AIDA: Open-Source Platform for AI-Powered Penetration Testing

AIDA is an open-source platform that gives AI agents access to a full penetration testing environment. The AI connects via MCP (Model Context Protocol) to a Docker container, executes security tools directly, adapts its methodology based on findings, and documents everything in a web dashboard.

How It Works

The AI agent runs security tools, reads the output, decides what to do next, runs the next tool, and continues iteratively through the testing process. This creates an automated workflow where the AI drives the penetration testing methodology.

Key Improvements in Current Version

The biggest issue with the first version was the setup requirement: it required pulling Exegol, a massive 40GB Docker image that was a dealbreaker for many users just wanting to test the tool.

The developer has fixed this by creating a purpose-built container that's approximately 1GB. This container includes all essential security tools:

• nmap
• sqlmap
• ffuf
• gobuster
• nikto
• hydra
• subfinder
• impacket

Setup and Usage

The platform now works out of the box with ./start.sh. The simplified workflow is:

1. Clone the repository
2. Run ./start.sh
3. Connect your AI client
4. Begin testing

The project has been getting more stable over recent weeks and the developer is seeking testers and feedback from pentesters, security students, or anyone curious about AI-powered security testing.

AIDA is fully open source and not monetized. The project is available on GitHub at https://github.com/Vasco0x4/AIDA.