---
title: infosec CLI — AI agent for authorized offensive security | Uncensored Chat
description: Run an autonomous security-testing agent from your terminal. Recon, vuln discovery, and exploitation workflows powered by uncensored models. Install in one command; usage scales up to 20× on higher plans.
url: http://uncensored.chat/infosec
canonical: https://uncensored.chat/infosec
component: infosec
generated_at: 2026-07-13T11:17:19.884923Z
---

Toggle Sidebar

[ 0](/pricing)Sign UpLogin

For authorized offensive securityThe AI agent for your terminal, built to break things
---

infosec is an autonomous security-testing agent. Point it at a target, describe the goal, and let it run recon, find weaknesses, and prove impact — powered by uncensored models that don't refuse.

`curl -fsSL https://uncensored.chat/infosec.sh | sh`

macOS & Linux · standalone binary · no build step

Get startedRead the docs

Not a chatbot in a shell
---

A purpose-built harness that thinks, runs tools, and adapts — the way a real operator works.

### Autonomous agent

Give it a goal in plain English — "map the attack surface of this repo" — and it plans, runs tools, reads output, and iterates until the job is done.

### Built for offensive security

A harness tuned for authorized recon, vulnerability discovery, and exploitation workflows — not a general chatbot bolted onto a shell.

### Uncensored models

Backed by uncensored.chat models that answer real security questions instead of refusing. No hand-holding, no lectures.

### Skills & plugins

Extend it with a marketplace of security skills and MCP tools. Install what you need for the engagement; toggle the rest off.

### Terminal-native

Lives where you work. Pipe it, script it, run it headless in exec mode, or drive it interactively in the TUI.

### Your host, your rules

A single standalone binary. Sign in from the browser, run it on your own box, and keep full control of scope and targets.

   infosec — zsh

$ infosec "find hardcoded secrets and weak auth in this repo"

▸ planning · scoping the working tree

→ grep -r "api\_key|secret|password" · reading 214 files

! config/services.php:73 — provider key committed in plaintext

! AuthController@login — no rate limit on credential check

▸ verifying · drafting proof-of-concept

✓ 2 confirmed findings · report written to ./infosec-report.md

$ ▋

What it can doThe full kill-chain, from one prompt
---

It doesn't just answer questions — it works the engagement end to end.

### Recon & attack surface

Enumerates the codebase, services, endpoints, dependencies, and config to map what an attacker would see.

### Vulnerability discovery

Finds injection, auth gaps, secrets, insecure config, and business-logic flaws — then explains the impact.

### Exploitation & PoC

Drafts working proofs-of-concept to confirm a finding is real, not a false positive.

### Reverse engineering

Deep-reasoning models for binary analysis, deobfuscation, and understanding unfamiliar internals.

### Tooling & MCP

Calls real tools and MCP servers — scanners, HTTP clients, your internal APIs — as part of the loop.

### Reporting & sessions

Writes structured findings to disk and keeps resumable sessions so long engagements survive restarts.

Model catalogPick the right brain for the job
---

Uncensored, security-tuned models — switch per task with `/model` or in your config.

### GLM 5.2 (Coding)

 Default

General coding, tool use, and security engineering. 1M context.

coding 1M context Reasoning

Effort: low · medium · high

### DeepSeek V4 Pro (Reverse Eng.)

Deep reasoning for reverse engineering and binary analysis.

reverse engineering 164K context Reasoning

Effort: medium · high

The catalog is curated and admin-managed — new models appear here automatically.

Extend itBring your own tools
---

Connect MCP servers, install security skills and plugins from the marketplace, and keep the agent lean with category toggles.

### MCP servers

Wire in any Model Context Protocol server — remote (HTTP/SSE) or a local stdio process.

Add a remote MCP server (streamable HTTP/SSE)

`infosec mcp add modelslab --url https://docs.modelslab.com/mcp`

Add one that needs a bearer token

`infosec mcp add acme --url https://mcp.acme.io --bearer-token-env-var ACME_API_KEY`

Launch a local stdio server

`infosec mcp add weather --env API_KEY=xxx -- npx -y @acme/weather-mcp`

List configured servers

`infosec mcp`

Remove a server

`infosec mcp remove modelslab`

### Plugins & skills

Install curated security plugins, or point the CLI at your own git/local marketplace.

List plugins from the curated marketplace

`infosec plugin list`

Install a plugin

`infosec plugin add <plugin-name>@<marketplace>`

Add your own marketplace (git or local path)

`infosec plugin marketplace add https://github.com/your-org/your-plugins.git`

Refresh a marketplace snapshot

`infosec plugin marketplace upgrade your-plugins`

Skills are auto-discovered SKILL.md folders — drop them in ~/.infosec/skills/ or ship them inside a plugin.

Usage that scales with youUp to 20× more usage
---

Agentic runs burn tokens fast. Higher plans multiply your monthly pool — measured against Basic, the 1× baseline.

Basic Plan

1× baseline

10M CLI tokens / month

$9 / mo

Standard Plan

5× vs Basic

50M CLI tokens / month

$69 / mo

Best valuePremium Plan

20× vs Basic

200M CLI tokens / month

$99 / mo

Compare plans

Questions
---

### What is the infosec CLI?

An autonomous agent that runs in your terminal and carries out security-testing workflows — reconnaissance, vulnerability discovery, exploitation, and reverse engineering — driven by natural-language goals and powered by uncensored models.

### Is this only for authorized testing?

Yes. It is intended strictly for authorized offensive-security work: your own systems, CTFs, and engagements where you have explicit permission. You are responsible for staying in scope.

### How do I install it?

One command: curl -fsSL the install script and pipe it to sh. It drops a standalone binary into ~/.local/bin — no Rust toolchain, no Node, no build step. Then run `infosec` and sign in from your browser.

### How does usage work?

Every plan includes a monthly pool of CLI tokens. Basic is the baseline (1×); Standard gives 5× that pool and Premium 20×. Usage resets each month, and you can see what is left any time with the /status command or on your dashboard.

### Can I add my own tools and models?

Yes. Connect any MCP server (remote or local stdio), install security skills and plugins from the marketplace, and pick from the model catalog per task. Category toggles let you cap tool sprawl on large installs.

### Which platforms are supported?

macOS and Linux via the install script (a PowerShell installer is available for Windows). It also ships as an npm package if you prefer that route.

Install in one command
---

Sign in from the browser, run it on your own host, and start testing in minutes.

`curl -fsSL https://uncensored.chat/infosec.sh | sh`Get startedDocumentation

---

*This markdown version is optimized for AI agents and LLMs.*

**Links:**
- [Website](https://uncensored.chat)
- [API Documentation](https://uncensored.chat/docs/api)
- [Characters](https://uncensored.chat/characters)
- [Pricing](https://uncensored.chat/pricing)

---
*Generated by Uncensored Chat - 2026-07-13*