The AI Agent for Cyber Security.
# Add to your Claude Code skills
git clone https://github.com/FrancescoStabile/numasecLast scanned: 5/25/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-05-25T08:22:56.501Z",
"semgrepRan": false,
"npmAuditRan": false,
"pipAuditRan": true
}No comments yet. Be the first to share your thoughts!
30 days in the Featured rail
numasec is an AI security agent that runs in your terminal.
It uses the tools already installed on your machine, follows security runbooks, switches between cyber agents, keeps the operation context alive, tracks findings, stores evidence and helps turn the work into reports.
It is built for people who already live between shell, browser, HTTP requests, scanners, advisories, notes and reports.
A security agent for the workflow you already have.
Security work does not happen in one clean place.
You move between terminal commands, browser work, HTTP requests, local tools, scanners, advisories, notes, screenshots, findings and reports.
AI can help, but only if it lives inside that workflow.
numasec gives the model a security workspace instead of just a chat box. It keeps the target, scope, tools, runbooks, findings, evidence, replay and report state together while the work is happening.
The goal is simple:
make security work feel faster, sharper and less scattered.
numasec is strongest today for authorized AppSec and Pentest workflows. Other cyber surfaces exist or are possible, but they are not marketed as equally mature yet.
Coding agents changed how developers work.
They read code, run commands, edit files, execute tests and stay inside the development loop.
Security needs the same shift, but security work has different constraints.
A security agent needs to know the target, stay inside scope, use the local toolchain, remember what happened, separate noise from findings and keep enough context to produce useful output later.
That is what numasec is trying to become:
the open source AI security agent for the terminal.
Open numasec inside the workspace you are testing, pick the right security agent, check which local tools are available, then start a runbook and let the agent help you move through the workflow.
When the work changes, switch posture. When something matters, keep the finding, evidence, replay and report context close to the operation instead of scattering it across shell history, screenshots and notes.
Then come back later and resume without starting from zero.
numasec starts like a terminal agent, then the security work begins, and it becomes a workspace.
You get the model, the active agent, the command palette, the working directory and the prompt. The point is not to leave your terminal; the point is to make the terminal smarter.
Findings are not dumped into chat: they live in the operation, where each one can carry state, severity, evidence, replay status and next action, so the agent can keep working without losing the thread.
Weak signals can stay weak. Rejected claims remain visible. Reportable findings need proof.
Security work changes shape. AppSec, Pentest, OSINT, CTF/lab and research do not need the same posture, so you can switch the agent when the work changes instead of forcing one generic assistant to behave the same way everywhere.
Operations are durable. Name them, rename them, resume them and export them. A security workflow should not disappear because the chat ended.
npm install -g numasec
numasec
Then start with a local lab, CTF, owned app or authorized target:
/doctor
/mode appsec
/runbook run appsec-web-triage http://localhost:3000
/share
Run numasec from the workspace you are testing and keep the target scope explicit.
| Capability | What it gives you | | --- | --- | | AI security agent | A model that works inside your terminal instead of sitting in a separate chat window. | | Local tools | numasec uses the tools installed on your machine and shows what is available, missing or degraded. | | Runbooks | Security workflows that keep the agent moving through a real task instead of random tool calls. | | Agents | Switch posture with TAB for AppSec, Pentest, OSINT, CTF/lab and research-style work. | | Operation memory | Keep target, scope, activity, findings, evidence, replay and report state together. | | Findings workflow | Track security signals as they move from weak ideas to useful findings. | | Evidence and replay | Keep the material needed to understand, verify and reproduce important work. | | Cyber knowledge | Bring vulnerability intelligence, advisories, methodology and tool docs into the workflow. | | Reports | Generate deliverables from the operation instead of reconstructing everything at the end. | | Share bundles | Export the work so it can be reviewed, resumed or handed off. |
numasec is for people who want an AI agent inside their security workflow, not beside it.
numasec is for authorized security work. Use it only on systems you own, labs, CTFs, or targets where you have permission to test.
numasec is not just a prompt with tools.
It keeps the security workflow connected: target, operation, posture, runbook, local tools, observations, findings, evidence, replay and report.
flowchart LR
target["Target"] --> operation["Operation"]
operation --> posture["Scope + opsec + autonomy"]
posture --> runbook["Runbook"]
runbook --> tools["Local cyber tools"]
tools --> evidence["Evidence"]
evidence --> observations["Observations"]
observations --> findings["Findings"]
findings --> proof["Replay / proof"]
proof --> report["Report"]
operation -. source of truth .-> kernel["Cyber kernel"]
kernel --> evidence
kernel --> findings
kernel --> report
classDef primary fill:#04130d,stroke:#00ff88,color:#eafff4,stroke-width:2px;
classDef secondary fill:#061014,stroke:#00c2ff,color:#eaf9ff,stroke-width:1.5px;
classDef proofNode fill:#151104,stroke:#ffcc66,color:#fff7df,stroke-width:1.5px;
classDef findingNode fill:#190808,stroke:#ff5f6d,color:#fff0f0,stroke-width:1.5px;
class target,operation,posture,runbook,tools primary;
class evidence,observations,kernel secondary;
class proof,report proofNode;
class findings findingNode;
The important part: the operation does not live only in chat. numasec keeps a durable record of the work so the agent can continue, the operator can review, and the report can come from what actually happened.
Most AI security tools fall into one of two traps: they only talk, or they only wrap tools. numasec tries to do something different: keep the workflow alive while the a