Wiz – AI-Powered Pentest Assistant (Open Source)(github.com)
1 pointby youncj8 hours ago2 comments
  • toomuchtodo7 hours ago
    I would find a new name.

    https://www.wiz.io

  • youncj8 hours ago
    I built Wiz because I was tired of context-switching between remembering tool syntax and actually doing security work.

    ## Background

    I've been doing security assessments for a while, and the workflow is always: 1. Remember the right tool for the job 2. Look up the flags (again) 3. Run the command 4. Parse the output manually 5. Copy findings to a spreadsheet 6. Repeat 100 times 7. Manually write the report

    ## What Wiz Does

    Wiz lets you describe what you want in natural language:

    "check if this Apache server is vulnerable to path traversal"

    And it: 1. Selects the right tools (nuclei with CVE-2021-41773 templates) 2. Runs them with correct parameters 3. Parses the output into structured findings 4. Classifies by severity (Critical/High/Medium/Low) 5. Stores with evidence for the report 6. Generates professional reports when you're done

    ## Technical Details

    Built on OpenCode (https://github.com/sst/opencode), which provides: - Superior agent architecture vs generic LLM CLIs - Extensible tool framework with typed I/O - Multi-LLM support (Claude, GPT-4, Gemini, local models)

    Wiz adds a security layer: - 30+ tool integrations with output parsers - Findings database with OWASP/CVE categorization - Governance engine (scope enforcement, audit trails) - Report generation (HTML, PDF, Markdown)

    ## What It's NOT

    - Not a replacement for knowing what you're doing - Not for unauthorized testing - Not a magic "hack anything" button

    It's an assistant that handles the tedious parts so you can focus on analysis.

    ## Stack

    - TypeScript/Bun - Runs on Kali, Parrot, any Linux, macOS, Windows - Requires API key (Claude recommended, GPT-4 works too)

    ## Links

    - GitHub: https://github.com/code3hr/opencode - Downloads: https://github.com/code3hr/opencode/releases/latest

    Open source, MIT licensed. Feedback welcome! ```

    ---

    ## Quick Demo Script (for Video/GIF)

    ``` # Terminal recording script

    $ ./cyxwiz

    > scan 10.0.0.5 for vulnerabilities

    [Wiz runs nmap, detects Apache 2.4.41] [Wiz runs nikto, finds misconfigurations] [Wiz runs nuclei, matches CVE-2021-41773]

    Found 1 critical, 2 high, 3 medium findings.

    > show critical findings

    CRITICAL: CVE-2021-41773 - Apache Path Traversal - Target: 10.0.0.5:80 - Impact: Remote Code Execution - Evidence: [response data] - Remediation: Upgrade to Apache 2.4.51+

    > generate report

    Report generated: assessment-2024-01-15.html ```