Discover and explore top open-source AI tools and projects—updated daily.
elder-pliniusAI-powered offensive security platform for autonomous red teaming
New!
Top 11.2% on SourcePulse
This project provides an autonomous, multi-agent offensive security framework designed to transform existing AI coding agents into zero-day hunters. It targets security researchers, engineers, and power users by offering a self-hosted, keyless platform for automated red teaming, from reconnaissance to exploit and reporting, reducing reliance on expensive tooling and specialized expertise.
How It Works
T3MP3ST employs an 8-operator architecture (Recon, Scanner, Exploiter, etc.) orchestrated by a connected AI coding agent (e.g., Claude Code, Codex, Hermes) acting as the "brain." The framework provides the "war machine" – a suite of tools and a structured kill chain. Key differentiators include its keyless operation, leveraging existing LLM agents without new API keys or cloud costs, and a strong emphasis on reproducibility, with all performance claims verifiable via npm run verify-claims against committed data.
Quick Start & Requirements
npm install
npm run server
This starts the War Room UI at http://127.0.0.1:3333/ui/.http://127.0.0.1:3333/ui/), documentation available in docs/.Highlighted Details
npm run verify-claims.T3MP3ST_FULL_ARSENAL.Maintenance & Community
The project encourages contributions via pull requests, inviting users to add adapters, prompt packs, or arsenal tools. The core principle is that all contributions must adhere to the "authorized testing only" rule.
Licensing & Compatibility
The project is licensed under AGPL-3.0. This strong copyleft license requires any derivative works to also be licensed under AGPL-3.0, which may impose restrictions on integration into proprietary closed-source software.
Limitations & Caveats
Several components are marked as experimental or planned, including white-box source analysis (currently Python-only ingest), DeFi exploit reproduction, and the full multi-agent swarm capabilities (Exploiter, Infiltrator, etc.), which remain unbenchmarked and unreliable. Advanced modules for cloud, mobile, and identity are still under development. Headline performance metrics are derived from single-agent runs, not the full 8-operator swarm.
2 days ago
Inactive