{"id":49500449,"url":"https://github.com/pikpikcu/airecon","last_synced_at":"2026-05-01T12:33:37.354Z","repository":{"id":342721976,"uuid":"1173838343","full_name":"pikpikcu/airecon","owner":"pikpikcu","description":"AIRecon is an autonomous cybersecurity agent that combines a self-hosted Large Language Model (Ollama) with a Kali Linux Docker sandbox and a Textual TUI. It is designed to automate security assessments, penetration testing, and bug bounty reconnaissance — without any API keys or cloud dependency.","archived":false,"fork":false,"pushed_at":"2026-04-19T09:31:13.000Z","size":5580,"stargazers_count":385,"open_issues_count":2,"forks_count":63,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-19T10:31:30.121Z","etag":null,"topics":["ai-agents","automation","bugbounty","cli","ollama","penetration-testing","python","reconnaissance"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pikpikcu.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.txt","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"pikpikcu"}},"created_at":"2026-03-05T20:02:08.000Z","updated_at":"2026-04-19T09:31:18.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/pikpikcu/airecon","commit_stats":null,"previous_names":["pikpikcu/airecon"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/pikpikcu/airecon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pikpikcu%2Fairecon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pikpikcu%2Fairecon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pikpikcu%2Fairecon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pikpikcu%2Fairecon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pikpikcu","download_url":"https://codeload.github.com/pikpikcu/airecon/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pikpikcu%2Fairecon/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32497813,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","automation","bugbounty","cli","ollama","penetration-testing","python","reconnaissance"],"created_at":"2026-05-01T12:33:36.713Z","updated_at":"2026-05-01T12:33:37.307Z","avatar_url":"https://github.com/pikpikcu.png","language":"Python","funding_links":["https://github.com/sponsors/pikpikcu"],"categories":["Pentest \u0026 Red Teaming Agents"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"images/logo.png\" alt=\"AIRecon\" width=\"200\"\u003e\n\u003c/h1\u003e\n\u003ch4 align=\"center\"\u003eAI-Powered Autonomous Penetration Testing Agent\u003c/h4\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/pikpikcu/airecon/releases\"\u003e\u003cimg src=\"https://img.shields.io/badge/version-v0.1.7--beta-green.svg\"\u003e\n  \u003ca href=\"https://deepwiki.com/pikpikcu/airecon\"\u003e\u003cimg src=\"https://deepwiki.com/badge.svg\" alt=\"Ask DeepWiki\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://pikpikcu.github.io/airecon/\"\u003e\u003cimg src=\"https://img.shields.io/badge/Docs-airecon-blue.svg\" alt=\"Docs\"\u003e\u003c/a\u003e\n  \u003cimg src=\"https://img.shields.io/badge/language-python-green.svg\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/python-3.12%2B-blue.svg\"\u003e\n  \u003ca href=\"https://ollama.com\"\u003e\u003cimg src=\"https://img.shields.io/badge/LLM-Ollama%20(local)-orange.svg\"\u003e\n  \u003ca href=\"https://github.com/pikpikcu/airecon/blob/master/LICENSE\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/LICENSE-MIT-red.svg\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\nAIRecon is an autonomous penetration testing agent that combines a self-hosted **Ollama LLM** with a **Kali Linux Docker sandbox**, native **Caido proxy integration**, a structured **RECON → ANALYSIS → EXPLOIT → REPORT pipeline**, and a real-time **Textual TUI** — completely offline, no API keys required.\n\n![Airecon](images/airecon.png)\n\n---\n\n## Why AIRecon?\n\nCommercial API-based models (OpenAI GPT-4, Claude, Gemini) become prohibitively expensive for recursive, autonomous recon workflows that can require thousands of LLM calls per session.\n\nAIRecon is built 100% for local, private operation.\n\n| Feature | AIRecon | Cloud-based agents |\n|---------|---------|-------------------|\n| API keys required | **No** | Yes |\n| Target data sent to cloud | **No** | Yes |\n| Works offline | **Yes** | No |\n| Caido integration | **Native** | None |\n| Session resume | **Yes** | Varies |\n| Local knowledge base | **~1.09M records** | None |\n\n- **Privacy First** — Target intelligence, tool output, and reports never leave your machine.\n- **Caido Native** — 5 built-in tools: list, replay, automate (`§FUZZ§`), findings, scope.\n- **Full Stack** — Kali sandbox + browser automation + custom fuzzer + Schemathesis API fuzzing + Semgrep SAST.\n- **Skills Knowledge Base** — 57 built-in skill files, 289 keyword → skill auto-mappings. Extended by **[airecon-skills](https://github.com/pikpikcu/airecon-skills)** — a community skill library with 57 additional CLI-based playbooks for CTF, bug bounty, and pentesting.\n- **Local Security Knowledge Base** — Optional **[airecon-dataset](https://github.com/pikpikcu/airecon-dataset)** indexes ~1.09M security records (CVEs, red team techniques, CTF writeups, nuclei templates, bug bounty payloads) into local SQLite FTS5. The LLM calls `dataset_search` autonomously before attempting unfamiliar techniques — grounding its decisions in real indexed data.\n\n---\n\n## Pipeline\n\n```\nRECON → ANALYSIS → EXPLOIT → REPORT\n```\n\nEach phase has specific objectives, recommended tools, and automatic transition criteria. Phase enforcement is **soft** — the agent is guided but never blocked. Checkpoints run every 5 (phase eval), 10 (self-eval), and 15 (context compression) iterations.\n\n---\n\n## Memory \u0026 Learning (What It Actually Does)\n\nAIRecon does **not** fine-tune the LLM. Its \"learning\" is local, structured telemetry that guides tool choice and avoids repeating failed paths.\n\n**Local persistence (all on disk, no cloud):**\n- SQLite memory DB at `~/.airecon/memory/airecon.db` storing sessions, findings, patterns, target intel, tool usage, model performance, skill usage, and attack-chain discoveries.\n- Adaptive learning state at `~/.airecon/learning/global_learning.json` (tool performance stats, strategy patterns, observation log, distilled insights).\n- Per-target memory files under `~/.airecon/memory/by_target/` when persisted, containing endpoints, vulns, WAF bypasses, sensitive params, and auth endpoints.\n- Payload memory snapshots can be saved under `workspace/\u003ctarget\u003e/payload_memory.json` when session persistence runs.\n\n**How it affects behavior:**\n- On session start, memory context is injected (target intel, similar findings, learned patterns, tool reliability).\n- Every 8 iterations, learned patterns and similar findings can be re-injected based on detected tech.\n- Adaptive tool ranking uses historical success/failure to order tools and suggest strategies.\n- Payload memory (when enabled) skips payloads that repeatedly failed for the same target/param.\n\n---\n\n## Model Requirements\n\nAIRecon requires a model with **extended thinking** (`\u003cthink\u003e` blocks) and **reliable tool-calling** capabilities. Capabilities are auto-detected via `ollama show` metadata.\n\n\u003e **⚠️ Tool calling support is REQUIRED.** The model must support native function/tool calling. Models without this capability will be unable to execute any tools (http_observe, execute, browser actions, etc.), making AIRecon completely non-functional.\n\u003e \n\u003e **Recommended minimum: 8B-9B parameters.** Models below 8B are technically usable but strongly discouraged — they frequently hallucinate tool output, invent CVEs, skip scope rules, and produce unreliable tool calls.\n\n| Model | Pull | VRAM | Notes |\n|-------|------|------|-------|\n| **Qwen3.5 122B** | `ollama pull qwen3.5:122b` | 48+ GB | Best quality, most reliable |\n| **Qwen3.5 35B** | `ollama pull qwen3.5:35b` | 20 GB | **Recommended for most users** |\n| **Qwen3.5 35b** | `ollama pull qwen3.5:35b-a3b` | 16 GB | MoE — lower VRAM |\n| **Qwen3.5 9B** | `ollama pull qwen3.5:9b` | 6 GB | **Minimum viable** — expect frequent errors |\n\n**Model size guidance:**\n- **≥32B:** Reliable for full recon pipelines, good tool calling accuracy\n- **8B-14B:** Usable for simple tasks, expect 20-40% tool call errors and hallucinations\n- **\u003c8B:** Technically works but produces unreliable results — not recommended for serious testing\n\n**Known issues:** DeepSeek R1 produces incomplete function calls. Models \u003c 8B lack reliable tool calling support.\n\n---\n\n## Running Ollama on Google Colab (Limited Hardware)\n\nIf you don't have a GPU or your local VRAM is below the minimum, you can run Ollama on a **free Google Colab T4 GPU** and connect AIRecon to it via a public tunnel.\n\n\u003e **Open the notebook:**\n\u003e [![Open In Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://colab.research.google.com/github/pikpikcu/airecon/blob/main/scripts/airecon_colab.ipynb)\n\n**How it works:**\n\n```\nGoogle Colab GPU                     Your Local Machine\n┌─────────────────────────┐          ┌──────────────────────────┐\n│  Ollama (qwen3.5:9b)    │◄────────►│  AIRecon TUI             │\n│  cloudflared tunnel     │  HTTPS   │  ollama_url: tunnel URL  │\n└─────────────────────────┘          └──────────────────────────┘\n```\n\n**Steps:**\n\n1. Open the Colab link above and select **Runtime → Change runtime type → T4 GPU**\n2. Run all cells top to bottom (takes ~5–10 minutes first time)\n3. Copy the config snippet printed in **Cell 6** into `~/.airecon/config.yaml`:\n\n```yaml\nollama_url: \"https://xxxx.trycloudflare.com\"   # printed by Cell 6\nollama_model: \"qwen3.5:9b\"\nollama_timeout: 300.0\nollama_chunk_timeout: 300.0\nollama_num_ctx: 32768\nollama_num_ctx_small: 16384\n```\n\n4. Start AIRecon normally: `airecon start`\n\n**Colab GPU → model availability:**\n\n| Colab GPU | VRAM | Available model | Plan |\n|-----------|------|-----------------|------|\n| T4 | 15 GB | `qwen3.5:9b` | Free |\n| L4 | 22 GB | `qwen3.5:35b-a3b` (MoE) | Pro |\n| A100 | 40 GB | `qwen3.5:35b` | Pro+ |\n| H100 | 80 GB | `qwen3.5:122b` | Pro+ |\n\n**Limitations:**\n- Colab sessions last max **12 hours** (free) / **24 hours** (Pro) — tunnel URL changes on reconnect\n- T4 with `qwen3.5:9b` is the minimum viable setup — expect slower responses and more tool-call errors than a local 35B+ model\n- Not suitable for long autonomous sessions (deep recon can exceed session limits)\n- The Colab notebook is located at [`scripts/airecon_colab.ipynb`](scripts/airecon_colab.ipynb) if you want to self-host or modify it\n\n---\n\n## Installation\n\n**Prerequisites:** Python 3.12+, Docker 20.10+, Ollama (running), git, curl\n\n### One-line install (recommended)\n\n```text\ncurl -fsSL https://raw.githubusercontent.com/pikpikcu/airecon/refs/heads/main/scripts/install.sh | bash\n```\n\nThe script auto-detects remote vs local mode, installs Poetry if missing (via official installer — no system package conflicts), builds the wheel, and installs to `~/.local/bin`.\n\n### Manual install (from source)\n\n```text\ngit clone https://github.com/pikpikcu/airecon.git\ncd airecon\n./install.sh\n```\n\n```text\n# Add to ~/.bashrc or ~/.zshrc if needed\nexport PATH=\"$HOME/.local/bin:$PATH\"\n\nairecon --version\n```\n---\n\n## Configuration\n\nConfig file: `~/.airecon/config.yaml` (auto-generated on first run). AIRecon will create `~/.airecon/` if it doesn't exist, including when a custom `~` path is used.\n\n```yaml\n# ======================================\n# Ollama Connection\n# ======================================\n# Ollama API endpoint. REQUIRED — must be set. For local: http://127.0.0.1:11434. For remote: http://IP:11434\nollama_url: \"http://127.0.0.1:11434\"\n# Model to use. 122B for best reasoning (requires 60GB+ VRAM). For 12GB VRAM: use qwen2.5:7b or smaller. For 8GB VRAM: use qwen2.5:1.8b.\nollama_model: \"qwen3.5:122b\"\n# Total request timeout (seconds). 180s = 3 min. Stable for most models. Increase to 300s for slow remote servers or 122B models.\nollama_timeout: 180.0\n\n# ======================================\n# Ollama Model Settings\n# ======================================\n# Context window size. 65536 = 64K (stable for 12GB VRAM with 8B models). 131072 = 128K requires 30GB+ VRAM. Set -1 for server default.\nollama_num_ctx: 65536\n# Context for CTF/summary mode. 32768 = 32K (stable for 12GB VRAM). Reduced from 64K for stability with 8B+ models.\nollama_num_ctx_small: 32768\n# LLM output randomness. 0.0=deterministic, 0.15=recommended (strict), 0.3=creative. Does NOT affect thinking mode — controls output diversity only.\nollama_temperature: 0.15\n# Max tokens to generate. 16384 = 16K (stable for 12GB VRAM). 32K requires more VRAM.\nollama_num_predict: 16384\n# Enable extended thinking mode (for Qwen3.5+/Qwen2.5+). When enabled, model generates \u003cthink\u003e reasoning blocks before answering.\nollama_enable_thinking: true\n# Thinking intensity: low|medium|high|adaptive. For 12GB VRAM: use 'low' or 'medium'. 'high' may cause OOM with 8B models. Low=only deep tools, Medium=ANALYSIS+deep tools, High=most iterations (high VRAM only).\nollama_thinking_mode: low\n# Protect first N tokens from KV eviction. 4096 = 4K (reduced for 12GB VRAM stability). 8K for larger VRAM.\nollama_num_keep: 4096\n\n# ======================================\n# Proxy Server\n# ======================================\n# Host to bind proxy server. 127.0.0.1 = localhost only.\nproxy_host: 127.0.0.1\n# Port for proxy server. Default 3000.\nproxy_port: 3000\n\n# ======================================\n# Timeouts\n# ======================================\n# Docker command timeout (seconds). 900s = 15 min for long scans (nmap, nuclei).\ncommand_timeout: 900.0\n\n# ======================================\n# Docker Sandbox\n# ======================================\n# Container memory limit. '16g' = 16GB (stable for 32GB+ RAM host, 18GB image + Chromium). Prevents OOM kills. Set to '12g' for 32GB RAM, '8g' for 16GB systems, '4g' for 8GB systems.\ndocker_memory_limit: 16g\n\n# ======================================\n# Deep Recon\n# ======================================\n# Auto-start deep recon on session start.\ndeep_recon_autostart: true\n# Recon execution mode: standard|full. standard=respect user scope, full=auto-expand simple target prompts into comprehensive recon.\nagent_recon_mode: standard\n\n# ======================================\n# Safety\n# ======================================\n# Allow destructive tests (e.g., DELETE requests). Default: False for safety.\nallow_destructive_testing: false\n```\n\n| Key | Default | Notes |\n|-----|---------|-------|\n| `ollama_temperature` | `0.15` | Keep 0.1–0.2. Higher values cause hallucination. |\n| `ollama_num_ctx` | `131072` | Reduce to `32768` if VRAM is limited. |\n| `ollama_keep_alive` | `\"60m\"` | How long to keep model in VRAM. |\n| `deep_recon_autostart` | `true` | Bare domain inputs auto-expand to full recon. |\n| `allow_destructive_testing` | `false` | Unlocks aggressive modes (SQLi confirm, RCE chains). |\n| `command_timeout` | `900.0` | Max seconds per shell command in Docker. |\n| `vuln_similarity_threshold` | `0.7` | Jaccard dedup threshold for vulnerabilities. |\n\n**Remote Ollama** (LAN server or Google Colab tunnel):\n```yaml\nollama_url: \"http://192.168.1.100:11434\"   # LAN server\nollama_model: \"qwen3.5:35b\"\n\n# or via Colab tunnel (see \"Running Ollama on Google Colab\" section above):\nollama_url: \"https://xxxx.trycloudflare.com\"\nollama_model: \"qwen3.5:9b\"\nollama_timeout: 300.0\nollama_chunk_timeout: 300.0\n```\n\n---\n\n## MCP Integration\n\nAIRecon can connect to external MCP servers and expose their tools dynamically as `mcp_\u003cserver\u003e` tools.\n\nConfig file: `~/.airecon/mcp.json`\n\n**Example config:**\n```json\n{\n  \"mcpServers\": {\n    \"hexstrike\": {\n      \"command\": \"python3\",\n      \"args\": [\n        \"/path/hexstrike-ai/hexstrike_mcp.py\",\n        \"--server\",\n        \"http://127.0.0.1:8888\"\n      ],\n      \"env\": {\n        \"PYTHONUNBUFFERED\": \"1\"\n      },\n      \"enabled\": true\n    },\n    \"xssgen\": {\n      \"command\": \"python3\",\n      \"args\": [\n        \"/path/xssgen/xss_client.py\",\n        \"--server\",\n        \"http://127.0.0.1:8000\"\n      ],\n      \"env\": {\n        \"PYTHONUNBUFFERED\": \"1\"\n      },\n      \"enabled\": true\n    },\n    \"recon\": {\n      \"transport\": \"sse\",\n      \"url\": \"https://example.com/mcp\",\n      \"enabled\": true,\n      \"headers\": {\n        \"Authorization\": \"Bearer xxxxx\"\n      }\n    }\n  }\n}   \n```\n\n**Using MCP tools in chat:**\n- Tool name format: `mcp_\u003cserver\u003e`\n- Actions: `list_tools`, `search_tools`, `call_tool`\n\nExample:\n```json\n{\"name\": \"mcp_acme\", \"arguments\": {\"action\": \"list_tools\"}}\n```\n\n---\n\n## Knowledge Base (airecon-dataset)\n\n**[airecon-dataset](https://github.com/pikpikcu/airecon-dataset)** is an optional companion that downloads security datasets from HuggingFace and indexes them locally into SQLite FTS5 databases. Once installed, the LLM queries them autonomously via the `dataset_search` tool.\n\n**How it works:** `dataset_search` is a standard agent tool in `tools.json`. The LLM decides when to call it — AIRecon does not auto-trigger it. The system prompt instructs the agent to query the knowledge base before attempting unfamiliar techniques.\n\n```bash\ngit clone https://github.com/pikpikcu/airecon-dataset.git\ncd airecon-dataset \u0026\u0026 python install.py\n```\n\n**Datasets included (~1.09M records total, 100% offline):**\n\n| Dataset | Records | Content |\n|---------|---------|---------|\n| Pentest Agent (ChatML) | 322,433 | CVE-based exploitation workflows (MITRE/NVD/ExploitDB) |\n| CTF SaTML 2024 | 190,657 | Real attack/defense CTF interaction data |\n| CTF Instruct | 141,182 | Pwn, web, crypto, forensics, reverse engineering |\n| Cybersecurity CVE | 124,732 | CVE analysis, CVSS, exploitation context |\n| SQL Injection Q\u0026A | 50,632 | Conversational SQLi — detection, bypass, exploitation |\n| Cybersecurity Fenrir | 83,918 | Attack/defense instruction pairs |\n| Red Team Offensive | 78,430 | Lateral movement, privilege escalation, evasion |\n| Cybersecurity Q\u0026A | 53,199 | Broad security knowledge |\n| StackExchange RE | 20,641 | Binary analysis, disassembly, debugging, malware |\n| Nuclei Templates | 23,180 | Nuclei YAML template generation |\n| NVD Security Instructions | 2,063 | Structured CVE analysis with severity and remediation |\n| APT Privilege Escalation | 1,000 | Linux priv esc techniques with APT tactics |\n| Bug Bounty \u0026 Pentest | 146 | Payloads, bypass methods, report templates |\n\n**Example agent queries (called autonomously by the LLM):**\n```\ndataset_search: {\"query\": \"log4j RCE exploitation chain\"}\ndataset_search: {\"query\": \"SSRF bypass cloud metadata\", \"category\": \"bug-bounty\"}\ndataset_search: {\"query\": \"nuclei template XSS detection\"}\ndataset_search: {\"query\": \"CVE 2021 44228\", \"category\": \"vulnerability\"}\n```\n\nResults are capped at 500 chars each. Special chars in CVE IDs (dashes, brackets) are sanitized automatically.\n\n---\n\n## Usage\n\n```text\nairecon start                          # start TUI\nairecon start --session \u003csession_id\u003e  # resume session\n```\n\n**Example prompts:**\n\n```\n# Full pipeline\nfull recon on example.com\npentest https://api.example.com\n\n# Specific tasks\nfind subdomains of example.com\nscan ports on 10.0.0.1\ncheck for XSS on https://example.com/search\ntest SQL injection on https://example.com/api/login parameter: username\nrun schemathesis on https://example.com/openapi.json\n\n# Authenticated testing\nlogin to https://example.com/login with admin@example.com / password123 then test for IDOR\ntest https://app.example.com with TOTP: JBSWY3DPEHPK3PXP\n\n# Multi-agent\nspawn an XSS specialist on https://example.com/search\nrun parallel recon on: example.com, sub.example.com, api.example.com\n\n# Caido\nreplay request #1234 with a modified Authorization header\nuse Caido to fuzz the username parameter in request #45 with §FUZZ§ markers\n```\n\n---\n\n## Workspace\n\n```\nworkspace/\u003ctarget\u003e/\n      ├── command/         # system-managed logs\n      ├── output/          # Raw tool outputs (nmap, httpx, nuclei, subfinder, ...)\n      ├── tools/           # AI-generated exploit scripts (.py, .sh)\n      └── vulnerabilities/ # Verified vulnerability reports (.md)\n```\n\nSessions persist at `~/.airecon/sessions/\u003csession_id\u003e.json` — subdomains, ports, technologies, URLs, vulnerabilities (Jaccard dedup), auth tokens, and completed phases.\n\n---\n\n## Troubleshooting\n\n**Ollama OOM / HTML error page** — Most common on long sessions or large models near VRAM limits.\n\n```text\nsudo systemctl restart ollama\n```\n\n```json\n{ \"ollama_num_ctx\": 32768, \"ollama_num_ctx_small\": 16384, \"ollama_num_predict\": 8192 }\n```\n\n**Agent loops/stalls** — Usually a reasoning failure. Try a larger model, or reduce `ollama_temperature` to `\u003c 0.2`.\n\n**Docker sandbox not starting:**\n```text\ndocker build -t airecon-sandbox airecon/containers/kali/\n```\n\n**Caido connection refused** — Caido must be running before AIRecon. Default: `127.0.0.1:48080`.\n\n**PATH not found after install:**\n```text\nexport PATH=\"$HOME/.local/bin:$PATH\" \u0026\u0026 source ~/.zshrc\n```\n## Star History\n\n\u003ca href=\"https://www.star-history.com/?repos=pikpikcu%2Fairecon\u0026type=date\u0026legend=top-left\"\u003e\n \u003cpicture\u003e\n   \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://api.star-history.com/chart?repos=pikpikcu/airecon\u0026type=date\u0026theme=dark\u0026legend=top-left\" /\u003e\n   \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://api.star-history.com/chart?repos=pikpikcu/airecon\u0026type=date\u0026legend=top-left\" /\u003e\n   \u003cimg alt=\"Star History Chart\" src=\"https://api.star-history.com/chart?repos=pikpikcu/airecon\u0026type=date\u0026legend=top-left\" /\u003e\n \u003c/picture\u003e\n\u003c/a\u003e\n\n## Contributing\n\nIssues and PRs are welcome. If you report a bug, include logs, config, and minimal steps to reproduce.\n\n## Responsible Use\n\nAIRecon is for authorized security testing only. Always obtain explicit permission and follow applicable laws and program scope.\n\n## License\n\nSee [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpikpikcu%2Fairecon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpikpikcu%2Fairecon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpikpikcu%2Fairecon/lists"}