Autonomous Offensive Security
Point at a target.
Watch it fall.
One command turns any terminal into a team of specialized AI agents — recon, web, network, cloud and post-exploitation — that map your attack surface, exploit it, and write the report.
Bolt Server
Deploy on any VPS, Docker, or Kali box. Ed25519 key pairing. One CyberStrike controls dozens of Bolt servers — each with its own toolkit. 7,600+ Ed25519-signed skills, lazy-loaded, injected at runtime.
HackBrowser
Built-in Chromium. Browse manually or let it crawl autonomously. Every HTTP request captured and routed to 8 vulnerability testers in parallel. Multi-credential support — crawl as admin, then as user, discover the gaps.
Network & Post-Exploitation
Kerberoast, NTLM relay, DCSync — automated lateral movement from foothold to Domain Admin. macOS credential extraction, Windows privilege escalation, 29 eBPF kernel scripts, AWS/Azure/K8s hooks. No external tools needed.
Agentic Finding Validation
Baseline. Attack. Compare. Findings are only reported when there's a measurable, reproducible difference. No hallucinated vulnerabilities — 3-Gate PoC validation.
MCP Native Support
176+ security tools built on Model Context Protocol. Add custom MCP servers from npm packages, build your own with Plugin SDK (15+ hook types). Cloud audit, GitHub security, CVE intelligence, OSINT — plug-and-play.
Over 150 LLM Providers · Over 5,300 Models
Anthropic, OpenAI, Google, Bedrock, Azure, xAI, Groq, Mistral, DeepSeek — or fully offline with Ollama/LM Studio. Air-gapped mode: no data leaves your network. Zero lock-in.
Works everywhere
Run security assessments from your terminal. CLI, TUI, Web, and IDE integrations available.
Get started in minutes
Install Cyberstrike
One command to install. Works on macOS, Linux, and Windows with WSL.
Add Your API Keys
Bring your own keys from 144 providers — Anthropic, OpenAI, Google, DeepSeek, and more. Full control over your AI costs.
Start Hacking
Point Cyberstrike at your target and let the AI agent do the reconnaissance and exploitation.
Everything you need for security testing
Cyberstrike combines the power of multiple AI models with battle-tested security tools.
Multi-Model AI
144 providers, 800+ models. Claude, GPT-5, Gemini, DeepSeek, Ollama, and more. Switch between providers seamlessly.
Automated Scanning
Comprehensive vulnerability scanning for web apps, APIs, and infrastructure with zero configuration.
BYOK Model
Use your own API keys. Full control over costs and data privacy. No vendor lock-in.
Detailed Reports
Generate professional pentest reports in PDF, Markdown, or HTML with remediation guidance.
CLI & TUI
Powerful terminal interface with both CLI for scripting and TUI for interactive sessions.
Fully Extensible
Fork it, customize it, add your own tools. AGPL-3.0 licensed, community-driven development.
Trusted by security professionals
7,600+
Offensive security skills
800+
AI models supported
144
AI providers integrated
AGPL
Licensed & open source
From the security community
Cyberstrike cut our vulnerability assessment time by 70%. The AI actually understands context and doesn't just throw false positives at you.
Alex Chen
Senior Security Engineer
Finally, an AI tool that thinks like a pentester. The reconnaissance phase alone saves me hours on every engagement.
Sarah Mitchell
Penetration Tester
The BYOK model is brilliant. I keep my API costs under control and my client data stays private. Win-win.
Marcus Rodriguez
Security Consultant
Love that it's open source. We forked it, added our custom tools, and now have a pentesting agent tailored to our methodology.
Emily Watson
Red Team Lead
Being able to switch between Claude and GPT-4 mid-session is a game changer. Different models excel at different tasks.
James Park
Bug Bounty Hunter
Self-hosted, air-gapped, running on local models. Perfect for our compliance requirements. And it's completely free.
Lisa Thompson
CISO
From the community
What people are saying about CyberStrike across the web.
Arctic Wolf: Inside FortiBleed — Reverse engineering the CyberStrike Harvester
Jun 23, 2026
The Hacker News: FortiBleed targeted FortiGate firewalls in 110M credential harvesting operation
Jun 23, 2026
SpyCloud: What we found inside the FortiBleed threat actor infrastructure
Jun 19, 2026
SOCRadar: Dismantling FortiBleed — CyberStrike identified as primary operational payload
Jun 18, 2026
Open Source
Cyberstrike is open source under AGPL-3.0. Free for personal use, research, and education. Commercial license available for enterprises. Powerful AI-driven security testing for everyone.
100% Open Source
AGPL-3.0 licensed. Fork it, modify it, self-host it. Full transparency, no hidden code.
Community Driven
Built by security professionals, for security professionals. Join our growing community.
No Vendor Lock-in
Bring your own API keys. Works with 144 providers and 800+ models — OpenAI, Anthropic, DeepSeek, local models, and more.
Contribute
PRs welcome! Help us build the future of AI-powered penetration testing.
Star us on GitHub to show your support!
Stay in the loop
Get the latest updates on new features, security tools, and AI agent improvements. Be the first to know.
Join 1,000+ security professionals