Secorizon
open source · research

SecorizonAI
Built by pentesters, for pentesters.

A terminal-native AI shell with shell access, methodology playbooks, and zero patience for cloud-AI condescension about whether you're authorized. Single binary, local model via Ollama, no telemetry, no rate-limited API.

View on GitHubRequest a demo
design

The four ideas

Things were already obvious to anyone who's stared at a cloud LLM saying "I can't help with that" mid-engagement. SecorizonAI is what happens when you build the agent the security industry actually needs.

The terminal is the UI

No web app, no electron, no daemon. Just `./secorizon` and you're talking to your model. Bracketed paste, raw-mode TTY, arrow-key history — the things you'd expect.

The model has shell access

Commands the AI runs in its tool-use loop run on your machine, in your shell, with your privileges. The agent does the work — it doesn't just tell you what to type.

System prompt + methodology guides

Plain markdown files define identity, rules, and workflow. Pentest playbooks for recon, web, code review, exploit dev. Edit, restart, redeploy in seconds.

Local-first

All inference happens on your hardware via Ollama. No cloud round-trip, no telemetry, no rate-limited API. Your engagement data never leaves the box.

internals

How it works

Every model response is a small JSON object — text for you, an optional shell command, a status flag. The shell parses it, runs the command, feeds the output back as the next user turn, and the loop continues. Simple, transparent, and trivially extensible.

  • Single Go binary. ~10MB, statically linked, one external dep.
  • JSON tool-use loop. Format-enforced via Ollama. The shell parses it, never trusts free-form prose.
  • No MCP required. Shell + curl is universal. MCP can layer on if you want it — it's not the primary path.
  • Methodology guides. Toggle on/off per session — load only the playbooks the engagement needs.
tool-use response · /api/chat
{
  "text": "Checking what's listening on the
            target's edge...",
  "command": "curl -sI https://target.example",
  "search": "",
  "status": "continue"
}
use cases

Where it shines

External recon

Cert transparency, DNS, HTTP fingerprinting, takeover candidates, exposed admin surfaces — chained reasoning, not a pipeline.

Code audit

Multi-file review with attacker mindset. Spots logic flaws, race conditions, deserialization sinks, auth bypasses that linters miss.

Active Directory

Passive network reconnaissance — silent asset and topology mapping, IPv6 discovery, NBT-NS / LLMNR / MDNS traffic analysis in analyze mode. Observes and gathers intelligence without ever injecting, poisoning, or altering the target.

Exploit development

Crash triage, ROP chain reasoning, primitive identification, PoC drafting. Pairs naturally with gdb/pwndbg sessions.

Bug bounty workflow

Subdomain → tech → vuln → PoC → H1 writeup, all in one shell. The agent drafts the report; you sign off.

Custom domains

Plain-markdown system prompt + guides means you can retarget the same chassis at legal research, financial analysis, or whatever your work demands.

quick start

Up and running in 5 minutes

# 1. Install Ollama (https://ollama.com)
curl -fsSL https://ollama.com/install.sh | sh

# 2. Pull a JSON-mode-friendly instruct model
ollama pull <your-model>:tag

# 3. Build the chat binary
go build -o secorizon-go ./src/chat.go

# 4. Drop in your system prompt
mkdir -p ~/.secorizon
$EDITOR ~/.secorizon/SECORIZON.md

# 5. Run it
SECORIZON_MODEL=<your-model>:tag ./secorizon

The system prompt is plain markdown — identity, rules, workflow protocol. Methodology playbooks live in ~/.secorizon/guides/ and load on demand via slash commands.

pricing

Two ways to get SecorizonAI Pro

License the heart of SecorizonAI — the system prompt and methodology guides — and run it on your own infrastructure. Or have us apply it to specific targets on a pay-per-asset basis.

testing as a service

Targeted testing

$100/ IP — or custom price / web application

We run SecorizonAI against your scope and deliver a findings report with PoCs and remediation. No retainer, no minimum.

  • Full SecorizonAI assessment per asset
  • Findings report with reproducible PoCs
  • Remediation guidance per finding
  • Pay only for what you scope
Get a quote
★ the heart of SecorizonAI
license

SecorizonAI Methodology

Customscoped to your environment

Own the brain of SecorizonAI — the system prompt and methodology guides. Run it on your own infrastructure, your own model, your own engagements.

  • Full system prompt (SECORIZON.md)
  • All methodology guides — recon, web, code review, etc. plus custom methodologies based on your needs
  • Lifetime license, no subscription
  • Run on your own infra with your own model
  • Full installation on your hardware — we set it up end-to-end
  • Free support for the first 6 months
Request a quote

Larger scopes, retained engagements, or bespoke methodologies — get in touch.

Ready to put SecorizonAI to work?

Tell us your scope. We'll come back with a quote, a timeline, and a clear answer on which plan fits your situation.

Get in touch View on GitHub