Share
## https://sploitus.com/exploit?id=486C0AC5-4613-5BB2-A01C-57C320F5C264
# NETSEC-AGENT
> **Autonomous AI Penetration Testing Terminal โ powered by Xiaomi MiMo V2.5**
`NETSEC-AGENT` is a multi-agent offensive-security platform that orchestrates 5 specialized AI agents to perform end-to-end penetration testing: from passive reconnaissance, through service enumeration, vulnerability matching, safe PoC suggestion, all the way to a structured JSON + markdown report.
The entire UI is a tmux-style multi-pane terminal with amber CRT phosphor styling โ designed for security researchers who live in the shell.
---
## โ๏ธ Architecture
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ INPUT LAYER โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ target_url โโโ โ
โ scope โโโโโโโโผโโโถ orchestrator.py โโโโ prompt โโโโโถ MiMo V2.5-pro โ
โ model โโโโโโโโ (1M ctx, JSON) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ tool_calls[]
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโ EXECUTION LAYER โโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ recon โ enum โ vuln โ exploit โ report โ
โ pro flash pro pro v2.5 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ structured_output (JSON schema)
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโ OUTPUT LAYER โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ findings.json ยท report.md ยท exec-summary.txt ยท TTS audio โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
```
## ๐ค Agents
| # | Agent | Model | Role | Tools |
|---|-------|-------|------|-------|
| 01 | `recon-agent` | `mimo-v2.5-pro` | Passive surface mapping | dnsx, subfinder, whois, wayback |
| 02 | `enum-agent` | `mimo-v2-flash` | Service & port enumeration | nmap, masscan, banner-grab |
| 03 | `vuln-agent` | `mimo-v2.5-pro` | CVE matching + reasoning | nvd-search, nuclei-templates, cvss-calc |
| 04 | `exploit-agent` | `mimo-v2.5-pro` | Safe PoC suggestion | exploit-db, poc-templates |
| 05 | `report-agent` | `mimo-v2.5` | Structured JSON + markdown report | json-schema, markdown-render, pdf-export |
## ๐ฅ Why MiMo V2.5
1. **1M context window** โ full nmap output + HTTP responses + CVE feed in a single prompt, no chunking.
2. **Function-call orchestration** โ each agent runs a tool-calling loop. MiMo decides when to invoke tools.
3. **Structured JSON output** โ `findings[]` schema enforced at decode. Downstream agents always get valid JSON.
4. **Multimodal vision** โ `mimo-v2.5` ingests admin-panel screenshots to identify tech stacks from favicons.
## ๐ฐ Token Economics
| Agent | Model | Input | Output | Cost |
|-------|-------|-------|--------|------|
| recon | mimo-v2.5-pro | 12K | 3K | $0.021 |
| enum | mimo-v2-flash | 8K | 2K | $0.0014 |
| vuln | mimo-v2.5-pro | 45K | 8K | $0.069 |
| exploit | mimo-v2.5-pro | 30K | 5K | $0.045 |
| report | mimo-v2.5 | 40K | 6K | $0.028 |
| **total** | | **~140K** | **~24K** | **~$0.165 / scan** |
Projected: 300 scans/day ร 140K = **~42M tokens/day** ยท **~1.26B tokens/month**
## ๐ Run Locally
```bash
git clone https://github.com/benkansaja/netsec-agent.git
cd netsec-agent
python3 -m http.server 8080
# open http://localhost:8080
```
## ๐ฆ Deploy
Static site, deploys instantly to Vercel:
```bash
vercel --prod
```
## โ ๏ธ Disclaimer
Educational demo. Pentest only systems you **own** or have **written authorization to test**. Unauthorized access is illegal in most jurisdictions.
## ๐ Links
- **MiMo Platform:** https://platform.xiaomimimo.com/
- **MiMo AI Studio:** https://aistudio.xiaomimimo.com
- **Orbit 100T Program:** https://100t.xiaomimimo.com/
---
Built on **MiMo V2.5** ยท Apache-2.0