Open Source · AGPL-3.0

The Security Agency
That Never Sleeps

AI-powered security operations platform. Embedded AI Brain with 356 security knowledge entries, 8 scanners, 28 autonomous agents, DAG workflow automation, smart Ollama/Claude provider routing, and a 37-tool MCP server — with zero vendor lock-in.

View on GitHub Quick Install
Vigil Dashboard
356
Brain KB Entries
28
AI Agents
8
Scanners Built-In
40+
Dashboard Views
37
MCP Tools

Everything You Need for Security Ops

From vulnerability scanning to compliance reporting — one platform, zero vendor lock-in.

🧠

Vigil Brain — 356 KB Entries

Embedded security knowledge base. 85 MITRE ATT&CK techniques, 89 port mappings, 48 NIST controls, 40 CompTIA Sec+ domains, 30 compliance maps, 27 remediation templates. Instant answers in <1ms — no LLM needed.

🤖

28 Autonomous Agents

AI-powered agents with full editor and custom prompts. Autonomous Pentester (P-E-R cycles), Adversarial Analyst (MUST-GATE), forensics, red team, scanners, compliance checkers. Per-agent AI provider selection.

🔄

Flows — Workflow Automation

DAG-based security pipelines. Chain agents, conditions, HTTP calls, delays. Recon Pipeline, Compliance Check, Incident Response, Vulnerability Triage templates. Visual editor with real-time execution.

🔍

8 Scanners Built-In

Nmap (network), Nuclei (9000+ vuln templates), Trivy (containers), Nikto (web), OpenSSL (certificates), DNS/WHOIS, WAF detection (30+ signatures), and AI code audit.

Smart AI Provider Routing

Ollama (local/air-gapped), Claude API, Claude CLI, Codex. Per-agent selection, strategy-based routing (balanced, premium, speed, economy), automatic fallback chains. Runs on Kali. Runs air-gapped.

🚨

Incident Response

Full lifecycle incident management with playbooks (ransomware, phishing, data breach, DDoS), attack timelines, and AI-generated postmortems.

Compliance Tracking

PCI DSS 4.0, HIPAA, SOC 2, ISO 27001, NIST CSF 2.0, CIS Controls v8. Cross-framework control mapping, policy editor, enforcement rules, and audit-ready reports.

🌐

Threat Intel & OSINT

Intel Hub with RSS feeds, CISA KEV, CVE Watch. OSINT: domain, IP, email, username, phone, web recon. Purple Team MITRE ATT&CK simulator.

🔗

MCP Server for Claude

37 tools, 7 resources, 8 prompts at POST /mcp. Connect from Claude Desktop, Claude Code, Cursor, or any MCP client.

🔒

Credential Vault & Auth

AES-256-GCM encrypted credential storage. PBKDF2 password hashing, TOTP 2FA with challenge-token flow, RBAC roles (admin, analyst, viewer).

📦

Docker + Ollama Stack

Docker Compose with Vigil, PostgreSQL, and Ollama (qwen3:8b). Full security ops platform in one command. Zero data leaves your machine. 6 npm dependencies.

Install in 60 Seconds

Choose your preferred method.

# Clone and start
git clone https://github.com/vigil-agency/vigil.git
cd vigil
cp .env.example .env
npm install
npm start

# → http://localhost:4100 (check startup logs for bootstrap password)
# Docker Compose (includes PostgreSQL)
git clone https://github.com/vigil-agency/vigil.git
cd vigil
cp .env.example .env
docker compose up -d

# → http://localhost:4100 (check startup logs for bootstrap password)
# One-liner install
curl -fsSL https://raw.githubusercontent.com/vigil-agency/vigil/main/install.sh | bash

# → http://localhost:4100 (random password in .env)

FAQ

Is Vigil really free?
Yes. Vigil is open-source under AGPL-3.0. Free for personal and commercial use. If you modify and deploy it as a service, you must open-source your modifications.
Do I need AI API keys?
No. AI features are optional (BYOK — Bring Your Own Key). Vigil shells out to your locally-installed Claude or Codex CLI. Without AI, all scanning, incident management, and compliance features still work.
Do I need a database?
No. Vigil works out of the box using JSON file stores. PostgreSQL is optional and adds better querying and multi-user support.
What scanners are included?
Nmap (network), Nuclei (9000+ vulnerability templates), Trivy (containers/filesystems), Nikto (web servers), OpenSSL (certificates), and dig/whois (DNS). The Docker image includes all of them pre-installed.
What is the MCP server?
Vigil includes a Model Context Protocol server with 37 tools, 7 resources, and 8 prompts. Connect from Claude Desktop, Claude Code, or Cursor to run security operations through natural language. Tools cover scanning, OSINT, pentesting, adversarial analysis, compliance, incidents, and proxy infrastructure.
Can I use Vigil for production security?
Yes. Vigil includes RBAC, 2FA, encrypted credential storage, audit logging, and compliance frameworks. Only scan targets you own or have authorization to test.

Ready to Secure Your Stack?

Get started in under a minute. Free and open-source, forever.

Star on GitHub Install Now