I built Wiz because I was tired of context-switching between
remembering tool syntax and actually doing security work.
## Background
I've been doing security assessments for a while, and the workflow is always:
1. Remember the right tool for the job
2. Look up the flags (again)
3. Run the command
4. Parse the output manually
5. Copy findings to a spreadsheet
6. Repeat 100 times
7. Manually write the report
## What Wiz Does
Wiz lets you describe what you want in natural language:
"check if this Apache server is vulnerable to path traversal"
And it:
1. Selects the right tools (nuclei with CVE-2021-41773 templates)
2. Runs them with correct parameters
3. Parses the output into structured findings
4. Classifies by severity (Critical/High/Medium/Low)
5. Stores with evidence for the report
6. Generates professional reports when you're done
## Technical Details
Built on OpenCode (https://github.com/sst/opencode), which provides:
- Superior agent architecture vs generic LLM CLIs
- Extensible tool framework with typed I/O
- Multi-LLM support (Claude, GPT-4, Gemini, local models)
youncj•2w ago
## Background
I've been doing security assessments for a while, and the workflow is always: 1. Remember the right tool for the job 2. Look up the flags (again) 3. Run the command 4. Parse the output manually 5. Copy findings to a spreadsheet 6. Repeat 100 times 7. Manually write the report
## What Wiz Does
Wiz lets you describe what you want in natural language:
"check if this Apache server is vulnerable to path traversal"
And it: 1. Selects the right tools (nuclei with CVE-2021-41773 templates) 2. Runs them with correct parameters 3. Parses the output into structured findings 4. Classifies by severity (Critical/High/Medium/Low) 5. Stores with evidence for the report 6. Generates professional reports when you're done
## Technical Details
Built on OpenCode (https://github.com/sst/opencode), which provides: - Superior agent architecture vs generic LLM CLIs - Extensible tool framework with typed I/O - Multi-LLM support (Claude, GPT-4, Gemini, local models)
Wiz adds a security layer: - 30+ tool integrations with output parsers - Findings database with OWASP/CVE categorization - Governance engine (scope enforcement, audit trails) - Report generation (HTML, PDF, Markdown)
## What It's NOT
- Not a replacement for knowing what you're doing - Not for unauthorized testing - Not a magic "hack anything" button
It's an assistant that handles the tedious parts so you can focus on analysis.
## Stack
- TypeScript/Bun - Runs on Kali, Parrot, any Linux, macOS, Windows - Requires API key (Claude recommended, GPT-4 works too)
## Links
- GitHub: https://github.com/code3hr/opencode - Downloads: https://github.com/code3hr/opencode/releases/latest
Open source, MIT licensed. Feedback welcome! ```
---
## Quick Demo Script (for Video/GIF)
``` # Terminal recording script
$ ./cyxwiz
> scan 10.0.0.5 for vulnerabilities
[Wiz runs nmap, detects Apache 2.4.41] [Wiz runs nikto, finds misconfigurations] [Wiz runs nuclei, matches CVE-2021-41773]
Found 1 critical, 2 high, 3 medium findings.
> show critical findings
CRITICAL: CVE-2021-41773 - Apache Path Traversal - Target: 10.0.0.5:80 - Impact: Remote Code Execution - Evidence: [response data] - Remediation: Upgrade to Apache 2.4.51+
> generate report
Report generated: assessment-2024-01-15.html ```