Scripts2026年7月13日·1 分钟阅读

T3MP3ST — Autonomous Multi-Agent Red Team Platform

An open-source autonomous red teaming platform that orchestrates multiple offensive-security agents to discover vulnerabilities, test defenses, and generate detailed security reports.

Agent 就绪

Agent 可直接安装

这个资产可安装;Agent 先选择当前运行时、检查安装计划,再运行匹配命令。

Native · 98/100策略:允许
Agent 入口
任意 MCP/CLI Agent
类型
Skill
安装
Single
信任
信任等级:Established
入口
T3MP3ST
直接安装命令
npx -y tokrepo@latest install 25d371ba-7e51-11f1-9bc6-00163e2b0d79 --target codex

先 dry-run 确认安装计划,再运行此命令。

Introduction

T3MP3ST is an open-source autonomous red teaming platform that uses multiple coordinated AI agents to perform security assessments. Each agent specializes in a different attack surface, and the system orchestrates them to discover vulnerabilities that single-pass scanners miss.

What T3MP3ST Does

  • Orchestrates specialized security agents (recon, exploit, social engineering, reporting)
  • Performs automated reconnaissance and attack surface mapping
  • Tests web applications, APIs, and infrastructure for common vulnerabilities
  • Generates structured security reports with remediation recommendations
  • Supports authorized penetration testing with scope-limiting controls

Architecture Overview

T3MP3ST uses a meta-harness architecture where a coordinator agent dispatches tasks to specialized sub-agents. Each sub-agent has domain-specific tools (port scanners, fuzzing libraries, HTTP clients) and reports findings back to the coordinator. The coordinator deduplicates findings, prioritizes attack paths, and decides which agents to invoke next.

Self-Hosting & Configuration

  • Clone the repo and install Node.js 18+ dependencies
  • Configure API keys for your preferred LLM provider in .env
  • Define target scope and exclusions in a scope.yaml file
  • Run with --dry-run to preview the attack plan without executing
  • Docker Compose deployment available for isolated execution

Key Features

  • Multi-agent coordination catches vulnerabilities single tools miss
  • Scope controls prevent testing outside authorized boundaries
  • Detailed reporting with CVSS scoring and remediation steps
  • Extensible agent system for adding custom security checks
  • Supports OWASP Top 10 and CWE-based vulnerability taxonomies

Comparison with Similar Tools

  • Nuclei — template-based scanning vs adaptive AI-driven testing
  • Metasploit — manual exploitation framework vs autonomous agent orchestration
  • OWASP ZAP — proxy-based scanning vs multi-agent attack simulation
  • Burp Suite — commercial manual tool vs open-source autonomous platform
  • PentestGPT — single-agent guidance vs multi-agent coordinated execution

FAQ

Q: Is this tool legal to use? A: T3MP3ST is designed for authorized security testing only. Always obtain written permission before testing any system.

Q: What LLM providers does it support? A: It works with OpenAI, Anthropic, and any OpenAI-compatible API endpoint.

Q: Can I add custom security agents? A: Yes, the agent system is modular. Define new agents with their own tools and prompts.

Q: Does it replace manual penetration testing? A: No. It augments manual testing by automating initial reconnaissance and common vulnerability checks.

Sources

讨论

登录后参与讨论。
还没有评论,来写第一条吧。

相关资产