85 specialized agents orchestrate reconnaissance, vulnerability detection, exploitation, and reporting — covering the full OWASP WSTG test suite. No API key required — use free models or bring your own (Anthropic, OpenAI, Google, GitHub, and more).
Dristi combines autonomous reasoning with industry-standard security tools to automate the entire bug bounty workflow.
Subdomain enumeration, live host discovery, tech fingerprinting, parameter extraction — surface every attack vector.
96+ OWASP WSTG tests automated across 12 categories — from information gathering to client-side testing.
Hunt-XSS, hunt-SQLi, hunt-SSRF — each vulnerability class has a dedicated agent with deep domain expertise. Works with free models or your own API key.
Phase 8 EXPLOIT systematically validates findings with real PoCs before they enter your report.
Risk-scored endpoint queue, attack chain discovery, and automated severity grading keep you focused on what matters.
CVSS-scored findings with evidence, PoC output, remediation guidance — ready for client delivery or H1 submission.
No complex setup. No endless configuration. Install, configure, and start hunting.
One command installs 60+ security tools — Go binaries, Python packages, Cargo crates, and wordlists.
curl -sSL https://dristi.sh/install | bash
Set up your OpenCode config, agent definitions, and API credentials in one interactive session.
./dristi setup --target example.com
Launch the full pipeline or target specific vulnerability classes with dedicated hunt agents.
dristi hunt --scope "*.example.com"
From reconnaissance to reporting — every phase has dedicated specialists.