /api/chat
{
  "text": "Checking what's listening on the
            target's edge...",
  "command": "curl -sI https://target.example",
  "search": "",
  "status": "continue"
}
use cases

Where it shines

External recon

Cert transparency, DNS, HTTP fingerprinting, takeover candidates, exposed admin surfaces — chained reasoning, not a pipeline.

Code audit

Multi-file review with attacker mindset. Spots logic flaws, race conditions, deserialization sinks, auth bypasses that linters miss.

Active Directory

Stealthy network asset mapping, IPv6, NBT-NS / LLMNR / MDNS poisoning on selected targets, hash cracking. Chains into NTLM relay, ESC, and beyond.

Exploit development

Crash triage, ROP chain reasoning, primitive identification, PoC drafting. Pairs naturally with gdb/pwndbg sessions.

Bug bounty workflow

Subdomain → tech → vuln → PoC → H1 writeup, all in one shell. The agent drafts the report; you sign off.

Custom domains

Plain-markdown system prompt + guides means you can retarget the same chassis at legal research, financial analysis, or whatever your work demands.

quick start

Up and running in 5 minutes

# 1. Install Ollama (https://ollama.com)
curl -fsSL https://ollama.com/install.sh | sh

# 2. Pull a JSON-mode-friendly instruct model
ollama pull <your-model>:tag

# 3. Build the chat binary
go build -o secorizon-go ./src/chat.go

# 4. Drop in your system prompt
mkdir -p ~/.secorizon
$EDITOR ~/.secorizon/SECORIZON.md

# 5. Run it
SECORIZON_MODEL=<your-model>:tag ./secorizon

The system prompt is plain markdown — identity, rules, workflow protocol. Methodology playbooks live in ~/.secorizon/guides/ and load on demand via slash commands.

pricing

Two ways to get SecorizonAI Pro

License the heart of SecorizonAI — the system prompt and methodology guides — and run it on your own infrastructure. Or have us apply it to specific targets on a pay-per-asset basis.

testing as a service

Targeted testing

$100/ IP — or custom price / web application

We run SecorizonAI against your scope and deliver a findings report with PoCs and remediation. No retainer, no minimum.

  • Full SecorizonAI assessment per asset
  • Findings report with reproducible PoCs
  • Remediation guidance per finding
  • Pay only for what you scope
Get a quote
★ the heart of SecorizonAI
license

SecorizonAI Methodology

Customscoped to your environment

Own the brain of SecorizonAI — the system prompt and methodology guides. Run it on your own infrastructure, your own model, your own engagements.

  • Full system prompt (SECORIZON.md)
  • All methodology guides — recon, web, code review, etc. plus custom methodologies based on your needs
  • Lifetime license, no subscription
  • Run on your own infra with your own model
  • Full installation on your hardware — we set it up end-to-end
  • Free support for the first 6 months
Request a quote

Larger scopes, retained engagements, or bespoke methodologies — get in touch.

Ready to put SecorizonAI to work?

Tell us your scope. We'll come back with a quote, a timeline, and a clear answer on which plan fits your situation.

Get in touch View on GitHub