A new open-source security platform called SecSuite, developed under the TheSecuredAnalyst project, has been released, combining OSINT reconnaissance, web vulnerability scanning, API security assessment, compliance checking, and AI-powered analysis into a single unified toolkit.
Available on GitHub at 53cur3dL34rn/security-suite, the tool targets security professionals, penetration testers, and red teams who need a modular, extensible suite capable of running entirely offline with local AI models.
SecSuite v0.1.0 ships with 11 OSINT modules, 6 web security scanners, and 4 API security testing tools, all accessible from a unified CLI or a REST API built on FastAPI.
The platform supports AI-powered analysis via three providers: Ollama (for fully local, offline inference), Anthropic Claude, and OpenAI GPT. This AI layer enables automated correlation finding, executive summary generation, and interactive LLM-driven remediation workflows, making it one of the more complete open-source security suites available today.
The tool is designed with minimal friction in mind. A single setup script (setup.sh on Linux/macOS or setup.ps1 on Windows) Handles the entire installation chain: Python, all dependencies, Ollama, and a local AI model with no administrator privileges required on Windows.
SecSuite’s capabilities span the full attack surface reconnaissance and testing lifecycle:
| Module | Capabilities | Integrations |
|---|---|---|
| OSINT (11 modules) | DNS, WHOIS, subdomain discovery, port scanning, tech detection, email harvesting | nmap, Shodan, VirusTotal |
| Web Scanner (6 modules) | XSS, SQLi, directory bruteforce, SSL/TLS analysis, crawling | Nuclei |
| API Security (4 modules) | OpenAPI parsing, auth bypass, JWT testing, BOLA/IDOR, endpoint fuzzing | REST API |
| AI Analysis | Finding correlation, executive summaries, interactive remediation | Ollama, Anthropic, OpenAI |
| SIEM Integration | Log forwarding, alerting, webhook delivery | Splunk, Elasticsearch, Syslog, Slack/Discord/PagerDuty |
| Compliance | OWASP Top 10, CIS Controls assessment | — |
| Exploit | CVE lookup and exploit search | SearchSploit, Exploit-DB |
One of the most operationally significant capabilities in SecSuite is its AI-driven remediation engine (secsuite ai remediate). Rather than producing a static report, this module scans a target, identifies findings, and interactively walks the operator through fixing each issue using a local LLM.
For each finding, such as Redis running without authentication, the AI proposes specific shell commands ([CHECK], [FIX], [VERIFY]) that the user can execute, edit, or skip in real time.
This closes the gap between vulnerability identification and remediation, a workflow traditionally requiring separate tooling. Crucially, the entire process runs on local models like Qwen2.5 or LLaMA 3.2 via Ollama, meaning no scan data, credentials, or infrastructure details leave the operator’s environment.
The apisec module targets REST APIs by ingesting OpenAPI/Swagger specifications and systematically testing discovered endpoints. Three sub-modules cover distinct attack vectors:
endpoints— Tests for BOLA/IDOR, SQL/NoSQL/command injection, mass assignment, and information disclosure.auth— Checks for authentication bypass, broken authentication, JWT weaknesses (including thenonealgorithm attack and missingexpclaims), and rate-limiting gaps.fuzzer— Sends boundary values, injection payloads, and malformed request bodies to surface crashes and data leaks.
The REST API server (secsuite serve) exposes these capabilities as programmatic HTTP endpoints, enabling integration into existing CI/CD pipelines, security orchestration platforms, or custom tooling via curl or Python clients.
The web scanner module demonstrates practical detection in the tool’s demo output: a scan of example.com correctly flags SSLv3 as enabled, identifying the host as vulnerable to the POODLE attack (CVE-2014-3566).
This real-time SSL/TLS analysis module checks for deprecated protocol support, weak cipher suites, and certificate chain issues, completing in under one second in documented test cases.
XSS and SQL injection scanners, directory brute-force via wordlists, and Nuclei template-based vulnerability scanning round out the web testing surface.
SecSuite’s architecture separates concerns into three layers: a user interface layer (CLI via Typer + REST API via FastAPI), a core infrastructure layer (target modeling, caching, HTTP client, exporters), and a scanning module layer.
All scan results can be exported in JSON, CSV, HTML, or Markdown. The scheduler module enables cron-based recurring scans with persistent history, and SIEM integration supports CEF/LEEF formatted log delivery to Splunk, Elasticsearch, and Syslog pipelines.
All API keys, Shodan, VirusTotal, Anthropic, and OpenAI, are optional. Core functionality operates entirely without external API keys by leveraging Ollama for local AI inference, making the tool viable in air-gapped or restricted network environments.
SecSuite v0.1.0 is available now on GitHub under the 53cur3dL34rn/security-suite repository. The project targets security professionals conducting authorized penetration testing, red team exercises, and security assessments.
All API and AI integrations are optional, and the tool’s modular architecture allows teams to adopt only the components relevant to their assessment scope.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post SecSuite – AI-powered Tool for OSINT, Web and API Security Testing appeared first on Cyber Security News.
The original article found on Cyber Security News Read More
