Hacker.AI is a next-generation cybersecurity platform that combines Autonomous AI Pentesting with Proactive Intelligent Defense (Smart SOC) to deliver a continuous security model β from vulnerability discovery to autonomous remediation.
- Overview
- Key Features
- Architecture
- Tech Stack
- Project Structure
- Dashboard
- AI Pentester Pipeline
- Smart SOC Work.0 low
- Docker Sandboxing
- Database Schema
- Getting Started
- Environment Variables
- Scripts
Traditional security scanners follow rigid, rule-based scripts that miss 0-day chains and complex business logic vulnerabilities. Hacker.AI replaces this with LLM-powered autonomous agents that reason through environments, adapt tactics in real-time, and escalate privileges through creative chain-of-thought processing.
The platform operates on two fronts:
| Mode | Purpose |
|---|---|
| AI Pentester | Offensive β autonomous vulnerability discovery and exploitation |
| Smart SOC | Defensive β continuous monitoring and autonomous patching |
| Feature | Description |
|---|---|
| AI Pentester | Autonomous Main Agent that orchestrates offensive strategies, selects tools (Nmap, Metasploit, SQLMap), and spawns isolated sub-agents |
| Smart SOC | Self-installing defense agent that deploys via SSH, performs periodic scans, and autonomously patches vulnerabilities |
| Contextual Awareness | Agents leverage company-specific context (infrastructure, tech stack) for strategic decision-making |
| Docker Sandboxing | Every sub-agent runs in an ephemeral Docker container with dynamic tool provisioning |
| Async Orchestration | Celery + RabbitMQ for massive parallelization of offensive and defensive tasks |
| Real-time Terminal | Live xterm.js terminal streaming sub-agent activity directly to the dashboard |
| Automated Reporting | AI-generated vulnerability reports with severity classification and remediation guidance |
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β FRONTEND (Next.js 16) β
β Landing Page βββ Auth βββ Dashboard βββ Docs β
β β β β β
β β Better Auth βββ Overview β
β β βββ Pentester (Attack UI) β
β β βββ Systems (SSH Management) β
β β βββ Reports (AI-Generated) β
β β βββ Context (Company Intel) β
ββββββββββββββ¬βββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββ
β tRPC + React Query
β β
ββββββββββββββΌβββββββββββββββββββββββΌββββββββββββββββββββββββββββββ
β API LAYER (tRPC Routers) β
β pentester.ts ββ overview.ts ββ reports.ts ββ systems.ts β
ββββββββββββββ¬βββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββ
β β
βββββββββΌββββββββ ββββββββββΌβββββββββ
β Inngest β β PostgreSQL β
β (Event Fn) β β (Drizzle ORM) β
βββββββββ¬βββββββββ βββββββββββββββββββ
β
βββββββββΌβββββββββ
β RabbitMQ β
β (Message Q) β
βββββββββ¬βββββββββ
β
ββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββ
β BACKEND (Python / Celery Workers) β
β β
β ββββββββββββββββ βββββββββββββββββ ββββββββββββββββββββ β
β β Main Agent βββββΆβ Sub-Agents βββββΆβ Docker Containersβ β
β β (LangGraph) β β (LangGraph) β β (Ephemeral) β β
β ββββββββββββββββ βββββββββββββββββ ββββββββββββββββββββ β
β β β
β ββββββββΌββββββββ βββββββββββββββββ β
β β SSH Controllerβ βContext Managerβ β
β β (Paramiko) β β(LLM Trimming) β β
β ββββββββββββββββ βββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| Technology | Purpose |
|---|---|
| Next.js 16 | App Router, React 19, Server Components |
| tRPC v11 | End-to-end typesafe APIs |
| React Query | Server state management and caching |
| Tailwind CSS v4 | Styling with custom red hacker theme |
| Framer Motion | Animations and transitions |
| Radix UI + shadcn/ui | Accessible component primitives |
| xterm.js | Real-time terminal rendering |
| Better Auth | Authentication (email/password) |
| Inngest | Serverless event-driven workflows |
| Technology | Purpose |
|---|---|
| Python 3.13 | Core runtime |
| LangGraph + LangChain | Agentic AI framework (ReAct agents) |
| Celery | Distributed task queue for agent execution |
| RabbitMQ | Message broker for task distribution |
| Docker SDK | Container lifecycle management |
| Paramiko | SSH connections for Smart SOC deployment |
| Pyte | Terminal emulation and ANSI parsing |
| Technology | Purpose |
|---|---|
| PostgreSQL | Primary database |
| Drizzle ORM | Type-safe schema management and migrations |
| Upstash Redis | Caching and real-time flags (force-stop) |
| Docker | Sandboxed execution environments |
Hacker-AI/
βββ app/ # Next.js App Router
β βββ (auth)/ # Login & Register pages
β βββ api/ # API routes (tRPC, auth, inngest)
β βββ dashboard/ # Main dashboard
β β βββ _components/
β β β βββ sections/
β β β β βββ overview.tsx # System overview cards
β β β β βββ pentester.tsx # Attack creation & monitoring
β β β β βββ systems.tsx # SSH system management
β β β β βββ reports.tsx # AI-generated reports
β β β β βββ context.tsx # Company context input
β β β β βββ settings.tsx # User settings
β β β βββ sidebar.tsx # Navigation sidebar
β β β βββ section-header.tsx # Reusable section header
β β βββ pentester/ # Live pentester terminal view
β βββ docs/ # Technical documentation page
β βββ page.tsx # Landing page
β
βββ backend/ # Python AI Engine
β βββ main.py # Celery worker & AI orchestrator
β βββ agent.py # Main Agent (LangGraph ReAct)
β βββ sub_agent.py # Sub-Agent with Docker tools
β βββ docker_controller.py # Docker container management
β βββ ssh_controller.py # SSH session management
β βββ context_manager.py # LLM context trimming
β βββ prompts.py # System prompts for agents
β βββ db_manager.py # Database operations
β βββ logger.py # Structured logging
β
βββ trpc/ # tRPC API Layer
β βββ routers/
β β βββ pentester.ts # Attack CRUD & control
β β βββ overview.ts # Dashboard statistics
β β βββ reports.ts # Report generation & management
β β βββ systems.ts # System CRUD
β βββ init.ts # Router initialization
β βββ server.ts # Server context
β
βββ db/ # Database Layer
β βββ schema.ts # Drizzle schema definitions
β βββ relations.ts # Table relationships
β βββ index.ts # DB client export
β
βββ inngest/ # Event-Driven Workflows
β βββ client.ts # Inngest client
β βββ functions.ts # Attack & Report workflows
β
βββ toolkit/ # Smart SOC Toolkit
β βββ install.sh # Systemd service installer
β βββ main.py # Monitoring agent script
β
βββ components/ # Shared UI Components
β βββ hero.tsx # Landing page hero
β βββ navbar.tsx # Navigation bar
β βββ features.tsx # Features showcase
β βββ ui/ # shadcn/ui primitives
β
βββ lib/ # Shared Utilities
βββ auth.ts # Better Auth server config
βββ auth-client.ts # Auth client helpers
βββ rabbitmq.ts # RabbitMQ publisher
βββ redis.ts # Redis client
βββ utils.ts # General utilities
The dashboard is the central control center, organized into focused sections:
| Section | Description |
|---|---|
| Overview | At-a-glance stats β total attacks, active scans, systems monitored, vulnerabilities found |
| Pentester | Create attacks by specifying targets, attack vectors, and custom notes. Monitor live sub-agent terminals |
| Systems | Register and manage servers via SSH credentials for Smart SOC deployment |
| Reports | Generate AI-powered security reports from completed attacks or system scans |
| Context | Provide company-specific intelligence (tech stack, infrastructure, policies) to enhance agent decision-making |
| Settings | Profile management and account configuration |
The offensive pipeline follows a four-stage execution model:
ββββββββββββββββ βββββββββββββββββ ββββββββββββββββ ββββββββββββββββββ
β 1. Objective βββββΆβ 2. Tactical βββββΆβ 3. Docker βββββΆβ 4. Exploitationβ
β Ingestion β β Reasoning β β Swarming β β Loop β
β β β β β β β β
β Inngest event β β LLM analyzes β β Spawn ephm. β β Feedback from β
β β RabbitMQ β β target + ctx β β containers β β sub-agents β β
β β Celery β β β strategy β β per tool β β pivot/escalate β
ββββββββββββββββ βββββββββββββββββ ββββββββββββββββ ββββββββββββββββββ
Main Agent Tools: create_subagent, send_message, check_subagent_status, get_subagent_findings, list_subagents, stop_subagent, finalize_report, wait
Sub-Agent Tools: execute_command, read_terminal, wait_for_output, send_keys, check_messages, mark_step_completed, report_finding, report_to_main
The defensive pipeline provides continuous autonomous protection:
SSH Discovery β Agent Deployment β Continuous Auditing β Dashboard Reporting β Autonomous Patching
- SSH Discovery & Deployment β Agent connects via Paramiko, installs the monitoring subsystem as a
systemdservice - Continuous Auditing β Periodic scans of the local system, kernel, and active services
- Dashboard Reporting β Vulnerabilities reported in real-time with severity and impact analysis
- Autonomous Patching β User clicks "Fix Now" β agent executes targeted remediation scripts
Hacker.AI moves beyond "vulnerability detection" to "vulnerability verification". We solve the industry-wide problem of false positive fatigue through three core pillars:
Standard scanners flag version banners. Hacker.AI agents flag outcomes. The AI Pentester doesn't report a vulnerability until a sub-agent verifies it through a safe exploitation loop or proof-of-concept. If an exploit doesn't trigger, the risk is downgraded.
The Smart SOC agent runs locally on your servers. It doesn't guess based on network packets; it audits real-time process states, configuration files on disk, and kernel-level vulnerabilities. This eliminates 99% of network-artifact noise.
By utilizing the Context Dashboard, the AI understands your environment. It won't flag deliberate "internal-only" shortcuts or "test-bench" configurations if you've marked them as intentional, allowing your team to focus on real external threats.
Every sub-agent operates in complete isolation:
- Ephemeral Lifecycle β Containers are created per-task and destroyed on completion
- Dynamic Tool Provisioning β Tools are installed inside containers only when the attack vector requires them
- Network Segregation β Isolated virtual networks prevent unauthorized lateral movement
- Resource Quotas β CGroup limits on CPU/RAM protect host stability
| Table | Purpose |
|---|---|
user |
User accounts with email verification |
session / account |
Better Auth session and OAuth management |
attack |
Pentesting engagements with targets, vectors, status, and final report |
attack_vm |
Individual sub-agent containers with task, terminal buffer, and findings |
system |
Registered servers with SSH credentials for Smart SOC |
vulnerability |
Discovered vulnerabilities linked to systems, with fix status tracking |
report |
Generated security reports linked to users |
- Node.js 20+ / Bun 1.0+
- Python 3.13+
- Docker (running daemon)
- PostgreSQL database
- RabbitMQ instance
- Redis instance (Upstash recommended)
# Install dependencies
bun install
# Push database schema
bun run db:push
# Start development server
bun run devcd backend
# Install Python dependencies (using uv)
uv sync
# Start the Celery worker
celery -A main worker --loglevel=infobun run inngestCreate a .env file in the project root:
# Database
DATABASE_URL=postgresql://...
# Authentication
BETTER_AUTH_SECRET=your-secret-key
# Message Queue
RABBITMQ_URL=amqp://...
# Cache / Real-time
REDIS_URL=redis://...
UPSTASH_REDIS_REST_URL=https://...
UPSTASH_REDIS_REST_TOKEN=...
# AI Models
GROQ_API_KEY=your-groq-key
# Inngest
INNGEST_EVENT_KEY=your-event-key| Command | Description |
|---|---|
bun run dev |
Start Next.js dev server |
bun run build |
Production build |
bun run db:generate |
Generate Drizzle migrations |
bun run db:push |
Push schema to database |
bun run db:studio |
Open Drizzle Studio GUI |
bun run inngest |
Start Inngest dev server |
Built by the Hacker.AI Team




