Share
## https://sploitus.com/exploit?id=486C0AC5-4613-5BB2-A01C-57C320F5C264
# NETSEC-AGENT

> **Autonomous AI Penetration Testing Terminal โ€” powered by Xiaomi MiMo V2.5**

`NETSEC-AGENT` is a multi-agent offensive-security platform that orchestrates 5 specialized AI agents to perform end-to-end penetration testing: from passive reconnaissance, through service enumeration, vulnerability matching, safe PoC suggestion, all the way to a structured JSON + markdown report.

The entire UI is a tmux-style multi-pane terminal with amber CRT phosphor styling โ€” designed for security researchers who live in the shell.

---

## โš™๏ธ Architecture

```
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ INPUT LAYER โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚   target_url โ”€โ”€โ”                                                       โ”‚
โ”‚   scope โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ–ถ  orchestrator.py  โ”€โ”€โ”€โ”€ prompt โ”€โ”€โ”€โ”€โ–ถ MiMo V2.5-pro  โ”‚
โ”‚   model โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                                       (1M ctx, JSON)  โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                                โ”‚  tool_calls[]
                                โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ EXECUTION LAYER โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚   recon  โ†’  enum  โ†’  vuln  โ†’  exploit  โ†’  report                       โ”‚
โ”‚   pro       flash    pro      pro        v2.5                          โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                                โ”‚  structured_output (JSON schema)
                                โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ OUTPUT LAYER โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚   findings.json ยท report.md ยท exec-summary.txt ยท TTS audio             โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
```

## ๐Ÿค– Agents

| # | Agent | Model | Role | Tools |
|---|-------|-------|------|-------|
| 01 | `recon-agent` | `mimo-v2.5-pro` | Passive surface mapping | dnsx, subfinder, whois, wayback |
| 02 | `enum-agent` | `mimo-v2-flash` | Service & port enumeration | nmap, masscan, banner-grab |
| 03 | `vuln-agent` | `mimo-v2.5-pro` | CVE matching + reasoning | nvd-search, nuclei-templates, cvss-calc |
| 04 | `exploit-agent` | `mimo-v2.5-pro` | Safe PoC suggestion | exploit-db, poc-templates |
| 05 | `report-agent` | `mimo-v2.5` | Structured JSON + markdown report | json-schema, markdown-render, pdf-export |

## ๐Ÿ”ฅ Why MiMo V2.5

1. **1M context window** โ€” full nmap output + HTTP responses + CVE feed in a single prompt, no chunking.
2. **Function-call orchestration** โ€” each agent runs a tool-calling loop. MiMo decides when to invoke tools.
3. **Structured JSON output** โ€” `findings[]` schema enforced at decode. Downstream agents always get valid JSON.
4. **Multimodal vision** โ€” `mimo-v2.5` ingests admin-panel screenshots to identify tech stacks from favicons.

## ๐Ÿ’ฐ Token Economics

| Agent | Model | Input | Output | Cost |
|-------|-------|-------|--------|------|
| recon | mimo-v2.5-pro | 12K | 3K | $0.021 |
| enum | mimo-v2-flash | 8K | 2K | $0.0014 |
| vuln | mimo-v2.5-pro | 45K | 8K | $0.069 |
| exploit | mimo-v2.5-pro | 30K | 5K | $0.045 |
| report | mimo-v2.5 | 40K | 6K | $0.028 |
| **total** | | **~140K** | **~24K** | **~$0.165 / scan** |

Projected: 300 scans/day ร— 140K = **~42M tokens/day** ยท **~1.26B tokens/month**

## ๐Ÿš€ Run Locally

```bash
git clone https://github.com/benkansaja/netsec-agent.git
cd netsec-agent
python3 -m http.server 8080
# open http://localhost:8080
```

## ๐Ÿ“ฆ Deploy

Static site, deploys instantly to Vercel:

```bash
vercel --prod
```

## โš ๏ธ Disclaimer

Educational demo. Pentest only systems you **own** or have **written authorization to test**. Unauthorized access is illegal in most jurisdictions.

## ๐Ÿ”— Links

- **MiMo Platform:** https://platform.xiaomimimo.com/
- **MiMo AI Studio:** https://aistudio.xiaomimimo.com
- **Orbit 100T Program:** https://100t.xiaomimimo.com/

---

Built on **MiMo V2.5** ยท Apache-2.0