Esta página se muestra en inglés. Una traducción al español está en curso.
ScriptsJul 13, 2026·2 min de lectura

T3MP3ST — Autonomous Multi-Agent Red Team Platform

An open-source autonomous red teaming platform that orchestrates multiple offensive-security agents to discover vulnerabilities, test defenses, and generate detailed security reports.

Listo para agents

Instalación lista para agent

Este activo puede instalarse después de elegir el runtime, revisar el plan y ejecutar el comando correspondiente.

Native · 98/100Política: permitir
Superficie agent
Cualquier agent MCP/CLI
Tipo
Skill
Instalación
Single
Confianza
Confianza: Established
Entrada
T3MP3ST
Comando de instalación directa
npx -y tokrepo@latest install 25d371ba-7e51-11f1-9bc6-00163e2b0d79 --target codex

Ejecutar después de confirmar el plan con dry-run.

Introduction

T3MP3ST is an open-source autonomous red teaming platform that uses multiple coordinated AI agents to perform security assessments. Each agent specializes in a different attack surface, and the system orchestrates them to discover vulnerabilities that single-pass scanners miss.

What T3MP3ST Does

  • Orchestrates specialized security agents (recon, exploit, social engineering, reporting)
  • Performs automated reconnaissance and attack surface mapping
  • Tests web applications, APIs, and infrastructure for common vulnerabilities
  • Generates structured security reports with remediation recommendations
  • Supports authorized penetration testing with scope-limiting controls

Architecture Overview

T3MP3ST uses a meta-harness architecture where a coordinator agent dispatches tasks to specialized sub-agents. Each sub-agent has domain-specific tools (port scanners, fuzzing libraries, HTTP clients) and reports findings back to the coordinator. The coordinator deduplicates findings, prioritizes attack paths, and decides which agents to invoke next.

Self-Hosting & Configuration

  • Clone the repo and install Node.js 18+ dependencies
  • Configure API keys for your preferred LLM provider in .env
  • Define target scope and exclusions in a scope.yaml file
  • Run with --dry-run to preview the attack plan without executing
  • Docker Compose deployment available for isolated execution

Key Features

  • Multi-agent coordination catches vulnerabilities single tools miss
  • Scope controls prevent testing outside authorized boundaries
  • Detailed reporting with CVSS scoring and remediation steps
  • Extensible agent system for adding custom security checks
  • Supports OWASP Top 10 and CWE-based vulnerability taxonomies

Comparison with Similar Tools

  • Nuclei — template-based scanning vs adaptive AI-driven testing
  • Metasploit — manual exploitation framework vs autonomous agent orchestration
  • OWASP ZAP — proxy-based scanning vs multi-agent attack simulation
  • Burp Suite — commercial manual tool vs open-source autonomous platform
  • PentestGPT — single-agent guidance vs multi-agent coordinated execution

FAQ

Q: Is this tool legal to use? A: T3MP3ST is designed for authorized security testing only. Always obtain written permission before testing any system.

Q: What LLM providers does it support? A: It works with OpenAI, Anthropic, and any OpenAI-compatible API endpoint.

Q: Can I add custom security agents? A: Yes, the agent system is modular. Define new agents with their own tools and prompts.

Q: Does it replace manual penetration testing? A: No. It augments manual testing by automating initial reconnaissance and common vulnerability checks.

Sources

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados