EVA — AI Agent 工作流中文教程 是 AI Skill Hub 本期精选AI工具之一。综合评分 8.2 分,整体质量较高。我们强烈推荐将其纳入你的 AI 工具库,帮助提升工作效率。
EVA是AI驱动的渗透测试助手,集结构化攻击指导、上下文分析和多后端AI集成于一身。为安全研究员、渗透测试专家和CTF选手提供自动化攻击工作流增强和智能决策支持。
EVA — AI Agent 工作流中文教程 是一款基于 Python 开发的开源工具,专注于 渗透测试、AI智能体、网络安全 等核心功能。作为 GitHub 开源项目,它拥有活跃的社区支持和持续的版本迭代,代码完全透明可审计,支持本地部署以保护数据隐私。无论是个人使用还是集成到企业工作流,都能提供稳定可靠的解决方案。
EVA是AI驱动的渗透测试助手,集结构化攻击指导、上下文分析和多后端AI集成于一身。为安全研究员、渗透测试专家和CTF选手提供自动化攻击工作流增强和智能决策支持。
EVA — AI Agent 工作流中文教程 是一款基于 Python 开发的开源工具,专注于 渗透测试、AI智能体、网络安全 等核心功能。作为 GitHub 开源项目,它拥有活跃的社区支持和持续的版本迭代,代码完全透明可审计,支持本地部署以保护数据隐私。无论是个人使用还是集成到企业工作流,都能提供稳定可靠的解决方案。
# 方式一:pip 安装(推荐)
pip install eva
# 方式二:虚拟环境安装(推荐生产环境)
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install eva
# 方式三:从源码安装(获取最新功能)
git clone https://github.com/ARCANGEL0/EVA
cd EVA
pip install -e .
# 验证安装
python -c "import eva; print('安装成功')"
# 命令行使用
eva --help
# 基本用法
eva input_file -o output_file
# Python 代码中调用
import eva
# 示例
result = eva.process("input")
print(result)
# eva 配置文件示例(config.yml) app: name: "eva" debug: false log_level: "INFO" # 运行时指定配置文件 eva --config config.yml # 或通过环境变量配置 export EVA_API_KEY="your-key" export EVA_OUTPUT_DIR="./output"
EVA is an AI penetration testing agent that guides users through complete pentest engagements with AI-powered attack strategy, autonomous command generation, and real-time vulnerability analysis based on outputs. The goal is not to replace the pentest professional but to guide and assist and provide faster results.
#### Ollama for local endpoint (required for local models and eva exploit database)
curl -fsSL https://ollama.ai/install.sh | shr
#### pip installation
pip install eva-exploit
eva
#### EVA github installation ```bash git clone https://github.com/ARCANGEL0/EVA.git cd EVA chmod +x eva.py ./eva.py
eva
demonstration video.

USER > I'm on a Windows target at IP 10.10.11.95, what should I enumerate first?
[ANALYSIS]
Based on the Windows environment, I need to perform comprehensive
enumeration focusing on:
1. System Information (OS version, patches, architecture)
2. Network Services (ports, services, listening processes)
3. User Context (current user, groups, privileges)
4. Security Controls (AV, firewall, UAC settings)
5. Potential Attack Vectors (SMB, RDP, IIS, etc.)
Let me start with basic system reconnaissance to understand the target better...
> execute: nmap -sC -sV -O 10.10.10.10
| [R]un | [S]kip | [A]sk | [G]enerate HTML Report | [V]iew attack map | [Q]uit |
> R
</details>
<details> <summary><h2>Ξ AI Backends</h2></summary>
When starting EVA, it will automatically handle: - ✅ API key setup (According to Model) - ✅ Ollama model download (Default set as whiterabitv2, feel free to change to any other desired model) - ✅ Session directory creation - ✅ Dependencies installation
<strong> If you wish to modify endpoints, ollama models, API Keys or configure EVA, please run: </strong>
eva --config
eva --config
<strong> Will display the following configuration: </strong>
API_ENDPOINT = "NOT_SET"
G4F_MODEL="gpt-oss-120b"
G4F_URL="https://api.gpt4free.workers.dev/api/novaai/chat/completions"
OLLAMA_MODEL = "ALIENTELLIGENCE/whiterabbitv2"
SEARCHVULN_MODEL = "gpt-oss:120b-cloud"
SEARCVULN_URL = "https://ollama.com/api/chat"
OLLAMA_API_KEY = "NOT_SET"
OPENAI_API_KEY = "NOT_SET"
ANTHROPIC_API_KEY = "NOT_SET"
GEMINI_API_KEY = "NOT_SET"
ANTHROPIC_MODEL = "claude-3-5-sonnet-latest"
GEMINI_MODEL = "gemini-2.0-flash"
OLLAMA_CLOUD_TIMEOUT = 45
CONFIG_DIR = Path.home() / "EVA_data" #
SESSIONS_DIR = CONFIG_DIR / "sessions"
REPORTS_DIR = CONFIG_DIR / "reports"
MAPS_DIR = CONFIG_DIR / "attack_maps"
TERMS_ACCEPTEDTHING = CONFIG_DIR / ".confirm"
CONFIG_DIR.mkdir(parents=True, exist_ok=True)
SESSIONS_DIR.mkdir(parents=True, exist_ok=True)
REPORTS_DIR.mkdir(parents=True, exist_ok=True)
MAPS_DIR.mkdir(parents=True, exist_ok=True)
username = os.getlogin()
MAX_RETRIES = 10 ### maximum retries for fetching requests
RETRY_DELAY = 10 ### delay between requests to avoid rate limit error
</details>
<details> <summary><h2>🖴 Usage Guide</h2></summary>
eva --config
eva --custom-api
#### ✅ APPROVED USE CASES > CTF (Capture The Flag) competitions <br> > Authorized penetration testing <br> > Security research and laboratory environments <br> > Systems you own or have explicit permission to test <br>
#### 🚫 PROHIBITED USE > Unauthorized access to any system <br> > Illegal or malicious activities <br> > Production systems without explicit authorization <br> > Networks you do not own or control
| Command | Description |
|---|---|
/exit / /quit | Exit EVA and save session |
/model | Change AI backend |
/rename | Rename the current session |
/search <query> or search <query> | Run exploit/vulnerability intel search inside current chat session and feed results into next analysis |
/report | Generates a PDF/HTML report with latest findings on session |
/map | Generates a html file with attack surface map of session |
/menu | Return to session menu |
R | Run suggested command |
S | Skip command |
A | Ask for next step |
Q | Quit session |
eva --custom-api to set API handler and payload高质量的安全AI智能体,架构清晰、更新活跃,结合LLM与渗透测试专业知识,是安全研究的创新实践。代码维护良好,社区关注度适中。
该工具未明确声明开源协议,商业使用前请联系原作者确认授权范围,避免侵权风险。
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
经综合评估,EVA — AI Agent 工作流中文教程 在AI工具赛道中表现稳健,质量优秀。如果你已有明确的使用需求,可以直接上手体验;如果还在评估阶段,建议对比同类工具后再做决策。
| 原始名称 | EVA |
| 原始描述 | EVA is an AI-assisted penetration testing agent that enhances offensive security workflows by providing structured attack guidance, contextual analysis, and multi-backend AI integration. |
| Topics | 渗透测试AI智能体网络安全自动化CTF |
| GitHub | https://github.com/ARCANGEL0/EVA |
| 语言 | Python |
收录时间:2026-05-22 · 更新时间:2026-05-30 · License:未公布 · AI Skill Hub 不对第三方内容的准确性作法律背书。