NERF — AI Security Engineering Platform

v2.59.1 · Node.js

AI Security Engineering Platform

0Challenges Solved

0Skills

0Domains

0Frameworks

0MCP Tools

0CLI Commands

Get Started GitHub Explore Skills

Built on the AgentSkills open standard · Community project · Not affiliated with Anthropic PBC

Benchmark Results

XBOW 104-Challenge Validation Suite · 98/104 solved · 100% adjusted rate (6 infra failures) · Zero solver failures

94.2%

Pass Rate · 98 / 104 Challenges

100% adjusted — all 6 failures are Docker infra, not solver

43/45

Level 1

96%

48/51

Level 2

94%

7/8

Level 3

88%

61s

Median

182s

Average

14s

Fastest

4.9h

Total

System	Pass Rate	Solved
NERF	94.2%	98/104
Shannon	96.0%	—
PentestGPT	86.5%	—
MAPTA	76.9%	—

23/23

XSS

13/13

SSTI

6/6

SQLi

10/11

Cmd Injection

6/6

Deserialization

11/11

LFI/Traversal

13/14

Priv Escalation

3/3

XXE

3/3

SSRF

4/4

CVE Exploit

3/3

Crypto

7/7

Business Logic

Notable Solves

XBEN-029-24blind SQLi + file upload1221s

Chained blind SQL injection with time-based extraction into arbitrary file upload for RCE

4 benchmark suites: XBOW (104) · NYU CTF (255) · PicoCTF (56) · OverTheWire (93) · Full report →

Install

Node.js 18+ · No Python · No pip · No virtual environments

npm

npm install -g @defconxt/nerf

Docker

docker run -it ghcr.io/defconxt/nerf:latest nerf doctor

From source

git clone https://github.com/defconxt/NERF.git && cd NERF && npm install && npm link

Backends:Claude CodeOllamaClaude APILiteLLM

Pure Node.js · No Python · 25ms cold start · Run nerf setup after install

nerf — 37 commands

$nerf setup—Interactive onboarding wizard

$nerf doctor—Health check & auto-fix

$nerf "query"—Send a security query

$nerf scan <target>—Run Nuclei/Katana security scan

$nerf compliance <fw>—Generate compliance report

$nerf diff <file>—Analyze git diff for security issues

$nerf search <query>—Search cross-session memory

$nerf skills <query>—Search techniques by keyword

$nerf domains—List all skill domains

$nerf osint <target>—Run OSINT investigation

$nerf mcp—MCP server for Claude Desktop

$nerf api—REST API server

$nerf benchmark—Run CTF benchmark suites

$nerf chain—Chain agents across modes

$nerf council—Multi-model consensus

$nerf resume—Resume previous session

$nerf update—Self-update from npm

7 Operating Modes

326 trigger keywords with weighted scoring · Auto-detects from your query

RED

Offensive security, exploitation, red team ops

Attack paths, C2, privilege escalation, lateral movement

exploitpayloadprivescmimikatz

BLUE

Detection engineering, hardening, threat hunting

Sigma rules, EDR tuning, SIEM correlation, YARA

sigmaedrthreat huntingsplunk

PURPLE

Purple team, ATT&CK coverage, detection gaps

Coverage mapping, gap analysis, emulation plans

mitrecoveragegap analysis

PRIVACY

Privacy engineering, GDPR/CCPA, data flows

DPIAs, consent flows, anonymization, data mapping

gdprdpiaprivacy by design

RECON

OSINT, reconnaissance, intelligence gathering

Subdomain enum, DNS, Shodan, social media intel

osintsubdomainshodanrecon

INCIDENT

Incident response, triage, containment

Forensic timelines, IOC extraction, playbooks

iocforensicsbreachtriage

ARCHITECT

Security architecture, threat modeling, zero trust

STRIDE/PASTA, security patterns, network segmentation

threat modelzero trustdesign

Security Techniques

1,539 techniques across 64 domains · Every skill follows the AgentSkills.io Specification

Red Team29

Adversary Simulation25

Exploit Development25

Binary Exploitation25

C2 Frameworks25

Password Cracking25

Bug Bounty25

Social Engineering25

Blue Team25

SOC Operations24

Detection Engineering25

Incident Response25

Incident Management25

Endpoint Security25

Ransomware Defense25

Phishing Defense25

Purple Team25

Application Security25

API Security25

Browser Security25

Secure Coding25

DevSecOps24

Nuclei Templating25

Security Testing25

Cloud Security25

Cloud Native Security25

Cloud Forensics25

Container Security25

Network Security25

Wireless Security25

Database Security25

Zero Trust25

Identity & Access Mgmt25

Identity Security25

Active Directory Security25

Data Security25

Cryptography25

Privacy Engineering25

Threat Intelligence25

Threat Modeling25

Malware Analysis25

Digital Forensics25

Investigation & Attribution25

OSINT & Recon25

Reverse Engineering25

Log Analysis25

AI & LLM Security25

Compliance & Audit25

GRC25

Vulnerability Management24

Supply Chain Security25

Security Leadership25

Security Awareness25

OT/ICS Security25

Mobile Security25

Email Security25

Security Architecture25

Automation & Scripting25

SecOps Automation25

Security Data Engineering25

Cross-Session Memory1

Self-Evolution1

Engagement Pipeline1

PR Security Review1

Platform

Everything runs as native Node.js — zero subprocess bridges

Scanning Pipeline

Nuclei — vulnerability scanning with template management

Katana — web crawling for attack surface discovery

SecurityDiff — git diff analysis for security issues

Secret detection — AWS keys, GitHub tokens, private keys

OSINT pipeline — domain intel, WHOIS, IP reputation

XSS scanners — static heuristic + DOM-based (Playwright)

Binary analysis — ELF parser, ROP gadget scanner

SARIF output — CI/CD integration via standard format

Cross-Session Memory

Symbolic — SQLite with structured metadata (engagement, severity, TTPs)

Lexical — FTS5 full-text with Porter stemming

Fusion — Reciprocal Rank Fusion across all layers

Lifecycle — decay, consolidation (Jaccard dedup), archival

API & MCP Server

14 REST endpoints — HMAC-SHA256 auth, sliding-window rate limiting

14 MCP tools — JSON-RPC stdio — Claude Desktop, Cursor, Windsurf

OpenAI proxy — skill injection for any OpenAI-compatible agent

Zero deps — native Node.js http, no Express/Fastify

Autonomous Engine

Skill gap analysis — maps MITRE ATT&CK coverage

Auto-researcher — hypothesis → validation → skill generation

Leaderboard — SQLite-backed effectiveness tracking with trends

Feedback loop — bottom-performing skills trigger auto-regeneration

Compliance Engine

39 frameworks · 1,151 controls · Gap analysis · CSV / JSON / Markdown export

NIST 800-53 Rev 5297

NIST CSF 2.027

NIST AI RMF18

NIST 800-17137

NIST 800-8213

NIST Privacy15

ISO 27001:202293

ISO 2701712

ISO 2701811

ISO 2770114

SOC 2 Type II21

PCI DSS 4.016

HIPAA16

GDPR13

CCPA/CPRA14

CMMC 2.024

FedRAMP20

NIS212

DORA14

EU AI Act59

SOX IT12

SWIFT CSP27

NERC CIP13

IEC 6244318

HITRUST CSF24

CIS v818

CSA CCM v429

CIS Cloud22

MITRE ATT&CK14

OWASP Top 1030

OWASP ASVS66

OWASP MASVS18

SANS/CWE Top 2525

CISA KEV/CPG12

PTES13

OSSTMM10

SSDF19

COBIT 201920

ITIL v4 Security15

Works Everywhere

Any agent that reads SKILL.md or speaks MCP

Claude CodeGitHub CopilotCursorGemini CLIOpenAI Codex CLIAmpWindsurfAiderContinueGooseZedClineVoidCodyKoduRoo Code+10 more

VS Code npm AUR

Knowledge Base

95 deep-dive reference articles across 8 categories

Overview Synthesis Hardening Guides SIEM & SOC Sigma Detection Threat Hunting Logging & Monitoring EDR & AV Internals Windows Event Logs PowerShell Security SecOps Runbooks Security Automation Insider Threat & DLP AI Defense Evasion vs Detection Malware IoC Reference

Investigation Tools Forensics Artifacts Network Forensics Email Forensics Malware Analysis Timeline Analysis Incident Playbooks

Security Patterns Threat Modeling Infrastructure Network Segmentation Identity & Auth Cryptography & PKI Data Protection Supply Chain DNS & Email Containers & K8s AWS Security Azure Security GCP Security Cloud Infrastructure Startup Security

Privacy Engineering Regulations Privacy Tools OSINT & Privacy Data Protection

Compliance GRC & Risk Security Metrics Security Leadership

MITRE ATT&CK Purple Team OSINT Tradecraft Recon Tools ICS/SCADA Mobile Security Threat Intelligence Emerging Threats Breach Case Studies Purple Team Exercises DevSecOps Secure Coding Developer Security Encoding & Manipulation Network Protocols AI Pentesting Curated Resources Supplementary

Security Mastery Q&A Security Scenarios CTF Methodology Certifications

Benchmark Results

Install

7 Operating Modes

Security Techniques

Offensive

Defensive

Application

Cloud & Infra

Identity & Data

Intelligence

AI Security

Governance

Infrastructure

Meta

Platform

Scanning Pipeline

Cross-Session Memory

API & MCP Server

Autonomous Engine

Compliance Engine

NIST

ISO

Regulatory

Industry

Threat & Testing

Governance

Works Everywhere

Knowledge Base

Offensive

Defensive

DFIR

Architecture

Privacy

Governance

Reference

Training

Benchmark Results

Install

7 Operating Modes

Security Techniques

Offensive

Defensive

Application

Cloud & Infra

Identity & Data

Intelligence

AI Security

Governance

Infrastructure

Meta

Platform

Scanning Pipeline

Cross-Session Memory

API & MCP Server

Autonomous Engine

Compliance Engine

NIST

ISO

Regulatory

Industry

Threat & Testing

Governance

Works Everywhere

Knowledge Base

Offensive

Defensive

DFIR

Architecture

Privacy

Governance

Reference

Training