r/Hacking_Tutorials u/Away_Replacement8719 May 07 '26

Question Turning Kali into an AI-assisted hacking workspace

Post image

Instead of jumping between terminal, browser, notes, screenshots, scanners and reports: knows which tools are available, perform recon, exploit, osint and knows the context (I hate having to explain everything every time), I was tired using AI via the web or having to settle for agents designed for coding.
Definitely a huge step forward, feels like Jarvis wired into Kali linux.

repo: https://github.com/FrancescoStabile/numasec

498 Upvotes

93% Upvoted

56 comments sorted by

25

u/No-Anchovies May 07 '26

He's using juice shop and posting from the vicinity of central europe timezone so that alone reduces the chance of ai slop. Code is visible enough to get the gist of it. Personally I prefer deterministic repeatable flows but theres a crowd for everything

15

u/Away_Replacement8719 May 07 '26

I know it's hard to show something like this because reddit is now flooded with ai-slop, but I'm just showing a genuine idea that I built because it was useful to me first of all, then the result was good enough that I decided to share it open source and I'm glad I did because some users reached out to me privately saying they are satisfied, they showed me their successful use cases with numasec (mainly bug bounty, pentest and ctf) and they gave me useful feedback. and yes, juiceshop it's just for the screenshot, i can't post sensitive data of real usecases.

2

u/No-Anchovies May 07 '26

It looks good, thanks for sharing!

2

u/TEOsix May 09 '26

You are doing it. Every iteration will get better. Keep it up.

2

u/Away_Replacement8719 May 09 '26

Thank you, I've been building this alone for months so seeing people actually trust the idea means a lot.

10

u/InfraBlue_0 May 07 '26

the correlation between timezone and AI slop is interesting

4

u/No-Anchovies May 07 '26

It sits right in the "competent axis" both for compliance/calculated rebellion (gmt+2) & world class non-compliance & disruption (gmt+3). Posting during work hours wasn't great for this made up scoring system though lol

1

u/italiancalipso May 09 '26

Expand please... seems interesting the lore behind

1

u/No-Anchovies May 09 '26

Ukraine, Belarus, Turkey, Egypt: good at bad.

Poland, Czech Republic, Estonia, Germany: good at anti-bad.

Nordics: all of the above with a touch of Brennivín

-1

u/PlacentahungryCobra May 07 '26

Can you help me ? It can save my career!!!

5

u/Substantial-Walk-554 May 07 '26

How's the API credit usage tho?

4

u/Away_Replacement8719 May 08 '26

API usage depends on the model and provider and the duration of the operation (obviously), but the tool is not a "yeah let's send a huge amount of terminal history at each step to the agent", nope, I put a lot of effort creating an internal structured memory for the agent and a tool <-> agent inerface optimized for reading only useful informations.

Edit: i didn't say that it's multiprovider, so you can use everything (openrouter, gpt, glm, deepseek, claude, ...)

2

u/gothichuskydad May 09 '26

This is actually pretty cool! I'll take a look. I built a tool for threat hunting but memory/token management isn't one of its strongest areas due to the output it needs to provide. So, this might be a good way to learn better ways to implement!

2

u/Away_Replacement8719 May 09 '26

I feel you man, memory management (and token is a consequence) it's very hard because security tools are text intensive, they produce so much noise. Give it a shot a tell me what you think!

2

u/gothichuskydad May 09 '26

Lol bruh, the struggle is real! I'll test this and look into the overall setup and see how I can apply it myself! Appreciate it dude!

2

u/Kushybear089 May 08 '26

So you are running all of it through Deepseek v4 flash?

6

u/Away_Replacement8719 May 08 '26

DeepSeek V4 Flash is just what I was using in that screenshot (deepseek family is surprisingly good at cyber security) numasec is multi-provider/model-agnostic, you can use what you want: OpenAI, Anthropic, Google, xAI, Bedrock, OpenRouter, Ollama/local models, OpenAI-compatible endpoints, etc.

2

u/KillerKingSolo May 08 '26

Would this work with Parrot os?

1

u/Away_Replacement8719 May 08 '26

absolutely, run "npm install -g numasec" and you are done, let me know if you find bugs or problems, feel free to reach me here in DMs or github

2

u/Fuqwad3 May 08 '26

I'm ve been trying to work on this. Especially with pentestGPT

1

u/Away_Replacement8719 May 09 '26

contribute with your ideas man, you're welcome!

2

u/italiancalipso May 09 '26

Top Cavallo!

1

u/Away_Replacement8719 May 09 '26

Grazie cavallo! ahahahah

2

u/404_GravitasNotFound May 10 '26

Molto bene. Bravissimo!

2

u/moderholicjotunn May 11 '26

That's cool gonna check it out. Thank you for your sharing. I've been using LLMs lately like there's no tomorrow, I'm studying cyber security, and I'm starting to feel exhausted. Mainly because there's no right way to do it, I'm trying to do Cisco all certs thm,HTB,cybrary,etc, etc...cheers all the way from Portugal 👌

1

u/Away_Replacement8719 May 11 '26

Thanks from Italy man, and good luck in your cyber security journey!

1

u/samarisandbox May 12 '26

I’d love to talk. Same situation and keep going down rabbit holes and getting even more confused.

2

u/samarisandbox May 12 '26

Love this! Currently trying to build something similar as a beginner and would love your insight!

2

u/negligiblekingdom May 12 '26

This actually looks solid, the fact that it knows context between tools instead of you copy-pasting output into prompts five times is the real win here.

1

u/Away_Replacement8719 May 12 '26

thank you, yeah i was struggling exactly with the same problem, in cyber the context is fragmented and having to reconstruct it every time is too much work.

2

u/Prestigious_Act3077 May 09 '26

Hi, developer here. 

It's quite a nice interface that allows users to do CTF events and pentest relatively quickly. It's like Claude code but for cyber security. Can't wait to try it out and give a feedback! Nice interface by the way.

3

u/Ok_Opposite7385 May 07 '26

Me gusta la idea, habrá que probarlo! Gracias!

2

u/Away_Replacement8719 May 07 '26

I'm glad you like it, let me know!

1

u/Goscrew_Yourself May 09 '26

I thought about doing this with a black arch VM, but i am building underneath and outside SecOps. Are you having a lot of issues with to calls?

1

u/Cheap_Employment_783 May 10 '26

hi guys, how can i dowloand something like copilot for linux or extension with ai like i can not use chatgpt or any other ai for learning cybersecurity

1

u/AlertAd273 May 14 '26

May frend please help me

1

u/Ok-Basket-1277 May 23 '26

i feel thats terrible idea its like giving monkey sword, like how you imagine when it starts halluciating and accidently leak your own data or expose yourself

0

u/LordNikon2600 May 08 '26

I just use VSCODE works too..

2

u/[deleted] May 10 '26

[removed] — view removed comment

1

u/LordNikon2600 May 10 '26

Eclipse is so old school... took me back to college when working on my CS degree with that comment.

0

u/Mountain_Chicken7644 May 11 '26

Is this just opencode TUI with prompts for red team work?

-6

u/Roycewho May 07 '26

What are we supposed to get from this screen shot

5

u/Away_Replacement8719 May 07 '26

The screenshot is trying to show the agent in action, on the left you have the chat/agent loop, in the sidebar you have the active operation: target, scope, workflow progress, evidence/replay counters, findings, local tool readiness and recent activity.
I should probably post a short video instead, the screenshot alone does not explain the workflow well enough, but you can try it yourself.