v2.0

We hunt the bugs that your audits miss.

87 specialized agents orchestrate reconnaissance, vulnerability detection, exploitation, and reporting — covering the full OWASP WSTG test suite. No API key required — use free models or bring your own (Anthropic, OpenAI, Google, GitHub, and more).

dristi — install.sh
$ git clone https://github.com/manojxshrestha/dristi.git
$ cd dristi/scripts
$ chmod +x *
$ ./install.sh
[+] Installing 60+ security tools...
$ ./setup.sh
[+] Configuration complete
$ ./burp-connect.sh
[+] Burp Suite connected
$ cd .. && opencode
[+] Autopilot mode engaged
[+] Target: example.com
[+] Phase 1/12 complete
$
0
Specialized Agents
0
Integrated Tools
0
WSTG Tests Covered
0
Pipeline Phases

dashboard leads

27 leads · 6 pending
Pipeline 12
Leads 27
PhaseAgentWhat it does
1SCOPE@scopeRegister target, scope boundaries, credentials
2AUTH(autopilot)Get tokens/cookies, detect WAF
3INTEL@pintelPassive OSINT: WHOIS, M365, cloud, spoof
4RECON@reconSubdomains, crawl, params, nuclei, secrets
5SURFACE@surfaceClassify endpoints, prioritize attack surface
6HUNT@huntTest all 25 bug classes via 54 @hunt-*
7DEEPTHINK@deepthink(conditional) First-principles gap analysis
8EXPLOIT@exploitDeep-research exploitation + WAF bypass
9SEARCH@search(conditional) Re-dispatch for uncovered classes
10CAPTURE@captureEvidence collection, screenshots, redaction
11VALIDATE@validateRe-validate PoCs, 7-Question Gate
12REPORT@reportCoverage check, generate report
Severity Title Target CVSS Pre-req Triage AI Triage File
critical SSRF in /api/webhooks/subscribe reaches 169.254.169.254 acme-shop 9.8* None pending VALID src/webhooks/subscribe.ts
critical open redirect→OAuth state reuse→full account takeover acme-shop 9.6 None valid VALID src/auth/oauth.ts
critical Auth bypass via JWT `none` algorithm in fallback path docs-api 9.4 None valid VALID internal/auth/verify.go
high IDOR on /users/:id/export reveals PII for any user patient-portal 8.6* Low pending VALID src/api/users.ts
high IDOR leaks user IDs→predictable session token→impersonate any user patient-portal 8.9* Low pending VALID src/session/sign.ts
high SQL injection in sort= parameter on search endpoint acme-shop 8.1 None valid VALID src/api/search.ts
critical SSRF in webhook→IMDS token→IAM escalation to admin ingest-svc 9.9* None valid VALID src/webhooks/*.ts
high Stored XSS in markdown comment renderer docs-api 7.4 Low pending NEEDS_INFO src/render/md.tsx
medium CORS wildcard + credentials enabled on /api/v2/* acme-shop 6.5 None low-impact LOW_IMPACT src/server/cors.ts
medium Unvalidated redirect in OAuth callback state banksite-web 6.1 None pending NEEDS_INFO src/auth/oauth.ts

Built for serious hunting

Dristi combines autonomous reasoning with industry-standard security tools to automate the entire bug bounty workflow.

Deep Reconnaissance

Subdomain enumeration, live host discovery, tech fingerprinting, parameter extraction — surface every attack vector.

Full WSTG Coverage

96+ OWASP WSTG tests automated across 12 categories — from information gathering to client-side testing.

87 Specialized Agents

54 hunt agents — XSS, SQLi, SSRF, and every OWASP-class in between — each with deep domain expertise. Works with free models or your own API key.

Exploitation Pipeline

Phase 8 EXPLOIT systematically validates findings with real PoCs before they enter your report.

Smart Prioritization

Risk-scored endpoint queue, attack chain discovery, and automated severity grading keep you focused on what matters.

Professional Reports

CVSS-scored findings with evidence, PoC output, remediation guidance — ready for client delivery or H1 submission.

Built for security researchers

Whether you hunt bounties or audit enterprise apps, Dristi adapts to your workflow.

Bug Bounty Hunters

Automate recon-to-report in hours, not weeks. Find vulnerabilities that automated scanners miss — SSRF, IDOR, business logic flaws, and attack chains. AI triage prioritizes what matters.

Penetration Testers

Full OWASP WSTG v4.2 methodology automated across 96+ tests. CVSS-scored findings with PoC evidence and remediation guidance — ready for client deliverables.

Security Teams

Continuous testing in CI/CD pipelines. Customize agents for your tech stack — React, Node.js, Go, Java, Python, and more. Works with your existing tools (Burp, Nuclei, etc.).

Up and running in 3 commands

No complex setup. No endless configuration. Install, configure, and start hunting.

Install Tools

One command installs 60+ security tools — Go binaries, Python packages, Cargo crates, and wordlists.

curl -sSL https://dristi.sh/install | bash

Configure Agents

Set up your OpenCode config, agent definitions, and API credentials in one interactive session.

./dristi setup --target example.com

Start Hunting

Launch the full pipeline or target specific vulnerability classes with dedicated hunt agents.

dristi hunt --scope "*.example.com"

Meet the agents

From reconnaissance to reporting — every phase has dedicated specialists.

hunt-xss
hunt-sqli
hunt-ssrf
hunt-ato
hunt-idor
hunt-rce
recon
scope
capture
validate
cloud-iam-deep
supply-chain
m365-entra-attack
enterprise-vpn
hunt-cors
hunt-lfi
hunt-ssti
hunt-nosqli
hunt-oauth
hunt-brute-force
web2-vuln-classes
osint-methodology
report
autopilot
View All 87 Agents

Why Dristi

How Dristi compares to the alternatives for your security testing workflow.

Dristi Traditional Scanners Manual Testing
Coverage96+ WSTG tests · 25 vuln classesLimited to known CVEs + patternsUnlimited (time-bound)
AI TriageVALID / NEEDS_INFO / LOW_IMPACTHigh false-positive rateManual review only
Attack ChainsAutomated chain discoverySingle-issue onlyResearcher finds them
EvidenceScreenshots + HAR + PoC reportsRaw logs onlyManual documentation
ReportingCVSS-scored per-finding PoC reportsGeneric PDF outputManual report writing
CostFree · open-source · BYO models$1k–$50k/year per seat$200–$500/hr