[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81755":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":15,"stars7d":16,"stars30d":16,"stars90d":14,"forks30d":14,"starsTrendScore":17,"compositeScore":18,"rankGlobal":9,"rankLanguage":9,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":20,"hasPages":20,"topics":22,"createdAt":9,"pushedAt":9,"updatedAt":23,"readmeContent":24,"aiSummary":25,"trendingCount":14,"starSnapshotCount":14,"syncStatus":26,"lastSyncTime":27,"discoverSource":28},81755,"SecorizonAI","secorizon\u002FSecorizonAI","secorizon","A fully automated terminal-native AI shell built for security professionals.",null,"Go",32,1,26,0,5,6,15,54.5,"Other",false,"main",[],"2026-06-12 04:01:35","# SecorizonAI — Built by Pentesters, for Pentesters\n\n> Author: Laurent Gaffie  \n> https:\u002F\u002Fsecorizon.com  \n> twitter.com\u002Fsecorizon\n\nA terminal-native AI shell built for security professionals. Single Go binary, local model via [Ollama](https:\u002F\u002Follama.com), strict JSON tool-use loop, plain-markdown system prompt + methodology guides — and zero patience for cloud-AI condescension about whether you're \"authorized.\"\n\nIf you've wanted a generic agentic shell aimed specifically at the workflows pentesters actually run, this is for you. Single Go binary, local model via [Ollama](https:\u002F\u002Follama.com), no cloud dependency, no telemetry.\n\n## The Concept\n\n- **The terminal is the UI.** No web app, no electron, no daemon. Just `.\u002Fsecorizon` and you're talking to your model.\n- **The model has shell access.** Commands the AI runs in its tool-use loop run on your machine, in your shell, with your privileges. The agent does the work; it doesn't tell you what to type.\n- **Built-in web search.** When the model needs information it doesn't have — a current CVE, a vendor advisory, a recent writeup — it issues a search query and the results feed back into the next turn. No API keys, no rate limits.\n- **A system prompt + methodology guides** define the agent's identity and workflow. Plain markdown. Edit and restart. The repo ships skeleton examples; the production playbooks (recon, web, code review, exploit dev, AD) are the Pro product.\n- **Local-first.** All inference happens on your hardware. No data leaves the box.\n\nThe default ships with a security-research persona, but the architecture is general — see [docs\u002Fcustom-ai.md](docs\u002Fcustom-ai.md) if you want to repurpose for a different domain.\n\n---\n\n## Quick start\n\n```bash\nollama pull \u003Cyour-model>:tag                       # see docs\u002Fcustom-ai.md\ngo build -o secorizon .\u002Fchat.go\nmkdir -p ~\u002F.secorizon && cp SECORIZON.Example.Pentester.md ~\u002F.secorizon\u002FSECORIZON.md\nSECORIZON_MODEL=\u003Cyour-model>:tag .\u002Fsecorizon\n```\n\nFor the deeper walkthrough (HuggingFace → Ollama, Modelfile, smoke tests), see [docs\u002Fquickstart.md](docs\u002Fquickstart.md). For containerized deployment (recommended), see [docker\u002FREADME.md](docker\u002FREADME.md).\n\n---\n\n## What's in this package\n\n```\nsecorizon\u002F\n├── chat.go                              # The terminal shell (~2,400 lines of Go)\n├── go.mod \u002F go.sum                      # Build metadata (one dep: golang.org\u002Fx\u002Fterm)\n├── SECORIZON.Example.Pentester.md       # EXAMPLE — skeleton pentest system prompt\n├── LICENSE                              # Apache 2.0 + Commons Clause\n├── docs\u002F                                # Documentation\n└── docker\u002F                              # Containerized single-user image (recommended runtime)\n```\n\n**Important:** No production system prompt or methodology guides ship with\nthis package. The example demonstrates the canonical structure; you write\nthe actual agent — or license ours.\n\n---\n\n## What SecorizonAI does differently\n\n| Trait | SecorizonAI | PentestGPT | Open Interpreter | Claude Code | Burp AI |\n|---|---|---|---|---|---|\n| Local LLM (no cloud) | ✓ | ✗ | ✓ | ✗ | ✗ |\n| Shell access (executes, not suggests) | ✓ | ✗ | ✓ | ✓ | partial |\n| Pentest-specific persona + playbooks | ✓ | ✓ | ✗ | ✗ | ✓ (web-only) |\n| Anti-refusal posture baked into prompt | ✓ | ✗ | n\u002Fa | ✗ | ✗ |\n| Single binary, no Python deps | ✓ | ✗ | ✗ | ✗ | n\u002Fa |\n| MCP support (Burp etc.) | ✓ | ✗ | partial | ✓ | n\u002Fa |\n| Open source | ✓ (shell) | ✓ | ✓ | ✗ | ✗ |\n| Methodology | ✓ (Pro) | ✗ | ✗ | ✗ | ✗ |\n\n\n---\n\n## Documentation map\n\n| Doc | What it covers |\n|---|---|\n| [docs\u002Fquickstart.md](docs\u002Fquickstart.md) | End-to-end: HuggingFace → GGUF → Ollama → SecorizonAI |\n| [docs\u002Finstallation.md](docs\u002Finstallation.md) | Building from source, running, Docker deployment |\n| [docs\u002Fconfiguration.md](docs\u002Fconfiguration.md) | Every env var, slash command, and config file path |\n| [docs\u002Fcustom-ai.md](docs\u002Fcustom-ai.md) | Swapping models, writing custom system prompts and guides |\n| [docs\u002Farchitecture.md](docs\u002Farchitecture.md) | How the JSON tool-use loop works internally |\n\n---\n\n## Two-line summary if you skip the docs\n\nThe shell sends your message + system prompt to a local LLM via Ollama. The model responds with structured JSON containing prose for you, and optionally a shell command to run or a web search to perform. The shell executes those, feeds results back, and loops until the model says \"done\" — then waits for your next message.\n\nThat's it. It's a terminal-native ReAct loop with a curated system prompt and methodology guides. Everything else is implementation detail.\n\n---\n\n## Status & expectations\n\n- **Battle-tested locally** for pentesting workflows.\n- **Single-user assumed.** Run the binary directly on your AI server, or — recommended — inside the `docker\u002F` container so the agent's commands are sandboxed.\n- **No telemetry, no auth on the binary itself.** Anyone with terminal access runs as you. Don't expose the chat shell to untrusted users; the container only isolates the *agent* from your filesystem, not other humans from the agent.\n- **No safety wheels.** The default system prompt explicitly tells the model to execute commands, fetch URLs, and act autonomously. This is intentional — it's a tool for security professionals. Treat the agent like a junior team member with sudo: capable, useful, and worth supervising.\n- **Multi-user SSH deployments** (one shared SecorizonAI container, isolated home dirs per engineer) are part of the [SecorizonAI Pro](https:\u002F\u002Fsecorizon.com\u002Fsecorizonai) license.\n\n---\n\n## License\n\nSecorizonAI is licensed under **Apache 2.0 with the [Commons Clause](LICENSE)** condition.\n\nThe principle is simple: **you can use it freely, you can't sell it without permission.**\n\n| If you are… | What you can do |\n|---|---|\n| Anyone — researcher, hobbyist, student, NGO, government, employee at a for-profit company | Use it freely. Modify it. Fork it. Redistribute it. |\n| A pentester \u002F consultancy \u002F MSSP \u002F red team running it on paid engagements | Use it freely. The engagement is your product, SecorizonAI is one of your tools. |\n| A company deploying it on internal infrastructure for any purpose | Use it freely. |\n| Wrapping SecorizonAI into a **paid product** | Requires a commercial license. |\n| Operating SecorizonAI as a **paid hosted service** for third parties | Requires a commercial license. |\n| Reselling SecorizonAI itself in any form | Requires a commercial license. |\n\n**Commercial licensing** — for productizing, hosting as a service, or bundling SecorizonAI into a paid offering — is available from Secorizon. Contact [licensing@secorizon.com](mailto:licensing@secorizon.com) or visit [secorizon.com\u002Fsecorizonai](https:\u002F\u002Fsecorizon.com\u002Fsecorizonai). The production system prompt + methodology guides ([SecorizonAI Pro](https:\u002F\u002Fsecorizon.com\u002Fsecorizonai)) are also part of the commercial offering.\n\n> **No warranty. Software provided AS IS.**\n> SecorizonAI executes shell commands, fetches URLs, and acts on LLM output. The author and Secorizon make no warranty of any kind and accept no liability for damages arising from its use or misuse. You are responsible for what it does on your systems and your engagements. See LICENSE Sections 7–8 for the formal legal version.\n\nSee [LICENSE](LICENSE) for the full Apache 2.0 + Commons Clause text.\n","SecorizonAI 是一个专为安全专业人士设计的全自动化终端原生AI shell。其核心功能包括通过单个Go二进制文件运行本地模型（使用Ollama），支持严格的JSON工具使用循环和简单的Markdown系统提示，以及内置的网页搜索功能。该工具完全在本地运行，不依赖云服务，无遥测数据收集，确保了用户数据的安全性和隐私性。它特别适合渗透测试人员用于日常工作中涉及的各种任务流程，如漏洞研究、代码审查等场景。通过直接与用户的终端交互并执行命令，SecorizonAI能够以更高效的方式辅助完成复杂的网络安全评估工作。",2,"2026-06-11 04:06:17","CREATED_QUERY"]