MCPcopy Index your code
hub / github.com/TheSecuredAnalyst/security-suite

github.com/TheSecuredAnalyst/security-suite @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
915 symbols 3,628 edges 107 files 629 documented · 69%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Security Suite

CI Python 3.10+ License: AGPL-3.0

A comprehensive open-source security tools suite for OSINT reconnaissance, web security testing, API security assessment, and compliance checking with AI-powered analysis.

   ____            ____        _ __
  / __/__ ___     / __/_ __(_) /____
 _\ \/ -_) __/   _\ \/ // / / __/ -_)
/___/\__/\__/   /___/\_,_/_/\__/\__/

       =[ SecSuite v0.1.0 ]=
+ -- --=[ 11 OSINT modules | 6 Web scanners | 4 API security tools ]=--
+ -- --=[ AI-powered analysis with Ollama/Anthropic/OpenAI         ]=--
+ -- --=[ SIEM integration | Scheduled scans | REST API            ]=--

Quick Setup (One Command)

Clone the repo, then run the setup script for your OS. It installs Python, all dependencies, Ollama, and a local AI model automatically.

Linux / macOS

git clone https://github.com/53cur3dL34rn/security-suite.git
cd security-suite
bash setup.sh

Options:

bash setup.sh --model qwen2.5      # choose a different AI model
bash setup.sh --no-ollama          # skip Ollama / AI setup
bash setup.sh --no-extras          # skip nmap / searchsploit

Windows

Open PowerShell as a normal user (no administrator needed) and run:

git clone https://github.com/53cur3dL34rn/security-suite.git
cd security-suite
powershell -ExecutionPolicy Bypass -File setup.ps1

Options:

# Choose a different AI model
powershell -ExecutionPolicy Bypass -File setup.ps1 -Model qwen2.5

# Skip Ollama
powershell -ExecutionPolicy Bypass -File setup.ps1 -NoOllama

# Skip nmap
powershell -ExecutionPolicy Bypass -File setup.ps1 -NoExtras

Windows note: If you don't have winget, the script will tell you what to install manually. winget is built into Windows 10 (version 2004+) and Windows 11 via the App Installer in the Microsoft Store.

After setup, activate the environment whenever you open a new terminal:

# Linux / macOS
source venv/bin/activate

# Windows PowerShell
.\venv\Scripts\Activate.ps1

Highlights

Module Capabilities Tools
OSINT DNS, WHOIS, subdomains, ports, tech detection, headers, emails nmap, Shodan, VirusTotal
Web Scanner XSS, SQLi, directory bruteforce, SSL/TLS analysis, crawling Nuclei
API Security OpenAPI parsing, auth bypass, JWT testing, BOLA/IDOR, fuzzing REST API
AI Analysis Finding correlation, executive summaries, interactive LLM remediation Ollama, Anthropic, OpenAI
REST API Trigger scans and retrieve results programmatically via HTTP FastAPI
SIEM Splunk, Elasticsearch, Syslog, webhooks (Slack/Discord/PagerDuty) CEF/LEEF
Scheduler Cron-based recurring scans with persistent history
Compliance OWASP Top 10, CIS Controls assessment
Exploit Exploit search and CVE lookup SearchSploit, Exploit-DB
Phishing Security awareness campaigns and simulation

Demo

DNS Enumeration

$ secsuite osint dns example.com

DNS Enumeration: example.com
╭──────────────────────── [INFO] IPv4 Addresses Found ─────────────────────────╮
│ Domain resolves to 2 IPv4 address(es)                                        │
╰──────────────────────────────────────────────────────────────────────────────╯
  addresses: ['104.18.27.120', '104.18.26.120']
...
Completed in 0.68s

SSL/TLS Analysis

$ secsuite scan ssl example.com

SSL/TLS Analysis: example.com
╭──────────────────────────── [HIGH] SSLv3 Enabled ────────────────────────────╮
│ SSLv3 is enabled - vulnerable to POODLE attack                               │
╰──────────────────────────────────────────────────────────────────────────────╯
Completed in 0.78s

REST API (Interactive Docs)

$ secsuite serve
Starting Security Suite API on http://0.0.0.0:8000
Interactive docs: http://localhost:8000/docs

Then open http://localhost:8000/docs in your browser to explore and test all endpoints interactively.


Architecture

┌──────────────────────────────────────────────────────────────────┐
│                         User Interface                           │
├───────────────────────────┬──────────────────────────────────────┤
│   CLI (Typer)             │  REST API (FastAPI)                  │
│   secsuite <command>      │  /api/v1/scans                       │
│                           │  /api/v1/apisec   ← API sec testing  │
│                           │  /api/v1/results                     │
│                           │  /api/v1/modules                     │
└───────────────────────────┴──────────────────────────────────────┘
                               │
                               ▼
┌──────────────────────────────────────────────────────────────────┐
│                     Core Infrastructure                          │
│  Target Model · Config · Logging · Caching · Error Handling     │
│  HTTP Client · Exporters (JSON/CSV/HTML/Markdown)               │
└──────────────────────────────────────────────────────────────────┘
                               │
                               ▼
┌──────────────────────────────────────────────────────────────────┐
│                      Scanning Modules                            │
│  OSINT (11)  ·  Web Scanner (6)  ·  API Security (4)           │
│  AI Analysis ·  SIEM (4)  ·  Scheduler  ·  Compliance          │
│  Exploit     ·  Phishing  ·  Vuln Scan  ·  Threat Intel        │
└──────────────────────────────────────────────────────────────────┘

Manual Installation

If you prefer not to use the setup script:

git clone https://github.com/53cur3dL34rn/security-suite.git
cd security-suite

# Create and activate virtual environment
python3 -m venv venv
source venv/bin/activate          # Linux/macOS
# .\venv\Scripts\Activate.ps1    # Windows PowerShell

# Install (pick one)
pip install -e .                  # base only
pip install -e ".[all]"           # everything (recommended)
pip install -e ".[dashboard]"     # adds FastAPI/uvicorn for the REST API
pip install -e ".[ai]"            # adds Anthropic/OpenAI SDK

Configuration

Copy .env.example to .env and add your API keys (all optional):

cp .env.example .env
Variable Service Required
SECSUITE_SHODAN_API_KEY Shodan host intelligence No
SECSUITE_VIRUSTOTAL_API_KEY VirusTotal malware analysis No
SECSUITE_ANTHROPIC_API_KEY Claude AI analysis No
SECSUITE_OPENAI_API_KEY GPT AI analysis No
SECSUITE_API_KEY Protect the REST API with a key No

Core features work without any API keys. For local AI with no keys, use Ollama (included in the setup scripts).


Usage

OSINT Reconnaissance

secsuite osint dns example.com              # DNS enumeration
secsuite osint whois example.com            # WHOIS lookup
secsuite osint subdomains example.com       # Subdomain discovery
secsuite osint headers https://example.com  # HTTP security headers
secsuite osint ports 192.168.1.1            # Port scan (requires nmap)
secsuite osint tech https://example.com     # Technology detection
secsuite osint emails example.com           # Email harvesting
secsuite osint vt example.com               # VirusTotal lookup
secsuite osint shodan 8.8.8.8              # Shodan lookup
secsuite osint full example.com             # Run all OSINT modules

Web Security Scanning

secsuite scan crawl https://example.com
secsuite scan xss "https://example.com/search?q=test"
secsuite scan sqli "https://example.com/product?id=1"
secsuite scan dirs https://example.com
secsuite scan ssl example.com
secsuite scan nuclei https://example.com

API Security Testing — What You Need to Know First

If you're not familiar with APIs, here's the short version:

An API is how two programs talk to each other over the internet. For example, when a mobile app loads your account data, it's calling an API. An API has endpoints — specific URLs that do specific things (e.g. /users/login, /orders/list).

An OpenAPI spec (also called a Swagger spec) is a document that describes all the endpoints of an API — what inputs they take, what they return, and whether they require a login. It's usually a .json or .yaml file. Security Suite reads this document to know what to test.

How to find the spec for your own app:

If you built your app with FastAPI, Django REST Framework, or similar frameworks, the spec is usually auto-generated. Common locations to try in your browser:

http://localhost:8000/openapi.json    ← FastAPI default
http://localhost:8000/swagger.json
http://localhost:8000/api-docs
http://localhost:8000/swagger/v1/swagger.json  ← .NET / ASP.NET
http://localhost:8000/v2/api-docs              ← Spring Boot

Or let Security Suite search for it automatically:

secsuite serve
# then:
curl -X POST http://localhost:8000/api/v1/apisec/discover \
  -H "Content-Type: application/json" \
  -d '{"base_url": "http://localhost:YOUR_APP_PORT"}'

A complete example — testing your own FastAPI app:

# Terminal 1: start your app (example)
uvicorn myapp:app --port 5000

# Terminal 2: run Security Suite against it
source venv/bin/activate
secsuite api scan http://localhost:5000/openapi.json

API Security Testing (CLI)

# Point at an OpenAPI/Swagger spec URL and run all tests
secsuite api scan https://api.example.com/openapi.json

# With a bearer token for authenticated endpoints
secsuite api scan https://api.example.com/openapi.json --token eyJhbGci...

# Fuzz all endpoints
secsuite api fuzz https://api.example.com/openapi.json --max 200

# Test authentication specifically
secsuite api auth-test https://api.example.com/openapi.json

REST API Server

# Start the server (opens docs at http://localhost:8000/docs)
secsuite serve

# Custom port
secsuite serve --port 9000

# With API key protection (callers must send X-API-Key header)
secsuite serve --api-key mysecretkey

# Dev mode (auto-reloads on code changes)
secsuite serve --reload

API security testing via REST:

# 1. Discover where the OpenAPI spec lives on a target API
curl -X POST http://localhost:8000/api/v1/apisec/discover \
  -H "Content-Type: application/json" \
  -d '{"base_url": "https://api.example.com"}'

# 2. Parse the spec to see what endpoints exist
curl -X POST http://localhost:8000/api/v1/apisec/parse \
  -H "Content-Type: application/json" \
  -d '{"base_url": "https://api.example.com/openapi.json"}'

# 3. Run a full API security scan
curl -X POST http://localhost:8000/api/v1/apisec/scan \
  -H "Content-Type: application/json" \
  -d '{
    "spec_url": "https://api.example.com/openapi.json",
    "modules": ["endpoints", "auth", "fuzzer"],
    "auth_token": "eyJhbGci..."
  }'

# 4. Poll for results using the scan_id from step 3
curl http://localhost:8000/api/v1/scans/{scan_id}

Available apisec modules: | Module | What it checks | |--------|---------------| | endpoints | BOLA/IDOR, SQL/NoSQL/command injection, mass assignment, info disclosure | | auth | Auth bypass, broken auth, JWT weaknesses (none-alg, missing exp), rate limiting | | fuzzer | Boundary values, injection payloads, malformed bodies — looks for crashes and leaks |

AI-Powered Analysis

# Analyse a target with a local AI model (no API key needed)
secsuite ai analyze example.com --provider ollama --model llama3.2

# Use Claude or GPT (requires API key in .env)
secsuite ai analyze example.com --provider anthropic
secsuite ai analyze example.com --provider openai

# Ask a security question
secsuite ai ask "How do I harden SSH on Ubuntu?" --provider ollama --model llama3.2

# Executive summary for leadership
secsuite ai executive example.com --provider ollama --model qwen2.5

# Correlate findings and identify attack chains
secsuite ai correlate example.com

# Interactive remediation — scans then walks you through fixes
secsuite ai remediate localhost --provider ollama --model qwen2.5
secsuite ai remediate localhost --dry-run   # preview without executing

Reports

secsuite report html example.com -o report.html
secsuite report html example.com -o report.html --ai --provider ollama --model llama3.2
secsuite report json example.com -o report.json
secsuite report remediation "sql injection"

Other Commands

secsuite vuln scan 192.168.1.0/24              # Network vulnerability scan
secsuite threat ip 8.8.8.8                     # IP threat intelligence
secsuite password audit "MyPassword123"        # Password strength check
secsuite password generate --length 24         # Generate secure password
secsuite schedule create "Weekly" --target example.com --frequency weekly
secsuite exploit search "apache 2.4"
secsuite phish templates
secsuite config                                 # Show current configuration
secsuite wordlists                              # Show wordlist status

Local LLM Setup (Ollama)

If you used the setup scripts, Ollama is already installed and a model is downloaded. To add more models:

# Small / fast (good for most systems)
ollama pull llama3.2          # 3B params, ~2 GB, fast
ollama pull qwen2.5:3b        # 3B params, excellent instruction following

# Better quality (needs ~6 GB RAM)
ollama pull qwen2.5:7b
ollama pull llama3.1:8b
ollama pull mistral:7b

# Use any model with secsuite
secsuite ai ask "Explain SSRF" --provider ollama --model qwen2.5:7b

AI-Driven Remediati

Core symbols most depended-on inside this repo

get
called by 455
modules/threat_intel/ip_scanner.py
get
called by 85
core/cache.py
add_finding
called by 76
core/models.py
_t
called by 59
modules/mitre/mapper.py
get_logger
called by 48
core/logger.py
run_async
called by 41
cli/main.py
complete
called by 37
core/models.py
from_string
called by 33
core/models.py

Shape

Method 545
Function 171
Class 168
Route 31

Languages

Python100%

Modules by API surface

cli/main.py60 symbols
dashboard/app.py30 symbols
modules/threat_intel/ip_scanner.py28 symbols
modules/scheduler/scheduler.py26 symbols
modules/phishing/campaign.py25 symbols
modules/ai/llm_client.py23 symbols
tests/test_exporters.py22 symbols
tests/test_error_handling.py20 symbols
modules/exploit/metasploit.py19 symbols
modules/ai/remediation_copilot.py19 symbols
core/guardrails.py19 symbols
modules/orchestrator/loop.py18 symbols

For agents

$ claude mcp add security-suite \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page