Vigolium’s agent mode runs vulnerability scans with an LLM in the loop. Three subcommands cover the spectrum from single-shot prompts to fully autonomous pentests:Documentation Index
Fetch the complete documentation index at: https://docs.vigolium.com/llms.txt
Use this file to discover all available pages before exploring further.
vigolium agent query: one-shot prompt against code or a target. Code review, endpoint discovery, secret hunt. No scanning loop.vigolium agent swarm: multi-phase pipeline where native Go does the heavy lifting and AI intervenes at checkpoints (planning attacks, triaging results, generating custom JS extensions).vigolium agent autopilot: one long-running LLM session with full tool access. The agent decides what to scan, runs scans, inspects results, and iterates until it halts.
Autopilot and Swarm are still maturing. We greatly appreciate feedback on false positives and bug reports.
Prerequisites
- A working olium provider (Claude / OpenAI / Codex / local). See Setting Up the Agent.
- Optional: a source-code path or git URL for source-aware scanning (
--source).
Autopilot, autonomous AI pentest
Hand the agent a target and walk away. It opens a shell, reads files, runs the vigolium CLI, decides which modules to invoke, and iterates until it callshalt_scan or hits the max-turns / max-duration cap.
Intensity presets
| Preset | Max commands | Timeout | Vigolium-audit mode (with --source) | Browser |
|---|---|---|---|---|
quick | 30 | 1h | lite | off |
balanced (default) | 100 | 6h | balanced | off |
deep | 300 | 12h | deep | on |
Swarm, AI-guided multi-phase scan
The agent directs the native scanner instead of becoming it. A state-machine pipeline runs: normalize → auth → source-analysis → code-audit → discover → plan (AI) → extension → native scan → triage (AI) → optional rescan loop.Source-aware scanning (--source)
Both autopilot and swarm accept --source <path|git-url|archive>. When set, vigolium-audit runs first (foreground), prepares a frozen whitebox context bundle, then the autonomous scan launches against that context.
--source accepts local paths, git URLs (cloned with --depth 1 by default), or archive files. For a standalone source audit without a scan, see Agentic Security Audit.
Picking between autopilot and swarm
| You want… | Pick |
|---|---|
| Hands-off black-box scanning with a real browser + custom extensions | autopilot |
| Structured, repeatable results with optional verification loops | swarm |
| AI-crafted payloads against one specific request | swarm (single-input) |
| Creative pentest-style exploration | autopilot |
| CI/PR gate (fast, deterministic) | swarm —intensity quick |
| Overnight deep assessment | autopilot —intensity deep |
swarm --source --target ... --code-audit --triage gives the most structured output; autopilot --source ... gives the agent more freedom.
Sessions and findings
Every agent run writes a session directory under~/.vigolium/agent-sessions/<run-uuid>/ with the checkpoint, plan, rendered prompts, captured output, and any generated extensions. Browse past runs with:
findings table as native scans, tagged by source (autopilot, swarm, archon, piolium). Query them with:
Next steps
- Autopilot, autonomous operator: full flag reference, intensity presets, halt conditions.
- Swarm, multi-phase pipeline: phases, extension generation, triage loop.
- Agent Mode, the full reference for every
vigolium agentsubcommand. - Agentic Security Audit, whitebox source-code audit (vigolium-audit + piolium).
- Setting Up the Agent, provider/credential setup.