Another "AI security tool"? Cool… probably just a fancy stuff around a few scripts.

But then DorKix AI started:

  • mapping endpoints I had not even thought of
  • chaining requests like it had a plan
  • and basically behaving like a bug bounty hunter

That is when I realized:

"Okay… this is actually different."

So if you want to try it yourself, here's exactly how to set it up without the usual headache.

What is DorKix AI ?

DorKix AI is like giving an AI this instruction:

"Here's a target. Be curious. Be annoying. Do not miss anything."

And it listens.

It:

  • Discovers API endpoints
  • Tests for OWASP vulnerabilities
  • Runs black-box assessments
  • Generates structured reports

Basically, it does the stuff you did normally do manually just faster and without getting tired.

Here is the link to see how it looks: https://x.com/DorkixAI

Step 1: Check Your Setup

Open PowerShell and run:

node -v
npm -v

If both work — great. If not — no worries, you can fix it.

Step 2: Install Node.js

Go to: https://nodejs.org

Download the LTS version

Then verify:

npm -v

Step 3: Install OpenCode AI

npm install -g open-code-ai

Launch it:

open-code
None
This is where DorKixAI gets its instructions

Step 4: Python Setup

Check Python:

python --version

If PowerShell starts acting out:

Set-ExecutionPolicy RemoteSigned

Step 5: Set Up the Backend (Flask)

Navigate to your project folder:

python -m venv venv
venv\Scripts\activate
pip install -r requirements.txt
pip install flask

Step 6: Run the App

python app.py

If everything works, you will see:

http://127.0.0.1:5000
None
If you see this, congrats you are officially "in business."

Step 7: Open the Dashboard

Go to:

http://127.0.0.1:5000
None

Step 8: Give the AI Its Mission

Inside OpenCode:

  • Copy everything from prompt.txt
  • Paste it into OpenCode
  • Add your target URL
  • Add credentials of multiple accounts if available or just one
  • Tell it all you want it to do and find

You are basically briefing an AI agent like:

"Go explore. Don't come back empty-handed but come with more than enough info"

Step 9: Launch the Assessment

Now:

  1. Enter your target in the UI
  2. Choose:
  • Aggressive (Full Blackbox Pentest)
  • or Standard

3. Hit Launch Assessment

Then press enter in OpenCode.

None

You can also change models on the Opencode Interface depending on how much information you are looking for .

How can you do this? Click CTRL + P and the list would show up and if you need to see all the models then click CTRL + A and you did pick any of your choice.

None

What Actually Makes DorKix AI Different

Here's the part that surprised me.

Most tools:

Run → scan → dump results

DorKix:

Thinks → adapts → chains actions → reports cleanly

It behaves more like:

  • a recon specialist
  • a tester
  • Bug bounty hunter
  • and a report writer

…all working together.

What would normally take hours of manual testing, DorKix starts handling in minutes.

And the best part?

You are still in control it just removes the boring repetition.

Common Issues (because something always happens)

Flask error?

pip install flask

Paste not working?

Ctrl + Shift + V

See How it Found Vulns on a target

None
None
Critical PII Leak Found Using DorkixAI [ Report Submitted ]

See how vulnerabilities were found via this post: https://x.com/4osp3l/status/2048352205946699869?s=46

Final Thoughts (Honest One At That)

DorKix AI is not magic.

It would not replace your skills. It would not suddenly make you elite overnight.

But what it will do is:

Take your workflow from "manual and slow" to "automated and efficient"

And that alone?

That's a serious upgrade.

If you are into:

  • Bug bounty
  • API security
  • AppSec
  • Penetration Test

This is one of those tools worth experimenting with early.

And if you run it and it works perfectly on the first try…

Please let me know how helpful this article was to you.