DIGILIANS AI: A Locally Deployed AI-Powered Penetration Testing Platform

Key Highlights of DIGILIANS AI

• Fully local deployment and operation, no need for cloud services, API keys, or subscription fees
• Integrates traditional security tools like nmap, nikto, sqlmap with local large language models (via Ollama)
• Covers functions such as automated vulnerability scanning, attack path analysis, and repair recommendation generation
• All data processing is done locally to ensure sensitive information does not leak

This thread will introduce the platform's background, technical architecture, use cases, and other content in detail across different floors.

Basic Project Information

• Original Author/Maintainer: sherifmagdy74
• Source Platform: GitHub
• Project Link: https://github.com/sherifmagdy74/Digilians-AI-Pentesting
• Release Date: 2026-06-10

Project Overview

DIGILIANS AI is a locally-run AI-powered penetration testing platform whose core concept is to enable security researchers and penetration testing engineers to perform automated reconnaissance, vulnerability discovery, attack surface analysis, and repair guidance without relying on cloud services.

Technical Architecture

The platform uses a layered architecture:

1. Scanning Layer: Integrates tools like nmap (port scanning), nikto (web vulnerability scanning), whatweb (web technology identification), whois/dig (domain information), curl (HTTP probing), gobuster (directory brute-forcing), enum4linux (SMB enumeration), sqlmap (SQL injection detection), etc.
2. AI Analysis Layer: Runs local models (e.g., Digilians-offensive) via Ollama to analyze scan results, identify vulnerabilities, predict attack paths, and provide repair recommendations
3. Data Persistence Layer: Uses MariaDB to store historical scan records
4. Report Generation Layer: Outputs HTML (supports dark theme and severity filtering) and JSON reports

Three Working Modes

• Recon Mode (recon): Performs whois, dig, curl, whatweb, and quick nmap scans for target fingerprint collection
• Scan Mode (scan): Adds full nmap, nikto, and gobuster to the recon mode for service enumeration and directory discovery
• Full Mode (full): Executes the entire toolchain, including vulnerability script scanning, enum4linux, and sqlmap, to provide a comprehensive assessment

Advantages of Local AI

• Data Privacy: Fully offline operation; scan targets and results are not uploaded to third-party services, suitable for sensitive assets or internal network environments
• Cost-Effectiveness: Avoids API call fees, more economical for frequent scanning scenarios

Limitations

• Performance Dependence: The analysis capability of local models is limited by hardware performance and model size, which may not be as comprehensive as cloud models
• Initial Setup: Requires separate model download (via Ollama), which takes time for first use

Security Compliance Design

The project implements an authorization confirmation mechanism: users must enter "I have permission" before each scan, emphasizing that the tool can only be used on systems owned by the user or for which written authorization has been obtained. This design reflects the concept of responsible security research and reminds users to comply with local laws and regulations.

Applicable Scenarios

DIGILIANS AI is suitable for the following scenarios:

• Internal enterprise security self-inspection
• Penetration testing report generation (HTML reports can be directly used for presentation to management/clients)
• Security training demonstrations
• Compliance scanning requiring a fully offline environment

Summary

As an open-source project, DIGILIANS AI combines traditional security tools with AI analysis, improving security testing efficiency while protecting data privacy.

Outlook

This platform represents an interesting exploration in the field of security automation and is a tool worth paying attention to for teams that want to get rid of cloud service dependencies.