# Matador

> Autonomous Security Testing Platform by IndieSecurity

Matador is a CLI-first autonomous security testing tool that thinks like a seasoned pentester. It runs entirely on your machine — your data never leaves.

Built for bug bounty hunters, security engineers, pentesters, and CISOs who want continuous, automated security testing without shipping their data to a third party.

## Install

```
$ curl -sL https://matador.indiesecurity.com/LATEST.sh | sh
```

Single binary. No dependencies. Supports Linux (x86_64, ARM64), macOS (Apple Silicon, Intel), and WSL2.

## How It Works

1. **Install** — Download the binary via the install script
2. **Authenticate** — Login with an API key or OAuth from dashboard.indiesecurity.com
3. **Configure** — Set test credentials, password patterns, and LLM binary
4. **Hunt** — Add a target scope and run `matador hunt <target>`
5. **Scale** — Run as a daemon on multiple machines for distributed testing

## Pipeline Stages

- **S0 Recon** — Subdomain enumeration, live host detection, endpoint discovery
- **S1 Mapping** — Account registration, authenticated crawling, IDOR candidate identification
- **S2 Attack** — Automated vulnerability testing and exploitation
- **S3 Triage** — 4-gate validation, reproduction verification, false positive elimination
- **S4 Report** — Structured finding reports with evidence and reproduction steps

## Who Uses Matador

- **Bug bounty hunters** — Automate recon and initial testing, focus your time on complex logic bugs
- **Security engineers** — Run continuous testing against staging/production, integrate into CI/CD
- **Pentesters** — Accelerate engagements with automated surface coverage before manual deep-dives
- **CISOs** — Continuous attack surface visibility, validate your team's fixes, track regression

## Key Features

- **CLI-first** — `matador hunt`, `matador monitor`, `matador chat`, `matador triage`
- **Bring your own LLM** — Auto-detects Claude Code, OpenAI Codex, Ollama, or any custom binary
- **Data stays local** — Everything runs on your machine; only license validation and vault sync go outbound
- **Skill file integration** — Load `--skill https://matador.indiesecurity.com/CLAUDE.md` in Claude Code for guided sessions
- **Daemon mode** — Run as systemd service, schedule hunts via cron, deploy webhook listener
- **Distributed** — Run on laptop, VPS, cloud, CI — same API key, centralized findings

## LLM Support

| Provider | Command | Notes |
|----------|---------|-------|
| Claude Code | `claude --print` | Recommended. Best results. |
| OpenAI Codex | `codex --quiet` | Full support. |
| Ollama | `ollama run <model>` | Local models. Free compute. |
| Custom | Any binary path | Accepts prompt via stdin |

## Pricing

- **Free API key** — Core testing pipeline, community vault access, standard rate limits
- **Premium API key** — Proprietary research, advanced methodology, higher rate limits, expert hunting patterns
- **Triage as a Service** — Expert validation and feedback on your findings and reports. Human reviewers assess your results, provide actionable feedback, and help your agents learn from mistakes. Details at dashboard.indiesecurity.com

## Links

- Dashboard: https://dashboard.indiesecurity.com
- Website: https://indiesecurity.com
- Documentation: https://matador.indiesecurity.com (this page)

## Company

Built by IndieSecurity SARL.

© 2026 IndieSecurity SARL. All rights reserved.