SecSuite v0.1.0: Open-Source AI-Powered Security Platform Combines OSINT, Web, and API Testing with Offline Remediation
A new open-source security suite, SecSuite v0.1.0, unifies 21 OSINT, web, and API testing modules with local AI analysis, enabling fully offline penetration testing and interactive remediation.
A comprehensive open-source security testing platform called SecSuite v0.1.0 has been released by the TheSecuredAnalyst project, consolidating OSINT reconnaissance, web vulnerability scanning, API security assessment, compliance checks, and AI-powered analysis into a single modular toolkit. Available on GitHub at 53cur3dL34rn/security-suite, the tool is designed for security professionals, penetration testers, and red teams who require a flexible suite capable of running entirely offline with local AI models. SecSuite ships with 11 OSINT modules, 6 web security scanners, and 4 API security testing tools, all accessible via a unified command-line interface or through a FastAPI-based REST API.
The platform supports AI-driven analysis through three providers: Ollama for fully local offline inference, Anthropic Claude, and OpenAI GPT. This AI layer enables automated correlation of findings, executive summary generation, and interactive LLM-based remediation workflows, making it one of the more complete open-source security suites available. A single setup script (setup.sh on Linux/macOS or setup.ps1 on Windows) handles the entire installation chain, including Python, dependencies, Ollama, and a local AI model, with no administrator privileges required on Windows. All API keys for external services such as Shodan, VirusTotal, and Anthropic are optional; core functionality operates entirely without them by leveraging Ollama.
One of the most operationally significant capabilities is the AI-driven remediation engine, invoked with secsuite ai remediate. Rather than producing a static report, this module scans a target, identifies findings, and interactively walks the operator through fixing each issue using a local LLM. For each finding, such as Redis running without authentication, the AI proposes specific shell commands (with [CHECK], [FIX], [VERIFY] labels) that the user can execute, edit, or skip in real time. This closes the gap between vulnerability identification and remediation, a workflow that traditionally requires separate tooling. Crucially, the entire process runs on local models like Qwen2.5 or LLaMA 3.2 via Ollama, meaning no scan data, credentials, or infrastructure details leave the operator's environment.
The apisec module specifically targets REST APIs by ingesting OpenAPI/Swagger specifications and systematically testing discovered endpoints. Three sub-modules cover distinct attack vectors: the endpoints module tests for BOLA/IDOR, SQL/NoSQL/command injection, mass assignment, and information disclosure; the auth module checks for authentication bypass, broken authentication, JWT weaknesses including the none algorithm attack and missing exp claims, and rate-limiting gaps; and the fuzzer module sends boundary values, injection payloads, and malformed request bodies to surface crashes and data leaks. The REST API server (secsuite serve) exposes these capabilities as programmatic HTTP endpoints, enabling integration into existing CI/CD pipelines, security orchestration platforms, or custom tooling.
The web scanner module demonstrated practical detection capability in the tool's documented output: a scan of example.com correctly flagged SSLv3 as enabled, identifying the host as vulnerable to the POODLE attack (CVE-2014-3566). This real-time SSL/TLS analysis module checks for deprecated protocol support, weak cipher suites, and certificate chain issues, completing scans in under one second in test cases. XSS and SQL injection scanners, directory brute-force via wordlists, and Nuclei template-based vulnerability scanning round out the web testing surface. SecSuite's architecture separates concerns into three layers: a user interface layer (CLI via Typer and REST API via FastAPI), a core infrastructure layer (target modeling, caching, HTTP client, exporters), and a scanning module layer.
All scan results can be exported in JSON, CSV, HTML, or Markdown formats. The scheduler module enables cron-based recurring scans with persistent history, and SIEM integration supports CEF/LEEF formatted log delivery to Splunk, Elasticsearch, and Syslog pipelines. The tool is designed for authorized penetration testing and red team exercises, with its modular architecture allowing teams to adopt only the components relevant to their assessment scope. SecSuite v0.1.0 is available now on GitHub, representing a significant step toward consolidating multiple security testing functions into a single, AI-augmented, offline-capable platform.