Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Wiz – AI-Powered Pentest Assistant (Open Source) (github.com/code3hr)
1 point by youncj 16 days ago | hide | past | favorite | 2 comments


I would find a new name.

https://www.wiz.io


I built Wiz because I was tired of context-switching between remembering tool syntax and actually doing security work.

## Background

I've been doing security assessments for a while, and the workflow is always: 1. Remember the right tool for the job 2. Look up the flags (again) 3. Run the command 4. Parse the output manually 5. Copy findings to a spreadsheet 6. Repeat 100 times 7. Manually write the report

## What Wiz Does

Wiz lets you describe what you want in natural language:

"check if this Apache server is vulnerable to path traversal"

And it: 1. Selects the right tools (nuclei with CVE-2021-41773 templates) 2. Runs them with correct parameters 3. Parses the output into structured findings 4. Classifies by severity (Critical/High/Medium/Low) 5. Stores with evidence for the report 6. Generates professional reports when you're done

## Technical Details

Built on OpenCode (https://github.com/sst/opencode), which provides: - Superior agent architecture vs generic LLM CLIs - Extensible tool framework with typed I/O - Multi-LLM support (Claude, GPT-4, Gemini, local models)

Wiz adds a security layer: - 30+ tool integrations with output parsers - Findings database with OWASP/CVE categorization - Governance engine (scope enforcement, audit trails) - Report generation (HTML, PDF, Markdown)

## What It's NOT

- Not a replacement for knowing what you're doing - Not for unauthorized testing - Not a magic "hack anything" button

It's an assistant that handles the tedious parts so you can focus on analysis.

## Stack

- TypeScript/Bun - Runs on Kali, Parrot, any Linux, macOS, Windows - Requires API key (Claude recommended, GPT-4 works too)

## Links

- GitHub: https://github.com/code3hr/opencode - Downloads: https://github.com/code3hr/opencode/releases/latest

Open source, MIT licensed. Feedback welcome! ```

---

## Quick Demo Script (for Video/GIF)

``` # Terminal recording script

$ ./cyxwiz

> scan 10.0.0.5 for vulnerabilities

[Wiz runs nmap, detects Apache 2.4.41] [Wiz runs nikto, finds misconfigurations] [Wiz runs nuclei, matches CVE-2021-41773]

Found 1 critical, 2 high, 3 medium findings.

> show critical findings

CRITICAL: CVE-2021-41773 - Apache Path Traversal - Target: 10.0.0.5:80 - Impact: Remote Code Execution - Evidence: [response data] - Remediation: Upgrade to Apache 2.4.51+

> generate report

Report generated: assessment-2024-01-15.html ```




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: