Skip to main content

Cyberstrike is now open source! AI-powered penetration testing for security professionals. Star on GitHub

On this page

Changelog

All notable changes to Cyberstrike CLI are documented here. For the full release history with downloadable assets, see GitHub Releases.

v1.1.14

  • Added /methodology dialog in TUI to inspect current methodology state
  • Added Sidebar digest showing real-time methodology progress
  • Added Intelligent orchestrator delegation based on methodology context
  • Added 20 agent bug fixes in a single pass — context handling, prompt formatting, tool routing
  • Added Upstream provider/model system fully synced with latest AI SDK
  • Added Cumulative token usage tracking across main agent + all sub-agents displayed in TUI
  • Added Anthropic Pro/Max subscription support via OAuth — use your included API quota directly
  • Added DeepSeek V4 Pro/Flash with thinking mode and reasoning effort control
  • Added Kubernetes v1.11.1, v1.12.0, v2.0.0
  • Added Docker v1.7.0, v1.8.0
  • Added Apache HTTP Server 2.2 (v3.6.0) and 2.4 (v2.3.0)
  • Added Apache Cassandra 3.11, 4.0, 4.1, 5.0
  • Added Apache Tomcat 10.1
  • Added Ubuntu 18.04, 20.04
  • Added MITRE ATT&CK upgraded with Atomic Red Team mappings
  • Improved Auth failures now surface immediately instead of producing silent empty crawls
  • Improved Subscription parity between worker and main process
  • Improved Multi-credential headless mode fixes
  • Improved Playwright version pinned exactly in postinstall (no more caret-range drift)
  • Improved Agent init: cold-start eliminated with Skill.dirsOnly() lightweight directory scan
  • Improved First message: 20s → <1s via lazy skill loading in SkillTool
  • Improved Log growth: 11GB/3min → <100MB by moving permission evaluate to DEBUG level
  • Improved Test suite: 64 pre-existing failures resolved (Bun fd exhaustion on macOS)
  • Improved Session context: tool-error strings truncated before storage
  • Improved Permission system: DeniedError messages capped instead of serializing full ruleset
  • Improved Sub-agent prompts: raw request/response payloads capped to prevent context overflow
  • Added Vulnerability deduplication by endpoint + attack vector
  • Added Prompt hardening to block 403/public-endpoint false positives
  • Added Session context integration for smarter assessment

v1.1.13

  • Added Vulnerability deduplication by endpoint + attack vector (eliminates duplicate findings)
  • Added Prompt hardening to block 403/public-endpoint false positives
  • Added Session context integration for smarter vulnerability assessment
  • Added Added endpoint and attack_vector fields to vulnerability tracking
  • Added New tools: web-get-vulnerabilities and web-get-vuln-detail
  • Added Unit tests for dedup, tools, and session context
  • Improved Copy button in vulnerability detail panel header
  • Improved Text selection enabled in vulnerability detail panel
  • Added Added HackBrowser section to README
  • Added Expanded proxy tester documentation

v1.1.12

  • Security Autonomous browser-based vulnerability scanner with Playwright integration
  • Security Multi-credential support with manual-login and automated modes
  • Security Live telemetry panel injected into target pages
  • Security Intelligence Layer: priority scoring, journey awareness, out-of-scope filtering
  • Security TUI integration: launch dialog, sidebar status, LLM cost tracking
  • Security /hackbrowser slash command for quick launch
  • Security Headless mode support
  • Security Stop mechanism (/hackbrowser-stop)
  • Security Hackbrowser subprocess isolation from main binary
  • Improved Agent initialization: 4.3s → ~500ms (lightweight directory scan with Skill.dirsOnly())
  • Improved First message response: 19.9s → <1s (lazy skill loading in SkillTool)
  • Improved Log file growth: 11GB/3min → <100MB (permission evaluate at DEBUG level + filtered invalid rules)
  • Improved Startup warnings: 15,214 duplicate skill warnings silenced (moved to DEBUG)
  • Improved Skill permission checks: Eliminated repeated permission checks and index rebuilds
  • Improved Reworked agent prompts for web-application, cloud-security, internal-network, and mobile-application testers
  • Improved Statically injected WSTG skills into vulnerability tester agents
  • Improved Orchestrator web-proxy-agent prompt improvements
  • Added 4-tier URL path normalization pipeline
  • Added Ingest queue with pause/resume support (/qpause, /qresume)
  • Added Strict ingest isolation (Katman 3 hardening)
  • Added Ingest context management with excludeHistory and IngestSummary
  • Fixed Fixed undefined permission rule errors causing TypeError
  • Fixed Fixed TypeScript agent type mismatch in SkillTool execute context
  • Fixed Fixed Prettier breaking skill signatures (added .cyberstrike/skill/** to .prettierignore)
  • Fixed Fixed massive log spam in permission evaluate
  • Fixed Fixed Playwright external build + npm dependency issues
  • Fixed Fixed hackbrowser dialog launch bug

v1.1.11

  • Fixed Fixed skill loading performance - eliminated 4.3s cold-start delay
  • Fixed Fixed first message response time (19.9s → <1s with lazy loading)
  • Fixed Fixed permission log spam creating 11GB log files
  • Fixed Fixed duplicate skill warnings (15,214 → DEBUG level)
  • Fixed Fixed undefined permission rule errors
  • Fixed Fixed TypeScript agent type errors in skill tool
  • Fixed Protected SKILL.md files from Prettier formatting (added to .prettierignore)
  • Improved Agent initialization: 4.3s → ~500ms (lightweight directory scan)
  • Improved First message: 19.9s → <1s (lazy skill loading)
  • Improved Log files: 11GB/3min → <100MB (debug level + filtered logs)
  • Improved Startup: Silenced 15,214 duplicate skill warnings

v1.1.10

  • Added MITRE ATT&CK Integration: 691 enterprise techniques with Atomic Red Team tests
  • Added 332 techniques now include 2,000+ copy-paste ready test commands
  • Added Coverage: Credential Access, Defense Evasion, Discovery, Execution, Persistence, etc.
  • Added Example: T1558.003 Kerberoasting (7 Atomic tests), T1003.001 LSASS Memory (5 tests)
  • Added CIS Benchmarks: 1,500+ hardening and compliance checks
  • Added Cloud Providers: AWS, Azure, GCP, Google Workspace
  • Added Server Software: Apache HTTP Server 2.2/2.4, Apache Cassandra 3.11/4.0/4.1/5.0, Apache Tomcat 7/8/9/10
  • Added Container/Orchestration: Docker v1.6/1.7/1.8, Kubernetes
  • Added Operating Systems: Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
  • Added OWASP WSTG: 125 web application security testing skills
  • Added NIST: Security controls and frameworks
  • Added Lazy Loading: Skills loaded on-demand, zero context pollution
  • Added Relevance-based scoring algorithm
  • Added Pagination with feedback
  • Added Search by: keyword, tech_stack, CWE ID, category, tags
  • Added 7,633 skills indexed in-memory
  • Added CIS skill recommendations integration
  • Added Automated compliance checks

v1.1.9

  • Added cyberstrike web — Launches CyberStrike with built-in Web UI on localhost:4096
  • Added cyberstrike serve — Headless server mode for remote access via Cloudflare Tunnel
  • Added app.cyberstrike.io — Connect to any CyberStrike instance using the hosted Hub UI. Enter your CF tunnel URL and password to connect from anywhere.
  • Added Hub Connect Screen — First-time users on app.cyberstrike.io see a connect screen to choose localhost or enter a remote tunnel URL
  • Added Password Auth — Set CYBERSTRIKE_SERVER_PASSWORD for remote access. Unicode-safe Basic auth with automatic loopback bypass for local use.
  • Added Plugin tools (subfinder, nmap, nuclei, etc.) each appear as separate entries with tool counts
  • Added User-configured MCP servers (dnsx, sqlmap, katana, etc.) added via bolt.config.json are also visible
  • Added Each Bolt-sourced tool shows a “bolt” badge identifying the source server
  • Security osint (37 tools) — OSINT reconnaissance and intelligence gathering
  • Security cve (23 tools) — CVE/NVD/EPSS/KEV/GHSA/OSV vulnerability intelligence
  • Security github-security (39 tools) — GitHub security scanning with 45 checks
  • Improved CORS and auth fixes for CF tunnel remote access
  • Improved Retry provider API calls on 5xx server errors
  • Improved Bump minimatch and dompurify for security patches
  • Improved MCP/Bolt config persisted to global scope
  • Improved Web UI bundled in npm package, auto-installed to ~/.cyberstrike/web/

v1.1.5

  • Improved Theme hot-reload support
  • Improved Select first item automatically when filtering lists
  • Fixed Clear palette cache on theme change
  • Fixed Encode non-ASCII directory paths in HTTP headers

v1.1.4

  • Improved Auto-fallback to available port when default port (4096) is busy
  • Improved Add --beta flag to install script for beta channel installs
  • Fixed Update @opentui/core and @opentui/solid to 0.1.88
  • Fixed Fix scoped package names in uninstall script
  • Fixed Correct npm install commands and domain references on website

v1.1.3

  • Security Add offensive security agent prompts for all specialized agents
  • Security Harden publish script
  • Fixed Add billing header for OAT token auth on Sonnet/Opus models — fixes 401 errors with certain API configurations

v1.1.2

  • Added Rename opencodecyberstrike in bin launcher script
  • Added Publish only on manual workflow trigger, not on every push
  • Added Remove AUR and Homebrew from publish pipeline

v1.1.1

  • Added Vulnerability reporting and request normalization models
  • Added Web security testing infrastructure (credentials, roles, objects, functions)
  • Added report_vulnerability tool with severity and impact tracking
  • Added Web proxy agent tools for endpoint analysis and credential management
  • Security Vulnerability testing and proxy analysis agent prompts
  • Security Extended agent definitions with proxy agents and vulnerability testers
  • Security Request context prepending for vulnerability agents
  • Added Vulnerability, request, and web context API endpoints
  • Added Vulnerability and web context views in TUI session sidebar
  • Added Sync context handlers for vulnerability and web security data
  • Added Integrated vulnerability reporting into CLI commands
  • Added Migrated all NPM packages to @cyberstrike-io/ scope
  • Added Redesigned SVG banners, reordered README headers
  • Added Added NPM keywords for discoverability
  • Fixed Default server port to 4096
  • Fixed Fixed migration folder timestamps and loader validation

v0.1.0

  • Added 13+ specialized security agents (web, mobile, cloud, network, proxy testers)
  • Added 120+ OWASP WSTG test cases
  • Added 15+ LLM provider support (OpenAI, Anthropic, Google, AWS Bedrock, Azure, and more)
  • Added TUI + Web interfaces
  • Added Plugin system for custom agents and tools

Version Format

Cyberstrike follows Semantic Versioning:

Change TypeVersion BumpExample
Breaking changesMajor1.0.0 → 2.0.0
New featuresMinor1.0.0 → 1.1.0
Bug fixesPatch1.0.0 → 1.0.1

Badge Legend

  • Added New feature or capability
  • Fixed Bug fix
  • Improved Enhancement to existing feature
  • Security Security-related update
  • Breaking Breaking change
  • Deprecated Feature marked for removal

Pre-release Versions

TagPurposeInstall Command
latestStable releasenpm install -g @cyberstrike-io/cli
betaBeta testingnpm install -g @cyberstrike-io/cli@beta
alphaEarly accessnpm install -g @cyberstrike-io/cli@alpha