{"id":13618,"date":"2026-06-15T10:03:42","date_gmt":"2026-06-15T10:03:42","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/06\/15\/secsuite-ai-powered-tool-for-osint-web-and-api-security-testing\/"},"modified":"2026-06-15T10:03:42","modified_gmt":"2026-06-15T10:03:42","slug":"secsuite-ai-powered-tool-for-osint-web-and-api-security-testing","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/06\/15\/secsuite-ai-powered-tool-for-osint-web-and-api-security-testing\/","title":{"rendered":"SecSuite \u2013 AI-powered Tool for OSINT, Web and API Security Testing"},"content":{"rendered":"

SecSuite \u2013 AI-powered Tool for OSINT, Web and API Security Testing
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

A new open-source security platform called\u00a0SecSuite, developed under the\u00a0TheSecuredAnalyst\u00a0project, has been released, combining OSINT reconnaissance, web vulnerability scanning, API security assessment, compliance checking, and AI-powered analysis into a single unified toolkit.<\/p>\n

Available on GitHub at\u00a053cur3dL34rn\/security-suite<\/code>, the tool targets security professionals, penetration testers, and red teams who need a modular, extensible suite capable of running entirely offline with local AI models.<\/p>\n

SecSuite v0.1.0 ships with\u00a011 OSINT modules,\u00a06 web security scanners, and\u00a04 API security testing tools<\/a>,\u00a0all accessible from a unified CLI or a REST API built on FastAPI.<\/p>\n

The platform supports AI-powered analysis via three providers:\u00a0Ollama\u00a0(for fully local, offline inference),\u00a0Anthropic Claude, and\u00a0OpenAI GPT. This AI layer enables automated correlation finding, executive summary generation, and interactive LLM-driven remediation workflows, making it one of the more complete open-source security suites available today.<\/p>\n

The tool is designed with minimal friction in mind. A single setup script (setup.sh<\/code>\u00a0on Linux\/macOS or\u00a0setup.ps1<\/code>\u00a0on Windows) Handles the entire installation chain: Python, all dependencies, Ollama, and a local AI model with no administrator privileges required on Windows.<\/p>\n

SecSuite\u2019s capabilities span the full attack surface reconnaissance and testing lifecycle:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n
Module<\/th>\nCapabilities<\/th>\nIntegrations<\/th>\n<\/tr>\n<\/thead>\n
OSINT (11 modules)<\/td>\nDNS, WHOIS, subdomain discovery, port scanning, tech detection, email harvesting<\/td>\nnmap, Shodan, VirusTotal<\/td>\n<\/tr>\n
Web Scanner (6 modules)<\/td>\nXSS, SQLi, directory bruteforce, SSL\/TLS analysis, crawling<\/td>\nNuclei<\/td>\n<\/tr>\n
API Security (4 modules)<\/td>\nOpenAPI parsing, auth bypass, JWT testing, BOLA\/IDOR, endpoint fuzzing<\/td>\nREST API<\/td>\n<\/tr>\n
AI Analysis<\/td>\nFinding correlation, executive summaries, interactive remediation<\/td>\nOllama, Anthropic, OpenAI<\/td>\n<\/tr>\n
SIEM Integration<\/td>\nLog forwarding, alerting, webhook delivery<\/td>\nSplunk, Elasticsearch, Syslog, Slack\/Discord\/PagerDuty<\/td>\n<\/tr>\n
Compliance<\/td>\nOWASP Top 10, CIS Controls assessment<\/td>\n\u2014<\/td>\n<\/tr>\n
Exploit<\/td>\nCVE lookup and exploit search<\/td>\nSearchSploit, Exploit-DB<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

One of the most operationally significant capabilities in SecSuite is its\u00a0AI-driven remediation engine\u00a0(secsuite ai remediate<\/code>). Rather than producing a static report, this module scans a target, identifies findings, and interactively walks the operator through fixing each issue using a local LLM.<\/p>\n

For each finding, such as Redis running without authentication, the AI proposes specific shell commands ([CHECK]<\/code>,\u00a0[FIX]<\/code>,\u00a0[VERIFY]<\/code>) that the user can execute, edit, or skip in real time.<\/p>\n

This closes the gap between vulnerability identification and remediation, a workflow traditionally requiring separate tooling. Crucially, the entire process runs on\u00a0local models like Qwen2.5 or LLaMA 3.2 via Ollama, meaning no scan data, credentials, or infrastructure details leave the operator\u2019s environment.<\/p>\n

The\u00a0apisec<\/code>\u00a0module targets REST APIs by ingesting\u00a0OpenAPI\/Swagger specifications\u00a0and systematically testing discovered endpoints. Three sub-modules cover distinct attack vectors:<\/p>\n