TOTAL MULTI-AGENT REHAUL/ UPGREADE

#2
by automajicly - opened

license: gemma
base_model: huihui-ai/Huihui-gemma-4-12B-it-abliterated
tags:

  • cybersecurity
  • penetration-testing
  • autonomous-agent
  • multi-agent
  • gguf
  • security-tools
  • llm-agent
  • mcp
  • kali-linux
  • red-team
    language:
  • en
    pipeline_tag: text-generation
    IMG_6600Final_EDIT
    πŸ” HALO Security
    Autonomous multi-agent AI penetration testing system β€” fully local, no cloud, no API keys.

Built on Kali Linux with a local LLM (GEMMA 4-12B via LM Studio) and a Flask-based MCP tool server. Five specialized agents handle recon, attack routing, PoC validation, and reporting β€” all autonomously, all on your own hardware.

demo

What It Does
πŸ” Autonomous recon β€” masscan, nmap, httpx, subfinder, katana, ffuf, nuclei, and wafw00f fingerprint the target and its defenses before anything aggressive runs
βš”οΈ Vuln-class routing β€” the Attacker agent branches into SQLi, credential brute-forcing, IDOR, SSRF, XSS, and auth/session-specific tooling based on what recon actually found
βœ… PoC validation β€” every claimed finding is checked against real evidence (confirmed injectable params, valid creds, high/critical template matches) before it's counted β€” no findings are trusted on faith
πŸ“ Auto-generates client-ready markdown pentest reports, including honest "unconfirmed / needs manual review" entries when evidence doesn't hold up
🧠 Persistent negative-experience cache β€” learns what fails across ALL sessions, scoped per engagement, and never wastes time on it again
πŸ”’ 100% local β€” GEMMA 4-12B running in LM Studio, nothing leaves your machine
Multi-Agent Architecture
Planner ──► Orchestrator ──► Vuln Discovery ──► Attacker ──► Validator ──► Report β”‚ β”‚ β”‚ β”‚ β”‚ └─► routes to vuln-class β”‚ β”‚ specialist (SQLi/IDOR/ β”‚ β”‚ SSRF/XSS/Auth/Brute) β”‚ β”‚ β”‚ └─► masscan, nmap, httpx, subfinder, β”‚ katana, ffuf, nuclei, wafw00f, nikto β”‚ └─► dispatches tasks, no tool calls of its own

Validator confirms or rejects each Attacker finding using real evidence, then compiles everything β€” confirmed and unconfirmed β€” into a markdown report per engagement.

Tool Arsenal (25 tools)
Tool Purpose
run_masscan Fast port discovery
run_nmap Deep service/version scanning
run_httpx HTTP probe β€” status, titles, tech detection
run_wafw00f WAF/security-solution fingerprinting
run_subfinder Subdomain enumeration
run_katana Web crawler and attack surface mapper
run_ffuf Fast web fuzzer for dirs/params/vhosts
run_nuclei Vulnerability template scanner
run_nikto Web vulnerability scanning
run_sqlmap SQL injection testing
run_hydra Credential brute forcing
run_ncrack Network authentication cracking
run_medusa Fast parallel brute forcing
run_searchsploit Exploit lookup
run_gobuster Web directory brute forcing
run_enum4linux SMB/Samba enumeration
run_john Hash cracking
run_sherlock OSINT across 90+ platforms
run_exploit Sandboxed Python exploit runtime
run_command Execute any shell command
write_file Write output to files
read_file Read file contents
run_setoolkit Social engineering attacks
run_curl HTTP requests
run_wget File retrieval
Sovereign Agent Layer
The negative-experience cache fingerprints every tool call (SHA-256, scoped per engagement). If it fails once, it gets one retry. Fail twice β€” permanently blacklisted for that engagement. The agent never wastes cycles on dead ends it has already proven don't work.

Stack
Model: GEMMA 4-12B Instruct Abliterated (GGUF via LM Studio)
Agents: Python multi-agent system (Planner, Orchestrator, Vuln Discovery, Attacker, Validator)
MCP Server: Flask on port 8000
OS: Kali Linux (UTM on Apple Silicon M1)
Hardware: MacBook Pro M1 16GB RAM
**Works with any agent or Model of the users choosing
Usage
cd ~/GEMMA-by-GOOGLE
python3 mcp_server.py &
python3 orchestrator_agent.py

Reports write to /tmp/{engagement_id}_report.md on completion.

Project Status

Active development. New capabilities and upgrades pushed regularly.

Built by a self-taught developer and security researcher. One year in.

License

MIT

Anyone who is interested in this community project is welcome to suggest, comment, or create an issue/PR . This is an ongoing community project welcoming any and all developer committed to online safety and threat awareness.

Sign up or log in to comment