A groundbreaking open-source framework called Guardian is redefining penetration testing by utilizing multiple advanced language models to automate security assessments. This innovative tool, developed by Zakir Kun and available on GitHub, integrates AI technologies such as OpenAI GPT-4, Anthropic Claude, Google Gemini, and OpenRouter to deliver comprehensive and adaptive security evaluations.
Guardian’s unique multi-agent architecture includes four key roles: Planner, Tool Selector, Analyst, and Reporter. These agents collaborate to enhance the efficiency of penetration tests, with the Planner outlining the strategy, the Tool Selector choosing from 19 integrated tools, the Analyst evaluating findings, and the Reporter compiling detailed reports.
Integrating Cutting-edge Security Tools
The Guardian framework incorporates 19 proven security tools across various domains. For network scanning, tools like Nmap and Masscan are employed, while web reconnaissance benefits from httpx, WhatWeb, and Wafw00f. Subdomain discovery is handled by Subfinder, Amass, and DNSRecon, and vulnerability scanning tools include Nuclei, Nikto, SQLMap, and WPScan. SSL/TLS analysis is conducted using TestSSL and SSLyze, while content discovery is facilitated by Gobuster, FFuf, and Arjun. Advanced security analysis is achieved through tools like XSStrike, GitLeaks, and CMSeeK.
Guardian’s adaptability is a key feature, allowing it to function even with a limited set of installed tools. The AI-driven framework adjusts its approach based on available resources and identified vulnerabilities. Asynchronous execution further enhances efficiency by allowing multiple tools to run simultaneously.
Optimized for Efficiency and Flexibility
Preconfigured workflows for Recon, Web, Network, and Autonomous modes are included with Guardian, all of which are customizable via YAML files. This flexibility ensures that teams can tailor their testing strategies to meet specific needs, with workflow parameters prioritizing customized settings over default configurations.
Reports generated by Guardian are produced in Markdown, HTML, or JSON formats, providing comprehensive documentation of the testing process. Each report includes raw tool outputs, AI decision logs, and executive summaries, with findings linked to the original command executions for thorough session reconstruction.
Ensuring Secure and Authorized Testing
Guardian incorporates essential safety mechanisms to ensure secure and authorized use. Scope validation automatically blocks private IP ranges and a safe mode prevents any destructive actions by default. Confirmation prompts before sensitive operations introduce a human oversight element, while audit logging records all AI decisions for post-engagement review.
Requiring Python 3.11 or higher, Guardian supports environment variable-based API key management and is compatible with Linux, macOS, and Windows. Released as version 2.0.0, future updates are set to introduce a web dashboard, PostgreSQL backend, and MITRE ATT&CK mapping for enhanced insights.
This innovative project is available on GitHub, exclusively for authorized penetration testing and educational purposes. Stay informed on cybersecurity advancements by following us on Google News, LinkedIn, and X.
