Linux · macOS · Windows  ·  Security Engagement Platform

Plan. Run.
Deliver the
report.

AI-generated playbooks. Step-by-step evidence capture. Client-ready reports with one click. The complete engagement workflow, offline-first, built for Linux, macOS, and Windows.

↓ Download Free See How It Works →
Playbooks → Runs → Evidence → Reports · Offline-First
chimp — ACME Corp Pentest · Playbooks
3 findings Production
🏠
📚
📁
🤖
🔗
ACME Corp Pentest
Playbooks Runs
Web App Assessment AI-enriched
14 steps · 4 phases
Network Recon AI-enriched
9 steps · 3 phases
Runs
Run #1 — Production complete
3 finding(s) · May 3, 2026
Web App Assessment — Evidence Trail
Phase 1 · Reconnaissance
Port scan & service enumeration
High
▶ Run
DNS enumeration & subdomain discovery
Med
▶ Run
Phase 2 · Application Testing
SQL injection — login endpoint
Crit
▶ Run
Stored XSS — comment fields
High
▶ Run
JWT signature verification bypass
High
▶ Run
Terminal — Run #1
root@kali:~# sqlmap -u "http://acme.corp/login" --dbs --batch
[CRITICAL] parameter 'username' is vulnerable to SQLi
[INFO] fetched databases: ['app_db', 'users', 'logs']
root@kali:~#
Engagement Workflow

FROM KICKOFF TO
CLIENT REPORT.

Chimp owns every stage of the engagement. No more stitching together spreadsheets, terminal windows, and Word documents. It's all one workflow.

01
Project
Define your target
Name the client, describe the system, set industry, tech stack, and compliance scope. Chimp pre-loads all AI context from this.
Client: ACME Corp
Scope: Web App + API
Compliance: PCI-DSS
Active
02
Playbook
AI builds the test plan
Chimp generates a structured playbook scoped to your project — phases, steps, tools, commands, and expected findings. Enrich further with AI.
Phase 1: Recon (3 steps)
Phase 2: App Testing (5 steps)
Phase 3: Exploitation (4 steps)
AI
03
Engagement Run
Execute & capture evidence
Run the playbook step by step in any environment. For each step: inject the command, log the finding, mark Found or Not Found. Evidence is stored automatically.
SQLi — login endpoint
Found
XSS — comment field
Not Found
Port scan complete
3 open
04
Report
Deliver to the client
One click generates a full client report: executive summary (AI-written), scope & methodology, detailed findings, and evidence appendix. Export PDF or push to JIRA.
Executive Summary (AI)
3 Detailed Findings
Evidence Appendix
PDF
What You Deliver

PROFESSIONAL OUTPUT,
EVERY TIME.

From evidence trail to client inbox. Chimp produces the actual artefacts your client expects — without you ever opening Word or manually copying terminal output.

📄  ACME Corp Pentest — Confidential Report
Client: ACME Corp
Consultant: Jane Smith · SecureWave
Classification: Confidential
Date: May 3, 2026
Executive Summary ✨ AI-generated
Scope & Methodology
Detailed Findings
CRIT
SQL Injection — /login endpoint
Production
HIGH
Exposed admin panel — no auth
Production
HIGH
Outdated TLS 1.0 on port 8443
Production
Evidence Appendix
🔎
Evidence Trail
Every step in every run generates a signed evidence entry — tool name, command, output excerpt, environment, and timestamp. Auto-included in the evidence appendix.
Found / Not Found per step Auto-timestamped Per environment
🎫
Push to Your Stack
One click pushes findings and run summaries directly to your team's tools. No copy-paste. No re-typing.
🎫 JIRA 💬 Slack 🟦 MS Teams 🐛 Defect Dojo
AI Executive Summary
Click "Generate with AI" and Claude writes a professional executive summary from your run's findings, scoped to your client's industry and compliance context.
Powered by Claude Editable before export
Security Templates

THE PROVEN
FOUNDATION.

Built-in templates are authored and certified by the experienced Chimp security team — industry-specific frameworks that pre-load every compliance requirement, security domain, and architecture pattern your playbook needs before the AI writes a single step.

🏛
Industry-certified by the Chimp team
Each built-in template packs proven threat context, compliance frameworks (HIPAA, PCI-DSS, ISO 21434, FedRAMP…), and curated tool sets for that industry — not generic defaults.
Duplicate and make it yours
One click duplicates any built-in template into your library. Adjust the scope, swap compliance frameworks, add architecture patterns — the base is already correct.
📥
Import into any project
Attach a template to a project and the AI playbook generator inherits every domain, tool recommendation, and compliance requirement. Basic and advanced checks — guaranteed complete.
Healthcare Security Framework
Healthcare Built-in
Threat Context
Targeting medical IoT devices, EHR systems, and HL7 FHIR APIs. Adversaries focus on PHI exfiltration, ransomware, and vulnerable legacy imaging equipment.
Compliance Scope
HIPAA HITECH GDPR FDA Cybersecurity
Architecture Patterns
EHR systems Medical IoT HL7 FHIR DICOM Wearables
Certifications
CISA CISSP HCISPP CHPS
Attach to project → AI playbook inherits full scope
All Capabilities

EVERYTHING IN
ONE WORKBENCH.

The engagement workflow is the core. The knowledge base, terminal, and AI assistant power every step of it.

📋
AI-Generated Playbooks
Chimp assembles a structured test plan from your project context — phases, steps, tool names, command templates, and expected severities. Enrich with AI for deeper coverage.
AI-assembled Phases + Steps Per-project scope
Engagement Runs
Execute playbooks in any environment (Staging, Production, Lab, Client VPN). Step through each check, inject commands, and record Found / Not Found evidence as you go.
Step-by-step Multi-environment Evidence capture
📄
Client Reports
Generate a complete, classified report from any run: executive summary, scope & methodology, detailed findings, and evidence appendix. Export PDF or Markdown in one click.
One-click PDF + Markdown AI exec summary
📐
Security Templates
Industry-certified frameworks from the Chimp team. Each template pre-loads compliance scope, security domains, architecture patterns, and tool sets. Duplicate, customise, and import into any project.
Built-in + Custom Compliance-mapped AI-enriched
🔗
Integrations
Push findings to JIRA, post summaries to Slack or Microsoft Teams, and sync with Defect Dojo. All from the report modal, no manual re-entry.
JIRA Slack Teams Defect Dojo
📚
AI Knowledge Base
15 domains, 129 AI-generated topics. Overview, threats, controls, commands, and CVEs — all cached offline. The research backbone that powers every generated playbook.
129 Topics Offline Cache 15 Domains
⌨️
Integrated PTY Terminal
A full bash/zsh terminal built in. Every playbook step has a [▶ Run] button that injects the command. You review, you press Enter. Zero auto-execution.
node-pty xterm.js Zero auto-execute
🎯
Red & Blue Team Modes
Switch between offensive and defensive perspectives with one click. Every topic is tagged red, blue, or both — the sidebar filters instantly. Persist your mode across sessions.
Red Team Blue Team Sidebar toggle
🧪
Lab Environment
Spin up DVWA, Metasploitable, or Juice Shop from inside the app with one click. Commands auto-fill with the live lab IP. Shut everything down when you're done — no leftover containers.
Docker Compose Auto-inject IP DVWA · Metasploitable
📑
Cheat Sheet Export
Every topic has a condensed cheat sheet overlay — key commands, top tools, and MITRE technique indicators on one screen. Export as PDF for offline field use.
Per-topic MITRE indicators PDF export
🎓
Learning & Progress
Track your mastery across all 15 domains. Mark topics as read, in-progress, or mastered. Test yourself with AI-generated flash cards, and visualise your coverage on a skill tree map.
Progress Tracker Quiz Mode Skill Tree
📌
My Topics
Create your own topic entries using the same 6-tab format — Overview, Threats, Controls, Commands, Techniques, Notes. Stored locally alongside the built-in knowledge base and fully searchable.
Custom entries 6-tab format Local storage
chimp — Lab Environment 🧪 Lab Running
Active Containers
dvwa
192.168.49.2
:80
metasploitable2
192.168.49.3
:21, :22, :80
juice-shop
stopped
Commands pre-filled with 192.168.49.2 — click [▶ Run] to inject into terminal
Lab Environment

VULNERABLE
TARGETS,
ON DEMAND.

No more separate terminal windows and manual IP hunting. Chimp launches Docker targets from the icon rail, shows live container status, and automatically pre-fills commands with the lab IP — so you go from start to exploit in seconds.

🎯
DVWA
Damn Vulnerable Web Application — SQLi, XSS, command injection and more
Running
🦾
Metasploitable 2
Classic intentionally vulnerable Linux for network and service exploitation
Launch
🧃
OWASP Juice Shop
Modern insecure web application covering the full OWASP Top 10
Launch
Operational Modes

ATTACK OR DEFEND.
YOU CHOOSE.

Flip a toggle in the sidebar and every topic, command, and tool filters to your role. Red Team for the offensive operator. Blue Team for the defender. Built into every knowledge domain.

🎯
Offensive
Red Team Operations
8 dedicated topics covering C2 architecture, campaign planning, initial access, OpSec, lateral movement, adversary simulation, and clean-up. Offensive tooling on every security domain.
C2 Architecture Campaign Planning Initial Access OpSec Adversary Simulation Havoc · Mythic
🔵
Defensive
Blue Team Operations
8 dedicated topics covering DFIR fundamentals, threat hunting, log analysis, memory forensics, threat intelligence, and detection engineering. Defensive tooling across every domain.
DFIR Fundamentals Threat Hunting Log Analysis Memory Forensics Velociraptor · TheHive MISP · Zeek
📑
Cheat Sheet Overlay — Always at Hand
One keystroke opens a condensed per-topic overlay: top commands, key tools, and MITRE ATT&CK technique indicators. Export to PDF for offline field use.
Per-topic overlay MITRE T-numbers PDF export Filters with Red/Blue mode
CLI Utility

CHIMP IN
YOUR PIPELINE.

Every AI capability in the desktop app — threat models, scan commands, reports, templates — exposed as a clean CLI. No GUI needed. Runs headless on any platform, feeds CI/CD pipelines, and outputs clean stdout so you can pipe it anywhere.

init
chimp init [--template <name>]
Interactive Q&A wizard that writes a .chimp.json project config. Use --template to pre-fill from a built-in framework.
threat-model
chimp threat-model [--json] [--output file]
AI-generated threat model scoped to your project — attack surfaces, threat actors, risk register, and compliance gaps.
scan
chimp scan <tool> [--execute]
Generate the recommended scan command for any tool, pre-filled with your project context. Add --execute to run and capture output.
report
chimp report [--json] [--output file]
Full security assessment report from project metadata and scan runs. AI executive summary included.
Markdown · JSON · PDF CI/CD Ready Pipe-safe stdout No GUI required Cross-platform
kali@ci-runner:~/acme-corp
kali@ci:~/acme-corp# chimp init --template "SaaS / Cloud App"
Template loaded: SaaS / Cloud App
? System name: ACME Payment API
? Architecture: Microservices, API
Wrote .chimp.json
kali@ci:~/acme-corp# chimp threat-model --output threat-model.md
Generating threat model…
Attack surface: 8 vectors identified
Risks: 12 (3 Critical, 5 High)
Saved → threat-model.md
kali@ci:~/acme-corp# chimp scan nmap
nmap -sV -sC -p- --open 10.0.1.42
kali@ci:~/acme-corp# chimp report --output report.md
Report saved → report.md
kali@ci:~/acme-corp#
Knowledge Base

15 DOMAINS.
129 TOPICS.
ALL AI-POWERED.

The research layer behind every playbook. Chimp covers the full security stack — from network protocols to compliance frameworks — with structured, actionable content.

🌐
9 topics
Network Security
OSI Model · Firewall Hardening · VPN Architecture
🔐
9 topics
Application Security
SQL Injection · XSS · JWT Security
⚔️
9 topics
Offensive Security
Reconnaissance · Exploitation · Post-Exploitation
🛡️
9 topics
Defensive Security
SIEM · Threat Hunting · Incident Response
🔒
9 topics
Cryptography
TLS/SSL · Hashing Algorithms · PKI
👤
9 topics
Identity & Access
Zero Trust · OAuth 2.0 · Privilege Escalation
☁️
9 topics
Cloud Security
IAM Misconfigs · S3 Bucket Security · Container Escapes
🦠
9 topics
Malware & Threats
Ransomware · APT Groups · Rootkits
📋
9 topics
GRC & Compliance
ISO 27001 · SOC 2 · NIST CSF
🔬
9 topics
Reverse Engineering
Static Analysis · Disassembly · Malware Analysis
📱
8 topics
Mobile Security
Android Attack Surface · Frida Instrumentation · Certificate Pinning
🎭
7 topics
Social Engineering
Phishing Frameworks · Spear Phishing · OSINT for SE
🔩
8 topics
Hardware Security
JTAG Debugging · Firmware Extraction · Side-Channel Attacks
🎯
8 topics
Red Team Operations
C2 Architecture · Campaign Planning · Adversary Simulation
🔵
8 topics
Blue Team Operations
DFIR Fundamentals · Threat Hunting · Memory Forensics
Pricing

GET CH·MP.

One license. Unlimited engagements. Offline-first.

Free
$0
forever
  • Knowledge Base (read-only, no AI)
  • 75 Tools Index
  • Integrated PTY terminal
  • Global search & Notes
Download Free
Professional
Pro
$49
one-time — no subscription, future updates included
  • Everything in Free
  • AI-generated Playbooks & Evidence Runs
  • Client Reports — PDF, Markdown, AI exec summary
  • JIRA, Slack, Teams, Defect Dojo integrations
  • AI Knowledge Base (all 129 topics, offline cache)
  • Red & Blue Team Mode + Cheat Sheet export
  • Lab Environment — DVWA, Metasploitable, Juice Shop
  • AI Security Assistant — project-scoped
  • Unlimited projects & templates
  • License key · 2 machines · personal use
Get Pro License

Requires Linux, macOS, or Windows. Node.js 20+ must be installed.

Early Access

JOIN THE WAITLIST.

Be first to get your license key when Chimp ships.
Early supporters get the Pro license at a discount.

No spam. License key delivered by email. Unsubscribe any time.