MikkyOS

Inspiration

"The Matrix has you... unless you hack it first."

I've always found manual penetration testing to be a massive grind. You run nmap, you wait. You run nuclei, you wait. Then you spend hours copying and pasting messy walls of terminal text into a boring PDF report. It's a recipe for burnout.

I wanted to build a true "fire-and-forget" Offensive Security Operations Center (OSOC). The goal was simple: build a system that doesn't just run the scans, but actually thinks about the results and reports them in real-time without me having to babysit the terminal.

What it does

MikkyOS is an autonomous penetration testing platform. You enter a target into a cyberpunk-themed dashboard, and the system dynamically spins up an ephemeral Kali Linux container in the background to handle the heavy lifting.

It executes a 3-stage autonomous pipeline:

• Recon: Maps the surface using subfinder and dig.
• Enum: Discovers open ports with nmap and whatweb.
• Vuln Scan: Detects CVEs using the nuclei engine.

Instead of reading the logs yourself, an AI agent digests all that chaotic terminal output and generates a clean, prioritized risk report. You can check out the open-source code here: MikkyOS GitHub Repository.

How I built it

I had to glue together a pretty complex distributed tech stack to make the local-to-cloud pipeline work smoothly.

• Frontend: React 19, Vite, and Tailwind CSS v4.
• Database & Streaming: I used Convex for the backend database. Their websocket subscriptions allowed me to stream the Docker container logs straight to the browser instantly.
• Backend: Node.js with Express 5.
• Orchestration: I used Inngest as an event bus to handle the long-running Docker tasks.

Here is a quick look at how the backend fires off a scan without blocking the main API thread:

// Pushing the scan job to the Inngest event bus for background execution
await inngest.send({
  name: "scan/start",
  data: { 
    target: "example.com", 
    tools: ["nmap", "nuclei"] 
  }
});

Challenges I ran into

The Timeout Nightmare: Security tools take a long time to run. Trying to keep a standard HTTP request alive while Docker ran a 15-minute nmap scan was impossible; the server would just drop the connection. Integrating Inngest was the only way to reliably pause, resume, and chain these events.

Cloud vs. Local: Convex lives in the cloud, but my Docker engine runs locally on my laptop. I had to set up an Ngrok tunnel just to get webhooks routing back to my local Express server so the two environments could talk.

LLM Hallucinations: Feeding raw stdout to an LLM usually results in absolute garbage. I had to write strict parsing logic to clean up the terminal output before handing it to the Gemini 2.0 Flash model so it could actually understand the context.

Accomplishments that I'm proud of

Honestly, getting the real-time streaming to work flawlessly was a huge win. Watching a vulnerability scan execute inside a local Docker container on my machine, and seeing the results pop up instantly on a cloud-hosted React dashboard feels like magic. The whole agent pipeline flows seamlessly without any human intervention.

What I learned

I learned a ton about event-driven architectures. Decoupling long-running tasks from the main API thread was a massive level-up for my backend engineering skills. I also got really comfortable controlling Docker container lifecycles (build, run, attach, teardown) programmatically using Node.js.

What's next for MikkyOS

Right now, it just scans and reports. Next, I plan to add Active Exploitation Agents—meaning the AI could autonomously decide to run sqlmap if it finds a vulnerable URL parameter. I will be expanding these AI-powered features extensively in the coming weeks.

Thank you to the judges and the community for reviewing my project. Building MikkyOS was an incredible learning experience!

Built With

• clerk
• convex
• docker
• express.js
• framer-motion
• gemini
• inngest
• kali-linux
• node.js
• openrouter
• react
• tailwind-css
• typescript