# T3MP3ST — Autonomous Multi-Agent Red Team Platform > An open-source autonomous red teaming platform that orchestrates multiple offensive-security agents to discover vulnerabilities, test defenses, and generate detailed security reports. ## Install Save as a script file and run: # T3MP3ST — Autonomous Multi-Agent Red Team Platform ## Quick Use ```bash git clone https://github.com/elder-plinius/T3MP3ST.git cd T3MP3ST && npm install cp .env.example .env # Configure API keys npx t3mp3st --target https://your-app.example.com ``` ## Introduction T3MP3ST is an open-source autonomous red teaming platform that uses multiple coordinated AI agents to perform security assessments. Each agent specializes in a different attack surface, and the system orchestrates them to discover vulnerabilities that single-pass scanners miss. ## What T3MP3ST Does - Orchestrates specialized security agents (recon, exploit, social engineering, reporting) - Performs automated reconnaissance and attack surface mapping - Tests web applications, APIs, and infrastructure for common vulnerabilities - Generates structured security reports with remediation recommendations - Supports authorized penetration testing with scope-limiting controls ## Architecture Overview T3MP3ST uses a meta-harness architecture where a coordinator agent dispatches tasks to specialized sub-agents. Each sub-agent has domain-specific tools (port scanners, fuzzing libraries, HTTP clients) and reports findings back to the coordinator. The coordinator deduplicates findings, prioritizes attack paths, and decides which agents to invoke next. ## Self-Hosting & Configuration - Clone the repo and install Node.js 18+ dependencies - Configure API keys for your preferred LLM provider in .env - Define target scope and exclusions in a scope.yaml file - Run with --dry-run to preview the attack plan without executing - Docker Compose deployment available for isolated execution ## Key Features - Multi-agent coordination catches vulnerabilities single tools miss - Scope controls prevent testing outside authorized boundaries - Detailed reporting with CVSS scoring and remediation steps - Extensible agent system for adding custom security checks - Supports OWASP Top 10 and CWE-based vulnerability taxonomies ## Comparison with Similar Tools - **Nuclei** — template-based scanning vs adaptive AI-driven testing - **Metasploit** — manual exploitation framework vs autonomous agent orchestration - **OWASP ZAP** — proxy-based scanning vs multi-agent attack simulation - **Burp Suite** — commercial manual tool vs open-source autonomous platform - **PentestGPT** — single-agent guidance vs multi-agent coordinated execution ## FAQ **Q: Is this tool legal to use?** A: T3MP3ST is designed for authorized security testing only. Always obtain written permission before testing any system. **Q: What LLM providers does it support?** A: It works with OpenAI, Anthropic, and any OpenAI-compatible API endpoint. **Q: Can I add custom security agents?** A: Yes, the agent system is modular. Define new agents with their own tools and prompts. **Q: Does it replace manual penetration testing?** A: No. It augments manual testing by automating initial reconnaissance and common vulnerability checks. ## Sources - https://github.com/elder-plinius/T3MP3ST - https://github.com/elder-plinius/T3MP3ST#readme --- Source: https://tokrepo.com/en/workflows/asset-25d371ba Author: Script Depot