-
Natural language interface for tool orchestration
-
Governance engine with policy-based approval
-
Scope enforcement to prevent out-of-scope testing
-
Comprehensive audit logging for compliance
-
Structured findings management
-
Professional report generation (Markdown, HTML, JSON)
=== SUPPORTED TOOLS ===
-
Reconnaissance: nmap, masscan, amass, subfinder
-
Web Scanning: nikto, nuclei, gobuster, ffuf, sqlmap, whatweb
-
Network Analysis: SMB enumeration, SNMP walking, DNS zone transfers, LDAP
-
Active Directory: User/group enumeration, Kerberoasting, AS-REP roasting
-
API Security: OpenAPI parsing, JWT analysis, BOLA/IDOR testing
=== DEPENDENCIES ===
Build-Depends: curl (for Bun installation)
Recommends: nmap, nikto, nuclei, gobuster, ffuf, sqlmap, smbclient,
ldap-utils, snmp, dnsutils, sslscan, whatweb, hydra,
enum4linux, masscan, amass, subfinder
(All already available in Kali)
Runtime: Bun JavaScript runtime (installed automatically via postinst)
=== SIMILAR TOOLS ===
-
metasploit-framework: Wiz focuses on orchestration, not exploitation
-
faraday: Wiz is CLI-first with AI, Faraday is web-based collaboration
-
No direct equivalent for AI-powered tool orchestration exists in Kali
=== PACKAGING STATUS ===
Debian packaging is complete:
-
debian/ directory with all required files
-
Man page included (wiz.1)
-
postinst script handles Bun installation
-
.deb package available: wiz_1.1.0-1_all.deb
=== INSTALLATION ===
wget https://github.com/code3hr/opencode/releases/download/v1.1.0/wiz_1.1.0-1_all.deb
sudo dpkg -i wiz_1.1.0-1_all.deb
sudo apt-get install -f
=== USAGE EXAMPLE ===
$ wiz
scan 192.168.1.0/24 for open ports
check 192.168.1.10 for web vulnerabilities
enumerate users in corp.local domain
generate executive report
=== PROJECT ACTIVITY ===
Active development with regular commits.
GitHub: https://github.com/code3hr/opencode
