ExaAiAgent

Advanced AI-Powered Cybersecurity Agent for Comprehensive Penetration Testing

[!TIP]
🚀 v2.2.5 Released! Focused on runtime reliability, cleaner CLI/TUI flows, stronger agent coordination, import-safe sandbox tooling, and improved prompt specialization.

🤖 Connect Your Agent: You can onboard another AI agent by pointing it to the repository skill:
Read https://raw.githubusercontent.com/hleliofficiel/ExaAiAgent/main/SKILL.md and follow the instructions to operate ExaAiAgent

🔥 What's New in v2.2.5

🧱 Runtime Reliability & Developer Workflow

This release focuses on making ExaAiAgent much more predictable to operate and easier to integrate into agent-driven workflows:

CI on Pull Requests: lint, type-check, unit tests, and smoke tests now run automatically
Legacy Cleanup: removed stale strix references that broke tests and dev tooling
Import-Safe Tool Server: sandbox tool server no longer parses CLI arguments at import time
Dependency Compatibility Fixes: resolved websockets compatibility issues affecting installs

🧠 Better Agent Orchestration

Improved Agent Messaging: fixed agent resume/waiting behavior and sandbox readiness issues
Normalized Agent Statuses: cleaner status flow across graph, tracer, and UI
Multi-Tool LLM Responses: no longer truncates model output to the first tool call only
Prompt Module Merging: role defaults and user-selected modules now combine correctly

💻 Better CLI/TUI Behavior

Interactive Target Submission: TUI can now queue a target and start scanning more cleanly
Improved Error Surfacing: clearer runtime errors in CLI/TUI instead of silent failures
Smarter Prompt Resolution: auto-detected prompt modules now wire into execution more reliably
Docker Requirement Made Explicit: first-run/runtime expectations are clearer during startup

🤖 AI Agent Integration

Repository Skill Updated: SKILL.md now cleanly onboards other AI agents to use and operate ExaAiAgent
OpenClaw-Friendly Operation: better fit for external AI agents controlling scans or maintaining the tool

🛡️ Smart Security Tools

Tool	Capability
Smart Fuzzer	Thread-safe, context-aware fuzzing with rate limiting
Response Analyzer	SQL errors, stack traces, sensitive data detection
Vuln Validator	PoC generation with false positive reduction
WAF Bypass	Multi-layer bypass for Cloudflare, Akamai, AWS WAF

⚡ CLI & Stability

Thread-Safety: Fixed race conditions in async scans
Resource Management: Auto-shutdown and cleanup of background processes
Installation: Robust install.sh for Linux/macOS (bash/zsh/fish)

# New install script
curl -sSL https://raw.githubusercontent.com/hleliofficiel/ExaAiAgent/main/install.sh | bash

🔥 ExaAiAgent Overview

ExaAiAgent is an elite AI-powered cybersecurity agent that acts like a real penetration tester - running your code dynamically, finding vulnerabilities, and validating them through actual proof-of-concepts. Built for developers and security teams who need fast, accurate security testing.

Key Capabilities:

🔧 Full hacker toolkit out of the box
🤝 Teams of agents that collaborate and scale
✅ Real validation with PoCs, not false positives
💻 Developer‑first CLI with actionable reports
🔄 Auto‑fix & reporting to accelerate remediation
🧠 Multi-LLM Support - OpenAI, Anthropic, Gemini, local models
🌐 Cloud & Container Security testing capabilities
🚀 Smart Module Loading - Auto-detects and loads relevant modules

🎯 Use Cases

Application Security Testing - Detect and validate critical vulnerabilities
Rapid Penetration Testing - Get pentests done in hours, not weeks
Bug Bounty Automation - Automate research and generate PoCs
CI/CD Integration - Block vulnerabilities before production
API Security Testing - REST, GraphQL, gRPC security analysis
Cloud Security - AWS, Azure, GCP configuration review

🚀 Quick Start

Prerequisites:

Docker (running)
Python 3.12+
An LLM provider (OpenAI, Anthropic, OpenRouter, Ollama, or any compatible provider)

Installation & First Scan

# Install ExaAiAgent

# Method 1: Automated Script (Recommended)
pip install exaai-agent 
# Method 2: pipx
pipx install exaai-agent

# Configure your AI provider (choose one)

# Option 1: OpenAI
export EXAAI_LLM="openai/gpt-5"
export LLM_API_KEY="your-openai-key"

# Option 2: Anthropic
export EXAAI_LLM="anthropic/claude-sonnet-4-5"
export LLM_API_KEY="your-anthropic-key"

# Option 3: OpenRouter (access multiple models)
export EXAAI_LLM="openrouter/auto"
export LLM_API_KEY="your-openrouter-key"
export LLM_API_BASE="https://openrouter.ai/api/v1"

# Option 4: Ollama (local models)
export EXAAI_LLM="ollama/llama3"
export LLM_API_BASE="http://localhost:11434"

# Run your first security assessment (auto-detects modules!)
exaai --target https://your-app.com

[!NOTE]
First run automatically pulls the sandbox Docker image. Results are saved to exaai_runs/<run-name>

✨ Features

🛠️ Agentic Security Tools

ExaAiAgent agents come equipped with a comprehensive security testing toolkit:

Full HTTP Proxy - Request/response manipulation and analysis
Browser Automation - Multi-tab browser for XSS, CSRF, auth flows
Terminal Environments - Interactive shells for command execution
Python Runtime - Custom exploit development and validation
Reconnaissance - Automated OSINT and attack surface mapping
Code Analysis - Static and dynamic analysis capabilities
API Fuzzing - Advanced REST/GraphQL API testing

🎯 Comprehensive Vulnerability Detection

ExaAiAgent identifies and validates a wide range of security vulnerabilities:

Category	Vulnerabilities
Access Control	IDOR, privilege escalation, auth bypass
Injection	SQL, NoSQL, Command, GraphQL injection
Server-Side	SSRF, XXE, deserialization flaws
Client-Side	XSS, prototype pollution, DOM vulnerabilities
Business Logic	Race conditions, workflow manipulation
Authentication	JWT vulnerabilities, OAuth/OIDC flaws, session management
WebSocket	CSWSH, message injection, DoS
Infrastructure	Subdomain takeover, misconfigurations
WAF Bypass	Encoding, smuggling, header manipulation

🕸️ Graph of Agents

Advanced multi-agent orchestration for comprehensive security testing:

Distributed Workflows - Specialized agents for different attacks
Scalable Testing - Parallel execution for fast coverage
Dynamic Coordination - Agents collaborate and share discoveries

💻 Usage Examples

Basic Usage

# Scan a local codebase
exaai --target ./app-directory

# Security review of a GitHub repository
exaai --target https://github.com/org/repo

# Black-box web application assessment
exaai --target https://your-app.com

Smart Auto-Loading (New in v2.0!)

# GraphQL endpoint - auto-loads graphql_security
exaai --target https://api.example.com/graphql

# WebSocket - auto-loads websocket_security
exaai --target wss://chat.example.com/socket

# OAuth endpoint - auto-loads oauth_oidc
exaai --target https://auth.example.com/oauth/authorize

# Subdomain recon - auto-loads subdomain_takeover
exaai --target example.com --instruction "enumerate subdomains"

Advanced Testing Scenarios

# Grey-box authenticated testing
exaai --target https://your-app.com --instruction "Perform authenticated testing using credentials: user:pass"

# Multi-target testing (source code + deployed app)
exaai -t https://github.com/org/app -t https://your-app.com

# With specific modules (overrides auto-detection)
exaai --target https://api.example.com --prompt-modules graphql_security,waf_bypass

# Lightweight mode (reduced token consumption)
export EXAAI_LIGHTWEIGHT_MODE=true
exaai --target https://example.com --instruction "quick security scan"

🤖 Headless Mode

Run ExaAiAgent programmatically without interactive UI:

exaai -n --target https://your-app.com

🔄 CI/CD (GitHub Actions)

name: exaai-security-test

on:
  pull_request:

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install ExaAiAgent
        run: curl -sSL https://raw.githubusercontent.com/hleliofficiel/ExaAiAgent/main/install.sh | bash

      - name: Run ExaAiAgent
        env:
          EXAAI_LLM: ${{ secrets.EXAAI_LLM }}
          LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
        run: exaai -n -t ./

⚙️ Configuration

# Required
export EXAAI_LLM="openai/gpt-5"
export LLM_API_KEY="your-api-key"

# Optional - Performance tuning
export EXAAI_LIGHTWEIGHT_MODE=true    # Reduced token consumption
export EXAAI_MAX_TOKENS=2048          # Max output tokens
export LLM_API_BASE="your-api-base"   # For local models
export PERPLEXITY_API_KEY="key"       # For search capabilities

Recommended Models:

OpenAI GPT-5 (openai/gpt-5)
Anthropic Claude Sonnet 4.5 (anthropic/claude-sonnet-4-5)
Google Gemini 2.0 (gemini/gemini-2.0-flash)

📦 Available Security Modules

Vulnerability Modules

Module	Description
`sql_injection`	SQL/NoSQL injection testing
`xss`	Cross-site scripting attacks
`ssrf`	Server-side request forgery
`xxe`	XML external entity attacks
`rce`	Remote code execution
`idor`	Insecure direct object reference
`authentication_jwt`	Auth & JWT vulnerabilities
`business_logic`	Business logic flaws
`csrf`	Cross-site request forgery
`race_condition`	Race condition exploits
`graphql_security`	GraphQL-specific attacks
`websocket_security`	WebSocket vulnerabilities
`oauth_oidc`	OAuth2/OIDC flaws
`waf_bypass`	WAF bypass techniques
`subdomain_takeover`	Subdomain takeover
`prompt_injection`	AI/LLM prompt injection attacks
`kubernetes_security`	NEW! K8s RBAC & Pod Security auditing
`subdomain_enumeration`	NEW! OSINT-based subdomain discovery
`port_scanning`	NEW! Service discovery & port auditing
`technology_fingerprinting`	NEW! Web tech stack identification

🆕 Changelog

v2.2.5 (Latest)

Runtime Reliability: fixed interactive scan flow, tool-server import safety, sandbox readiness, and agent messaging issues
Developer Workflow: CI now runs lint, type-check, tests, and smoke checks on pull requests
Prompt Intelligence: smarter prompt resolution, merged default/user modules, and new specialist prompt modules for planning, validation, reporting, and runtime recovery
Agent Coordination: normalized statuses and improved multi-tool execution behavior
Agent Onboarding: refreshed SKILL.md so external AI agents can operate and maintain ExaAiAgent more reliably

v2.2.2

Reconnaissance Engine: New modules for subdomain enumeration, port scanning, and tech fingerprinting
AI Agent Integration: OpenClaw/Agent compatibility
Stability Fixes: ToolManager thread-safety, Resource cleanup
DevEx: New install.sh script, improved logging

v2.1.2

Bugfix: Fixed k8s scanner import issue
Banner: Updated banner version string

v2.1.0

New Modules: K8s, Azure, GCP, Prompt Injection
React2Shell: CVE-2025-55182 detection
Auto-Discovery: Improved target detection

🛠️ Troubleshooting

🔧 Troubleshooting

Problem: "LLM Connection Failed" or Model Not Found

Modern models (like gemini-3-pro-preview) require the latest version of litellm to be recognized correctly.

Solution: Update LiteLLM

pip install -U litellm

Linux/Debian Users (Externally Managed Environment):
If you encounter permission errors or "externally-managed-environment", you may need to use a virtual environment (venv) or force a user install:

# Option 1: Virtual Environment (Recommended for Servers)
python3 -m venv venv
source venv/bin/activate
pip install exaai-agent

# Option 2: Force User Install
pip install -U litellm --user --break-system-packages

🤝 Contributing

We welcome contributions! Check out our Contributing Guide.

🌟 Support the Project

Love ExaAiAgent? Give us a ⭐ on GitHub!

🙏 Acknowledgements

ExaAiAgent builds on incredible open-source projects like LiteLLM, Caido, ProjectDiscovery, Playwright, and Textual.

[!WARNING]
Only test apps you own or have permission to test. You are responsible for using ExaAiAgent ethically and legally.