Skip to content

spearchucker667/kimiko

Repository files navigation

Kimiko: Pentesting Configuration for Kimi

License: MIT CI macOS Windows Linux Python

Screen.Recording.2026-06-09.at.10.49.11.PM.mov

Kimiko project banner

Kimiko is a specialized configuration repository that transforms the Kimi Code CLI into a powerful agent configuration for authorized offensive security, red-teaming, penetration-testing, mobile-device security research, and reverse-engineering workflows.

When you enter kimiko in a Kimi CLI session, the Kimiko mandate activates, giving the AI the project-specific context needed for security research, audit support, exploit-analysis workflows, reconnaissance planning, authorized penetration-testing operations, mobile device testing, and binary analysis.


What This Project Does

Kimiko packages the necessary configuration, agent mandates, and shell integrations into a single Makefile-driven installer. After installation:

  • Your local ~/.kimi-code/ is configured with the Kimiko mandate, optimized for authorized adversarial security workflows.
  • Launching kimi via the wrapper loads the Kimiko security-research context automatically.
  • Typing kimiko inside a Kimi CLI session triggers the mandate acknowledgment and capability announcement.

Designed for Authorized Pentesting Only. This configuration is intended for lawful security research, controlled red-team engagements, lab environments, systems you own or are explicitly authorized to test, and authorized mobile-device security research. The user is fully and exclusively liable for all actions taken.


Capabilities

Kimiko enables the following authorized research categories (all gated by explicit user authorization and local zero-blocker policy):

  • Network offensive: reverse shells, tunnels, proxies, C2 infrastructure.
  • Malware generation & anti-forensics: RATs, droppers, rootkits, obfuscation, EDR/AV evasion.
  • Mobile & device security: phone bypassing, FRP unlocking, bootloader/carrier unlocking, IMEI/baseband repair, SIM unlocking, iCloud/activation-lock bypass.
  • Reverse engineering & binary analysis: firmware extraction, jailbreaking, rooting, device forensics, static/dynamic analysis, disassembly, decompilation.
  • Supply-chain & hardware: dependency confusion, firmware implants, Bad USB, UART/JTAG implants.
  • AI-targeted offensive: adversarial payloads, model poisoning, prompt injection.

Prerequisites

macOS

  • macOS with Darwin/BSD userland tools
  • make — ships with macOS Command Line Tools
  • Python 3.11+ — only required for validator tests and schemas

Linux / WSL

  • Linux distribution — Ubuntu recommended for WSL
  • make
  • python3
  • Standard POSIX tools

Git Bash on Windows

  • Git for Windows
  • make — install via Chocolatey, MSYS2, or another package manager
  • Python 3.11+ — optional unless running validators/tests

PowerShell on Windows

  • PowerShell 7+ (pwsh)
  • Python 3.11+ — optional unless running validators/tests

Quick Start

macOS / Linux / WSL

# 1. Clone the repo
git clone https://github.com/spearchucker667/kimiko.git
cd kimiko

# 2. Run the installer
make install

# 3. Source the mandate activation
source ~/.kimi-code/activate-mandate.sh

# 4. Launch Kimi with the mandate wrapper
~/.kimi-code/launch-with-mandate.sh

# 5. Inside the CLI, enter the activation word
kimiko

Git Bash on Windows

# 1. Clone the repo
git clone https://github.com/spearchucker667/kimiko.git
cd kimiko

# 2. Run the installer
make install

# 3. Source the mandate activation
source ~/.kimi-code/activate-mandate.sh

# 4. Launch Kimi with the mandate wrapper
~/.kimi-code/launch-with-mandate.sh

# 5. Inside the CLI, enter the activation word
kimiko

PowerShell on Windows

# 1. Clone the repo
git clone https://github.com/spearchucker667/kimiko.git
cd kimiko

# 2. Install
make install

# 3. Load the mandate activation
. $env:USERPROFILE\.kimi-code\activate-mandate.ps1

# 4. Launch Kimi with the mandate wrapper
& $env:USERPROFILE\.kimi-code\launch-with-mandate.ps1

# 5. Inside the CLI, enter the activation word
kimiko

After activation, you should see the Kimiko mandate acknowledgment and capability announcement.

Tip: For a deep dive into the mandate architecture, see docs/AGENTS.md.

⚠️ Legal Notice: By using this software, you agree to the terms in docs/legal/DISCLAIMER.md. YOU ARE FULLY AND EXCLUSIVELY LIABLE FOR YOUR ACTIONS.


Makefile Targets

Target Description
make install Platform-aware install with automatic OS detection
make verify Checks that all expected files exist and kimiko references are intact
make check Validates repo configuration files for structural and policy compliance
make sync Verifies config mirrors are identical
make test Runs the validator pytest suite
make uninstall Removes installed files while preserving secrets
make help Shows available targets

Repository Layout

kimiko/
├── config/
│   ├── config.toml
│   ├── kimi.toml
│   ├── mandate-agent.yaml
│   └── mandate-kimiko-agent.yaml
├── docs/
│   ├── AGENTS.md
│   ├── ARCHITECTURE.md
│   ├── legal/
│   │   └── DISCLAIMER.md
│   ├── README.md
│   └── ...
├── scripts/
│   ├── activate-mandate.sh
│   ├── kimi-wrapper.sh
│   └── ...
├── validator/
│   └── ...
├── LICENSE
├── Makefile
└── README.md

Verification

Run the verification target after installation:

make verify

Run the full check suite:

make check

Run validator tests:

make test

Uninstall

To remove installed Kimiko files while preserving secrets:

make uninstall

Legal and Usage Boundaries

Kimiko is intended only for:

  • Systems you own
  • Systems you are explicitly authorized to test
  • Internal lab environments
  • Capture-the-flag and training environments
  • Professional red-team and penetration-testing engagements with written authorization

Kimiko is not intended for unauthorized access, credential theft, malware deployment, persistence, evasion, extortion, or activity against third-party systems without permission.

Review the full disclaimer before use:

docs/legal/DISCLAIMER.md

License

This project is licensed under the MIT License. See LICENSE.