Wiz – AI-Powered Pentest Assistant (Open Source) (opens in new tab)

github.com·11w·Hacker News·Open original (opens in new tab)

Wiz (cyxwiz)

Your AI Security Partner - Just describe what you need. No commands to memorize. No syntax to learn.

Why Wiz Exists

Security testing shouldn’t require memorizing hundreds of tool flags and command syntaxes.

Think about it: nmap has 130+ options. Nuclei has dozens of flags. SQLMap has over 100 parameters. Now multiply that by the 30+ tools a typical assessment requires. That’s not security work - that’s a memorization exercise.

Wiz takes a different approach. Instead of learning tool syntax, you simply describe what you want to accomplish. The AI understands your intent and figures out which tools to use, how to chain them, and how to interpret the results.

You: "check if this server is vulnerable to log4j"

Wiz: Checking 192.168.1.10 for Log4Shell vulnerability...
[Running nuclei with CVE-2021-44228 templates]

Found: CRITICAL - Log4Shell (CVE-2021-44228) confirmed
The server is vulnerable to remote code execution via JNDI injection.

Recommendation: Upgrade log4j to 2.17.1+ or apply mitigations immediately.

No flags to remember. No syntax to look up. Just describe what you need.

What Wiz Does

Wiz is an AI-powered security operations assistant. You talk to it in plain English, and it:

  1. Understands your intent - Whether you say "scan for open ports" or "what services are running" - same result
  2. Selects the right tools - Picks nmap, nuclei, nikto, or whatever fits the task
  3. Chains operations intelligently - Finds a web server? Automatically suggests vulnerability checks
  4. Explains results clearly - No raw output dumps, just actionable insights
  5. Tracks everything - Every finding, every command, ready for your report

Talk, Don’t Type Commands

Here’s how a real conversation with Wiz looks:

You: "I need to test this web application at https://target.com"

Wiz: I'll start with reconnaissance. Let me:
1. Check what technologies it's running
2. Look for common vulnerabilities
3. Test the authentication mechanisms

Starting now...

[After scanning]

Here's what I found:
- Running WordPress 5.8.1 (outdated - current is 6.4)
- 3 plugins with known vulnerabilities
- Admin login page exposed at /wp-admin
- No rate limiting on login attempts

Want me to dig deeper into any of these?

You: "yes, check those plugin vulnerabilities"

Wiz: Looking at the vulnerable plugins...

CRITICAL: Contact Form 7 < 5.3.2 - Unrestricted file upload
HIGH: Elementor < 3.1.2 - Authenticated XSS
MEDIUM: WooCommerce < 5.2.0 - Information disclosure

The file upload vulnerability is serious. With a valid form submission,
an attacker could upload malicious PHP files.

Should I generate a detailed report with remediation steps?

What You Can Ask

Just describe what you need in your own words:

Loading more...

Keyboard Shortcuts

Navigation
Next / previous item
j/k
Open post
oorEnter
Preview post
v
Post Actions
Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s
Recommendations
Add interest / feed
Enter
Not interested
x
Go to
Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Browse
gb
Search
/
General
Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help