🔐 What is Kevin?

Kevin is an open-source, terminal-native AI cybersecurity specialist built for security professionals, penetration testers, bug bounty hunters, and developers who take security seriously.

Kevin isn't a general-purpose chatbot. Kevin is a focused, sharp, no-nonsense security expert that lives in your terminal — ready to audit your code, hunt vulnerabilities, harden your infrastructure, and guide you through offensive and defensive operations.

Think of Kevin as your senior pentester on a caffeine drip — available 24/7.

🎯 Key Capabilities

• 🔴 Offensive Security — Recon, enumeration, exploit development, attack chaining, privilege escalation, evasion techniques.
• 🔵 Defensive Security — Hardening, detection engineering, incident response, threat hunting, forensics, compliance.
• 🟣 Purple Team Ops — Adversarial simulation with simultaneous detection validation and coverage mapping.
• 🛡️ Code Auditing — OWASP Top 10 scanning, secret detection, dependency vulnerability analysis, crypto auditing.
• 📋 Professional Reporting — CVSS scoring, MITRE ATT&CK mapping, compliance gap analysis, vulnerability reports.

⚡ Quick Start

📦 Installation

Kevin is distributed as a high-performance native binary via NPM. You do not need Bun or Node installed to run it (only to install it).

# Install globally via NPM
npm install -g @suvijya/kevin

# Or run instantly without installing
npx @suvijya/kevin

Once installed, launch Kevin from any terminal:

[!TIP] Remove versions older than 0.1.x before installing.

Once installed, launch Kevin:

kevin

Kevin will greet you with:

"Kevin online. Cybersecurity specialist, ready to hunt. What are we breaking — or fixing — today?"

| Platform | Download | | :--- | :--- | | macOS (Apple Silicon) | kevin-desktop-darwin-aarch64.dmg | | macOS (Intel) | kevin-desktop-darwin-x64.dmg | | Windows | kevin-desktop-windows-x64.exe | | Linux | .deb, .rpm, or AppImage |

🤖 Specialized Security Agents

Kevin now features a registry of specialized agents tailored for different security workflows. Mention them using @ to switch personas:

| Agent | Purpose | Networking | | :--- | :--- | :--- | | @advisor | Passive analysis, code review, and safe discovery. | Offline | | @audit | Compliance checks and static vulnerability scanning. | Private | | @lab | Experimental research and local network/LAN testing. | Host/LAN | | @engagement | Active offensive operations (requires scope). | Scoped |

🏗️ Secure Docker Sandbox

Kevin executes all security tools (nmap, nuclei, semgrep, etc.) inside a hardened Docker sandbox. This ensures your host machine remains untouched and provides a clean, isolated environment for every scan.

🛡️ Security Features:

• No-Root Execution: Tools run as a non-privileged kevin user.
• Capability Dropping: All dangerous Linux capabilities are dropped by default.
• Smart-Networking: Automatically promotes to host networking for local/LAN scans while keeping external scans isolated.
• Policy Enforcement: Built-in guardrails prevent accidental damage and enforce scope boundaries.

🚀 Sandbox Setup:

Before your first scan, initialize the security environment (Ensure that docker is running in your system):

kevin sandbox build

⚔️ Slash Commands

🔍 Reconnaissance & Analysis

| Command | Description | | :--- | :--- | | /recon <target> | Passive recon — subdomains, DNS, WHOIS, tech stack fingerprinting | | /enumerate <target> | Active enumeration — directories, parameters, API endpoints, users | | /attack-surface | Map every input, endpoint, trust boundary, and external dependency | | /headers <url> | Analyze HTTP security headers and grade them | | /cve <software> | Look up known CVEs ranked by severity |

🛡️ Code Auditing & Hardening

| Command | Description | | :--- | :--- | | /audit | Deep security audit — OWASP Top 10, injection points, logic flaws | | /secrets | Scan for leaked API keys, tokens, passwords, private keys | | /harden <file> | Suggest security hardening for a specific file or configuration | | /deps | Analyze project dependencies for known vulnerabilities | | /crypto-check | Audit cryptographic implementations and algorithms |

🏗️ Technical Edge

• 100% Open Source: No black boxes. Audit the auditor.
• Provider Agnostic: Use Kevin with Claude, OpenAI, Gemini, or local models (Ollama/Llama.cpp).
• LSP Integration: Out-of-the-box support for language servers and deep code understanding.
• TUI Focused: Built by neovim users for terminal power users. High-performance terminal interface.
• Remote Ops: Client/server architecture allows driving Kevin remotely from any interface.

⚖️ License

Kevin is released under the MIT License.

Credits: https://github.com/anomalyco/opencode

Join the Protocol: Discord | X.com | Documentation