Autonomous
pentest.

AI-driven penetration testing that runs entirely on your infrastructure. Self-hosted Docker container. Zero-knowledge architecture — ModularCISO never sees your targets, your results, or your API keys.

Coming Soon v1.0.0 Docker
# Pull the image
$ docker pull ghcr.io/zealot88/
  modularciso-pentest:1.0.0

# Run it
$ docker run -d -p 8443:8443 \
  -v reports:/app/reports \
  ghcr.io/zealot88/modularciso-pentest:1.0.0

# Open
$ open http://localhost:8443
$
01 — How it works
Five-phase autonomous assessment.
Point it at a domain. The pipeline runs recon, network scanning, web fuzzing, vulnerability detection, and then hands control to an AI agent that chains attacks autonomously.
01
Recon
WHOIS, DNS records (A, MX, TXT), domain intelligence gathering
02
Network
Nmap port scanning with service and version detection
03
Web Scan
ffuf directory fuzzing + Nuclei vulnerability scanner (9,900+ templates)
04
AI Agent
Autonomous OODA loop — observe, orient, decide, act. Up to 15 chained attack iterations
05
Report
Brutalist threat dashboard with findings sorted by severity
02 — AI Providers
Your keys, your models.
Bring any OpenAI-compatible LLM. Cloud APIs or self-hosted — the tool adapts to your infrastructure.
OpenAI
Anthropic
Ollama
GPUStack
vLLM
Custom

Ollama, GPUStack, vLLM, and Custom endpoints use the OpenAI-compatible /v1/chat/completions protocol. API keys never leave your machine.

03 — Architecture
Zero-knowledge by design.
ModularCISO has no access to your targets, scan results, AI API keys, or findings. Everything runs inside a Docker container on your machine. We ship the tool — you own the execution.

Your Machine

API keys stay here.
Docker host.

Container

Nmap, ffuf, Nuclei,
AI agent run here.

Your Targets

Results stay on
your machine.

04 — Quick start
Three commands.
# 1. Pull the image from GitHub Container Registry
docker pull ghcr.io/zealot88/modularciso-pentest:1.0.0

# 2. Run the container (reports persist across restarts)
docker run -d -p 8443:8443 \
  -v pentest-reports:/app/reports \
  ghcr.io/zealot88/modularciso-pentest:1.0.0

# 3. Open the Brutalist web interface
open http://localhost:8443
05 — What's inside
Bundled toolchain.
Nmap 7.80
Port scanning, service detection, NSE scripts
Nuclei 3.7.0
9,900+ vulnerability templates. CVEs, misconfigs, exposures
ffuf 1.1.0
Directory enumeration, path discovery, content fuzzing
AI Red Team
Autonomous agent with OODA loop. Chains attacks based on findings
Web Dashboard
Real-time scan progress via SSE. Brutalist threat report generation
Persistent Storage
Reports survive container restarts via Docker volume mount

Coming soon

The Pentest Tool is currently in development. Create a free account to be notified when it becomes available.

Create Account → ← Back to Tools