Open Source · Built with zero budget

The security swarm
nobody built.
Until now.

9 specialized AI agents. Plain English. Kali-grade tools. Runs on your laptop. Legal by design. Built by one person with zero budget.

Get CIPHER Free → See the Agents
cipher> scan my website mycompany.com
[GHOST] DNS: 104.21.8.45 | 6 open ports | Cloudflare detected
[SPECTER] crt.sh: 12 subdomains | robots.txt: 4 hidden paths
[SCANNER] MEDIUM: Missing CSP header — XSS risk elevated
[SCANNER] HIGH: .env file exposed at /api/.env
[LEDGER] Report saved → cipher_output/mission_report.md
Mission complete. 14 findings. Risk Level: HIGH
9
Specialized
Agents
$0
Cost to
Get Started
26/26
Tests
Passing
5
AI Providers
Supported
The Swarm

9 agents. 1 mission.
Nothing escapes.

Each agent is a specialist. The Commander understands your plain English request and deploys them in parallel.

Recon Agent
GHOST
Maps every open door. DNS, ports, tech stack, subdomains, security headers — all in one sweep.
nmapamasswhatwebsocket
OSINT Agent
SPECTER
Hunts what the internet already exposed. Cert transparency, robots.txt secrets, email harvesting, Google dorks.
crt.shtheHarvestershodan
Vuln Agent
SCANNER
Systematic vulnerability detection. CVEs, misconfigs, exposed files, SSL issues — OWASP Top 10 coverage.
niktonucleissl-check
Script Agent
FORGE
When no tool covers a gap, FORGE writes the script. AST-validated. Sandbox-tested. Then deployed.
python3ast-validatorsandbox
AI-vs-AI Agent
MIRROR
Tests AI systems for prompt injection, tool-call exfiltration, memory poisoning. OWASP LLM Top 10.
prompt-injectLLM01–LLM10
Intelligence Agent
NEURON
Self-upgrading knowledge base. Ingests CVE feeds hourly from NVD. Stores techniques locally.
NVD APIExploitDBMITRE
Report Agent
LEDGER
Transforms raw findings into plain English reports. CVSS scores, remediation steps, developer tickets.
cvss-scorermarkdownjson
Master Brain
COMMANDER
Understands plain English. Builds the mission plan. Delegates to all agents. Synthesizes everything.
AnthropicGeminiGroqOpenAI
How It Works

From plain English
to pentest report.

No CLI expertise. No setup complexity. Just tell CIPHER what you want to test.

01
You speak
Plain English. "Test my API" or "scan my VPS". CIPHER parses intent and extracts scope.
02
Commander plans
Builds a mission graph. Assigns agents. Validates authorization. Locks the scope cryptographically.
03
Agents deploy
All agents fire in parallel. GHOST maps, SPECTER hunts, SCANNER tests. Results flow through the message bus.
04
Swarm adapts
Findings trigger new agents. SCANNER finds SQLi → FORGE writes a custom test script. Nothing static.
05
LEDGER reports
Full pentest report: CVSS scores, fix recommendations, developer tickets. In your language.
FORGE Agent

Writes its own exploit scripts when no tool exists

Most security tools are limited by their tool registry. CIPHER isn't. When FORGE detects a capability gap, it generates a Python script, validates it through AST analysis, sandbox-tests it, and deploys it — all in seconds.

Works with or without an API key. With a key: AI-generated scripts. Without: template library with subdomain enum, port scan, header check, directory fuzzing.

# FORGE — autonomous script generation def generate(gap, target, scope): spec = analyze_gap(gap, target) code = llm_codegen( task=spec, constraints=["no_destructive"] ) ast_validate(code) # safety check sandbox_test(code) # isolated run scope_check(code, scope) result = execute(code, target) neuron.store(gap, code, result) return result
MIRROR Agent

The only tool that red-teams other AI systems

88% of organizations report AI agent security incidents. Zero consumer tools test for them. MIRROR sends 10 attack payloads covering the OWASP LLM Top 10 — prompt injection, tool-call exfiltration, memory poisoning, jailbreaks.

Works against any HTTP endpoint — configure the request format for your AI app.

# MIRROR — OWASP LLM Top 10 tests def red_team(ai_url, scope): results = parallel_test([ prompt_inject(ai_url), # LLM01 output_handling(ai_url), # LLM02 sensitive_data(ai_url), # LLM06 excessive_agency(ai_url), # LLM08 jailbreak_chains(ai_url), # LLM01+ ]) return triage(results)
Pricing

Start free.
Upgrade when you grow.

CIPHER is open source. The core swarm is free forever. Hosted tiers coming soon.

Tier 0
Open Source
$0 / forever
Run locally. Full swarm. All 9 agents. All tools.
  • Full source code
  • CLI + Web UI
  • All 9 agents
  • Multi-provider AI
  • Unlimited local scans
COMING SOON
Tier 1
Builder
$49 / month
Developers & solo founders who want hosted scanning.
  • Cloud hosted
  • 20 scans/month
  • 5 targets
  • FORGE scripts
  • PDF reports
Tier 2
Defender
$199 / month
SMBs who want continuous automated security testing.
  • Unlimited scans
  • 25 targets
  • All 9 agents
  • MIRROR AI audits
  • Compliance reports
Built by
KI
Kebron Isaias
Builder · Security Enthusiast · Zero Budget Founder
Built CIPHER from scratch with zero budget, zero team, and a laptop. The idea: enterprise-grade security intelligence should be accessible to every developer, SMB, and student — not just companies with $50K security budgets. Building in public. Every commit, every failure, every win.
LinkedIn GitHub Email

Start scanning.
Right now. Free.

Clone the repo, run install.sh, and your swarm is live in under 5 minutes.

⭐ Star on GitHub Quick Install →