This project provides an AI-powered red team assistant designed to streamline penetration testing and security analysis through natural language interaction. It targets security professionals, bug bounty hunters, and threat hunters, offering an integrated platform for tool management, autonomous testing, and report generation.

How It Works

The assistant leverages a Multi-Chat Protocol (MCP) architecture, allowing flexible integration and management of various security tools like Nmap, Metasploit, and SQLMap. It employs Retrieval-Augmented Generation (RAG) for enhanced responses, optionally utilizing a local knowledge base of text files. Users interact via natural language, with the AI capable of invoking configured tools, executing predefined workflows, and operating in an autonomous agent mode using Pentesting Task Trees (PTT).

Quick Start & Requirements

• Installation: Clone the repository, create and activate a Python virtual environment, and install dependencies with pip install -r requirements.txt.
• Prerequisites: Node.js and npm are required for most MCP security tools. Python uv is needed for Metasploit integration (pip install uv). OpenAI API key and configuration are necessary for AI functionality.
• Setup: Configuration of MCP servers via an interactive menu is required for tool integration. Refer to the Installation Guide for detailed steps.

Highlighted Details

• Integrates a wide array of security tools including Amass, FFUF, Hydra, Masscan, Nmap, Nuclei, and SQLMap.
• Supports autonomous penetration testing via Pentesting Task Trees (PTT).
• Enables RAG-based responses with local knowledge base support for enhanced context.
• Generates markdown reports with findings, evidence, and recommendations.
• Offers both single-line and multi-line input modes for queries.

Maintenance & Community

The project is actively developed by GH05TCREW. Further community and roadmap details are not explicitly provided in the README.

Licensing & Compatibility

The project's licensing is not specified in the README. Compatibility for commercial use or closed-source linking is not detailed.

Limitations & Caveats

Automated workflows and tool integration are unavailable without installing Node.js, npm, and Python uv. The project relies on OpenAI's API, requiring an API key and incurring associated costs. Specific details on supported operating systems beyond general Python/Node.js requirements are not provided.