npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@cyberstrike-io/cyberstrike

v1.1.13

Published

The first open-source AI agent built for offensive security. Autonomous pentesting from your terminal.

Downloads

2,389

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

orhnyldrmorhnyldrm

Keywords

cyberstrikepentestpentestingsecurityoffensive-securityred-teambug-bountyowaspvulnerabilityai-agentmcpboltclihackinginfosecappsecweb-securitycloud-securityexploitationreconnaissance

Readme

Quick Start

npm i -g @cyberstrike-io/cyberstrike@latest && cyberstrike

That's it. CyberStrike launches a TUI in your terminal, asks for your LLM provider and API key on first run, and you're ready to go. Tell it what to test — it loads relevant skills from 7,300+ MITRE ATT&CK, CIS, OWASP, and NIST test procedures, then handles reconnaissance, vulnerability discovery, exploitation, and reporting autonomously.

Already have a Claude Code or OpenAI subscription? CyberStrike's intelligence layer sits on top of your existing AI subscription. No separate API costs — your current plan powers an entire pentest toolkit.

Explore the full documentation at docs.cyberstrike.io or visit cyberstrike.io for demos and guides.

Intelligence Layer

CyberStrike isn't just a wrapper around an LLM. It's an intelligence layer that transforms any AI model into an offensive security specialist.

How it works: When you connect your LLM provider, CyberStrike injects domain-specific context — OWASP testing methodology, vulnerability patterns, attack chain reasoning, and tool orchestration logic — into every interaction. The model doesn't need to know security; CyberStrike teaches it.

What the intelligence layer provides:

  • Schema normalization — Structured output from any provider, regardless of response format differences
  • Context guard — Prevents prompt leakage and keeps the agent focused on the current test phase
  • Provider auto-detection — Automatically identifies your LLM endpoint and configures the optimal transport
  • Tool orchestration — Chains security tools intelligently based on findings, not fixed scripts

15+ LLM providers supported out of the box:

| Provider | Models | Notes | | ------------------------- | ------------------------ | --------------------------------------- | | Anthropic | Claude 4.5, Claude 4 | Best performance with extended thinking | | OpenAI | GPT-4.1, o3, o4-mini | Full tool-use support | | Google | Gemini 2.5 Pro/Flash | Long context for large codebases | | Amazon Bedrock | All Bedrock models | IAM auth, no API keys needed | | Azure OpenAI | All Azure-hosted models | Enterprise deployments | | Groq | LLaMA, Mixtral | Ultra-fast inference | | Mistral | Mistral Large, Codestral | European data residency | | DeepSeek | DeepSeek V3, R1 | Cost-effective alternative | | OpenRouter | 100+ models | Single API, any model | | Together AI | Open-source models | Fine-tuning support | | Ollama | Any GGUF model | Fully offline, local-only | | LM Studio | Any local model | Desktop GUI + API server | | vLLM | Any HuggingFace model | Self-hosted, GPU-optimized | | Any OpenAI-compatible | — | Custom endpoints welcome |

Air-gapped environments? Run CyberStrike entirely offline with Ollama or LM Studio. No data leaves your machine — ever.

Skills System — 7,300+ Actionable Security Tests

CyberStrike doesn't just give agents generic security knowledge — it loads domain-specific skills on-demand with zero context pollution.

What's a skill? A skill is a structured test procedure that includes:

  • Target methodology (OWASP WSTG, MITRE ATT&CK, CIS Benchmark, NIST)
  • Copy-paste ready test commands
  • Tool references and dependencies
  • Remediation guidance
  • CWE mappings and severity ratings

Coverage:

| Framework | Skills | What It Includes | | ------------------ | ------ | ----------------------------------------------------------------------------------- | | MITRE ATT&CK | 691 | Enterprise tactics + 2,000+ Atomic Red Team tests (Kerberoasting, LSASS dump, etc.) | | CIS Benchmarks | 1,500+ | Cloud (AWS/Azure/GCP), Containers (Docker/K8s), OS (Ubuntu), Server (Apache/Nginx) | | OWASP WSTG | 125 | Web app security testing (XSS, SQLi, AuthN, AuthZ, Session, API) | | NIST | 200+ | Security controls and compliance frameworks |

Lazy Loading — Skills load only when needed. An agent testing for Kerberoasting pulls T1558.003 skill (7 Atomic tests) into context, runs the tests, then discards it. Next test = new skill. Zero bloat.

Search & Discovery — Built-in skill search with relevance scoring. Query by keyword, tech stack, CWE ID, or category. 7,633 skills indexed in-memory.

# Example: Agent loads T1558.003 Kerberoasting skill
Skill: T1558.003 - Kerberoasting
Tests: 7 Atomic Red Team test scenarios
Tools: Invoke-Kerberoast.ps1, Rubeus, setspn
Platforms: Windows

Read more: MITRE ATT&CK Integration, CIS Benchmarks

What Makes It Different

7,300+ Security Skills, Not Generic Prompts

CyberStrike agents don't improvise — they follow proven methodologies with lazy-loaded skills. Testing for Kerberoasting? Load T1558.003 (7 Atomic Red Team tests). Auditing Docker? Load CIS Docker v1.8.0 (118 controls). Agents pull exactly what they need, execute structured test procedures with copy-paste commands, then discard. Zero context pollution. Real pentest frameworks: MITRE ATT&CK, CIS Benchmarks, OWASP WSTG, NIST.

Intelligence Layer, Not Just an LLM Wrapper

Most AI security tools are thin wrappers that send your prompt to an API. CyberStrike's intelligence layer normalizes outputs across 15+ providers, guards context between test phases, auto-detects your provider configuration, and orchestrates multi-step attack chains. The result: consistent, methodology-driven pentesting regardless of which model you use.

Any LLM, Zero Lock-in

Anthropic, OpenAI, Google, Amazon Bedrock, Azure, Groq, Mistral, DeepSeek, OpenRouter, Together AI — or run fully offline with Ollama and LM Studio. You choose the model. You own the results. As AI models get better and cheaper, CyberStrike gets better with them. Switch providers in seconds without reconfiguring anything.

Remote Tool Execution with Bolt

Your security tools don't have to run on your laptop. Deploy Bolt on one or many remote servers, pair with Ed25519 keys, and control everything from your local terminal. One CyberStrike instance can orchestrate dozens of Bolt servers — each with its own toolkit, network position, and attack surface access.

Agents

Switch between agents with Tab. Each one is a domain specialist.

| Agent | Focus | What It Does | | ---------------------- | ------- | ------------------------------------------------------------------- | | cyberstrike | General | Full-access primary agent — reconnaissance, exploitation, reporting | | web-application | Web | OWASP Top 10, WSTG methodology, API security, session testing | | mobile-application | Mobile | Android/iOS, Frida/Objection, MASTG/MASVS compliance | | cloud-security | Cloud | AWS, Azure, GCP — IAM misconfigs, CIS benchmarks, exposed resources | | internal-network | Network | Active Directory, Kerberos attacks, lateral movement, pivoting |

Plus 8 specialized proxy testers that intercept and manipulate traffic for targeted vulnerability classes:

IDOR · Authorization Bypass · Mass Assignment · Injection · Authentication · Business Logic · SSRF · File Attacks

Each proxy tester follows a structured methodology: intercept traffic, identify patterns, generate test cases, execute attacks, and report findings with evidence.

Web UI & Remote Access

Run cyberstrike web and control your agents, MCP servers, Bolt connections, and vulnerability findings from any browser. Access from anywhere with Cloudflare Tunnel — zero open ports, end-to-end encryption, password-protected API. Your data stays on your machine.

export CYBERSTRIKE_SERVER_PASSWORD=your-secure-password
cyberstrike web

Use app.cyberstrike.io (static page, no backend) or self-host from packages/app/dist/.

See the full README for the complete security model.

Bolt — Remote Tool Execution

Bolt is CyberStrike's remote tool server. Deploy it on any VPS, cloud instance, or Docker container — then control it from your local terminal over MCP protocol with Ed25519 authentication.

One CyberStrike, many Bolt servers:

                                          ┌─────────────────────┐
                                     ┌───►│  Bolt Server #1     │
                                     │    │  nmap, nuclei, ffuf  │
┌──────────────────┐   MCP + Ed25519 │    └─────────────────────┘
│  Your Terminal   │   over HTTPS    │    ┌─────────────────────┐
│  CyberStrike TUI │ ◄─────────────►├───►│  Bolt Server #2     │
│                  │   Tool Results   │    │  sqlmap, burp, zap   │
└──────────────────┘                 │    └─────────────────────┘
                                     │    ┌─────────────────────┐
                                     └───►│  Bolt Server #3     │
                                          │  Custom toolkit      │
                                          └─────────────────────┘
  • Deploy anywhere — VPS, Docker, Kubernetes, or bare metal with pre-built Kali images
  • Ed25519 key pairing — No passwords, no shared secrets, no attack surface
  • Real-time streaming — Results flow back to your TUI as they happen
  • Manage from TUI — Add, remove, and monitor Bolt servers without leaving CyberStrike
  • Scale horizontally — Run heavy scans from servers with better bandwidth while you work locally

MCP Ecosystem

CyberStrike connects to specialized MCP servers that extend its capabilities — 176+ security tools across 5 domains:

| Server | Tools | What It Adds | | ---------------------------------------------------------------------- | ----- | -------------------------------------------------------------------- | | cloud-audit-mcp | 38 | Cloud security audits — 60+ checks across AWS, Azure, GCP | | github-security-mcp | 39 | GitHub security posture — repo, org, actions, secrets, supply chain | | cve-mcp | 23 | CVE intelligence — NVD, EPSS, CISA KEV, GitHub Advisory, OSV | | osint-mcp | 37 | OSINT recon — Shodan, VirusTotal, SecurityTrails, Censys, DNS, WHOIS |

All open source. All installable with npx. Plug them into CyberStrike or use them standalone with any MCP-compatible client.

Built-in Tools

CyberStrike agents have direct access to 30+ tools without any external dependencies:

| Category | Tools | | --------------- | --------------------------------------------------------------- | | Execution | Shell (bash), file read/write/edit, directory listing | | Discovery | Web fetch, web search, code search, glob, grep | | Security | Vulnerability reporting (HackerOne format), evidence collection | | Proxy | HTTP/HTTPS interception, request replay, traffic analysis | | Integration | MCP servers, Bolt remote tools, custom plugins |

Plus a plugin SDK — build your own agents and tools, register them at runtime.

Installation

# npm (recommended)
npm i -g @cyberstrike-io/cyberstrike@latest

# bun / pnpm / yarn
bun add -g @cyberstrike-io/cyberstrike@latest

# macOS (Homebrew)
brew install CyberStrikeus/tap/cyberstrike

# Windows (Scoop)
scoop install cyberstrike

# Linux / macOS (curl)
curl -fsSL https://cyberstrike.io/install | bash

Who Is This For?

  • Pentesters — Automate the repetitive parts. Let agents handle recon and initial testing while you focus on the creative attack chains that need human intuition.
  • Bug Bounty Hunters — Faster reconnaissance, wider coverage, consistent methodology across programs. CyberStrike doesn't get tired at 3am.
  • Security Teams — Run structured OWASP assessments with reproducible methodology. Get reports that map to standards your compliance team understands.
  • Security Researchers — Extend CyberStrike with custom agents and MCP servers. The plugin system and MCP protocol make it a platform, not just a tool.

Contributing

CyberStrike is built by the security community, for the security community. We welcome contributions across:

  • Security agents and skills — New attack methodologies, testing patterns, vulnerability detection
  • MCP servers — Connect new security tools and data sources
  • Knowledge base — WSTG, MASTG, PTES, CIS methodology guides
  • Core improvements — Performance, UX, provider integrations, bug fixes

Read the Contributing Guide before submitting a PR. All contributions must follow the project's ethical use policy — CyberStrike is for authorized security testing only.

License

AGPL-3.0-only — Free for personal and open-source use. Commercial licensing available via [email protected].

MCP Security Suite

CyberStrike is the core platform. These MCP servers extend its capabilities:

| Project | Domain | Tools | | ---------------------------------------------------------------------- | --------------------------------------- | ------------------------------------------- | | CyberStrike | Autonomous offensive security agent | 7,300+ skills (MITRE, CIS, OWASP, NIST) | | cloud-audit-mcp | Cloud security (AWS/Azure/GCP) | 38 tools, 60+ checks | | github-security-mcp | GitHub security posture | 39 tools, 45 checks | | cve-mcp | Vulnerability intelligence | 23 tools, 5 sources | | osint-mcp | OSINT & reconnaissance | 37 tools, 12 sources |