The AI agent for your terminal, built to break things
infosec is an autonomous security-testing agent. Point it at a target, describe the goal, and let it run recon, find weaknesses, and prove impact — powered by uncensored models that don't refuse.
curl -fsSL https://uncensored.chat/infosec.sh | shmacOS & Linux · standalone binary · no build step
Not a chatbot in a shell
A purpose-built harness that thinks, runs tools, and adapts — the way a real operator works.
Autonomous agent
Give it a goal in plain English — "map the attack surface of this repo" — and it plans, runs tools, reads output, and iterates until the job is done.
Built for offensive security
A harness tuned for authorized recon, vulnerability discovery, and exploitation workflows — not a general chatbot bolted onto a shell.
Uncensored models
Backed by uncensored.chat models that answer real security questions instead of refusing. No hand-holding, no lectures.
Skills & plugins
Extend it with a marketplace of security skills and MCP tools. Install what you need for the engagement; toggle the rest off.
Terminal-native
Lives where you work. Pipe it, script it, run it headless in exec mode, or drive it interactively in the TUI.
Your host, your rules
A single standalone binary. Sign in from the browser, run it on your own box, and keep full control of scope and targets.
$ infosec "find hardcoded secrets and weak auth in this repo"
▸ planning · scoping the working tree
→ grep -r "api_key|secret|password" · reading 214 files
! config/services.php:73 — provider key committed in plaintext
! AuthController@login — no rate limit on credential check
▸ verifying · drafting proof-of-concept
✓ 2 confirmed findings · report written to ./infosec-report.md
$ ▋
The full kill-chain, from one prompt
It doesn't just answer questions — it works the engagement end to end.
Recon & attack surface
Enumerates the codebase, services, endpoints, dependencies, and config to map what an attacker would see.
Vulnerability discovery
Finds injection, auth gaps, secrets, insecure config, and business-logic flaws — then explains the impact.
Exploitation & PoC
Drafts working proofs-of-concept to confirm a finding is real, not a false positive.
Reverse engineering
Deep-reasoning models for binary analysis, deobfuscation, and understanding unfamiliar internals.
Tooling & MCP
Calls real tools and MCP servers — scanners, HTTP clients, your internal APIs — as part of the loop.
Reporting & sessions
Writes structured findings to disk and keeps resumable sessions so long engagements survive restarts.
Pick the right brain for the job
Uncensored, security-tuned models — switch per task with /model or in your config.
GLM 5.2 (Coding)
General coding, tool use, and security engineering. 1M context.
Effort: low · medium · high
DeepSeek V4 Pro (Reverse Eng.)
Deep reasoning for reverse engineering and binary analysis.
Effort: medium · high
The catalog is curated and admin-managed — new models appear here automatically.
Bring your own tools
Connect MCP servers, install security skills and plugins from the marketplace, and keep the agent lean with category toggles.
MCP servers
Wire in any Model Context Protocol server — remote (HTTP/SSE) or a local stdio process.
Add a remote MCP server (streamable HTTP/SSE)
Add one that needs a bearer token
Launch a local stdio server
List configured servers
Remove a server
Plugins & skills
Install curated security plugins, or point the CLI at your own git/local marketplace.
List plugins from the curated marketplace
Install a plugin
Add your own marketplace (git or local path)
Refresh a marketplace snapshot
Skills are auto-discovered SKILL.md folders — drop them in ~/.infosec/skills/ or ship them inside a plugin.
Up to 20× more usage
Agentic runs burn tokens fast. Higher plans multiply your monthly pool — measured against Basic, the 1× baseline.
Basic Plan
10M CLI tokens / month
$9 / mo
Standard Plan
50M CLI tokens / month
$69 / mo
Premium Plan
200M CLI tokens / month
$99 / mo
Questions
What is the infosec CLI?
An autonomous agent that runs in your terminal and carries out security-testing workflows — reconnaissance, vulnerability discovery, exploitation, and reverse engineering — driven by natural-language goals and powered by uncensored models.
Is this only for authorized testing?
Yes. It is intended strictly for authorized offensive-security work: your own systems, CTFs, and engagements where you have explicit permission. You are responsible for staying in scope.
How do I install it?
One command: curl -fsSL the install script and pipe it to sh. It drops a standalone binary into ~/.local/bin — no Rust toolchain, no Node, no build step. Then run `infosec` and sign in from your browser.
How does usage work?
Every plan includes a monthly pool of CLI tokens. Basic is the baseline (1×); Standard gives 5× that pool and Premium 20×. Usage resets each month, and you can see what is left any time with the /status command or on your dashboard.
Can I add my own tools and models?
Yes. Connect any MCP server (remote or local stdio), install security skills and plugins from the marketplace, and pick from the model catalog per task. Category toggles let you cap tool sprawl on large installs.
Which platforms are supported?
macOS and Linux via the install script (a PowerShell installer is available for Windows). It also ships as an npm package if you prefer that route.
Install in one command
Sign in from the browser, run it on your own host, and start testing in minutes.