π Table of Contents
Do not attempt to use this project on any system or network without explicit authorization. You are solely responsible for your actions.
If you have interesting penetration testing scenarios, export your logs and share them with the community through PR! Your experiences will greatly help other users in their learning journey. Please refer to the Replay section for more details.
Vibe Hacking is a new paradigm in Offensive Security defined by PurpleAILAB.
Unlike traditional red teaming methods that rely on manual execution, AI agents autonomously perform red teaming tasks in Vibe Hacking.
As agents become more sophisticated, attackers evolve accordingly.
From AI-driven phishing to self-learning malware, offensive techniques are becoming increasingly automated and intelligent.
To effectively defend against AI-powered threats, we must act fasterβand we must act first.
Decepticon is designed for that very purpose: using AI agents to automate red teaming before attackers automate theirs.
Built on the robust foundation of LangChain/LangGraph, Decepticon grows alongside the thriving AI agent ecosystem. By leveraging the same cutting-edge frameworks that power the future of AI, we ensure compatibility, scalability, and continuous innovation through community collaboration.
Delegate repetitive and manual tasks to agents, and focus on intuition and decision-making to fulfill the true essence of a CyberSecurity Supervisor.
uv venv
uv sync
or
uv pip install -e .cp .env.example .envdocker-compose up -d --build- On Windows:
./run_mcp.ps1- On macOS/Linux:
./run_mcp.shpython src/tools/mcp/(your mcp server).pypython frontend/cli/cli.py
streamlit run frontend/streamlit_app.py- Reconnaissance Agent: Network scanning, service enumeration, vulnerability discovery
- Initial Access Agent: Exploitation, credential attacks, system compromise
- Privilege Escalation Agent(Planned): Rights elevation and lateral movement
- Defense Evasion Agent(Planned): Anti-detection and stealth techniques
- Persistence Agent(Planned): Maintaining access and backdoor installation
- Execution Agent(Planned): Command execution and payload deployment
- Planner Agent: Strategic brain coordinating the entire operation
- Summary Agent: Analysis compilation, reporting, and documentation
- Supervisor Agent(Planned): Workflow orchestration and decision routing
Flexible Architecture Options:
- Swarm Architecture: Direct peer-to-peer agent communication and collaboration
- Supervisor Architecture(Planned): Centralized control with supervisor-managed workflows
- Hybrid Architecture(Planned): Combined approach with both direct communication and centralized oversight
- your custom Architecture
The Replay feature is implemented to maximize collaboration and knowledge sharing within Decepticon's open-source community. Please share your usage methods and execution results through PRs!
- Execution results are saved under the
logs/folder - Replay functionality: Click the Chat History button to replay JSON-formatted logs stored under the
logs/folder - Community sharing: Use the export feature to share with the community!
git clone https://github.com/PurpleCHOIms/Decepticon.git
cd DecepticonUV (Recommended)
# Create virtual environment
uv venv
# Install dependencies
uv pip install -e .# Create environment file
cp .env.example .env# Configure API Keys
# LLM API
OPENAI_API_KEY=your-api-key
ANTHROPIC_API_KEY=your-api-key
OPENROUTER_API_KEY=your-api-key
# Langsmith
LANGSMITH_TRACING=true
LANGSMITH_ENDPOINT="https://api.smith.langchain.com"
LANGSMITH_API_KEY=your-api-key
LANGSMITH_PROJECT=Decepticon
LANGGRAPH_API_URL=http://127.0.0.1:2024# Start Kali Linux container with target
docker-compose up -dpython src/tools/mcp/(your mcp server).py# Run CLI
python frontend/cli/cli.py# Run web interface
streamlit run frontend/web/streamlit_app.py- OpenAI: 4.1, 4o, 4o Mini, o4 Mini, o3 Mini, o1 Mini, o1, o3
- Anthropic: Sonnet 4, Opus 4, Sonnet 3.7, Sonnet 3.5, Haiku 3.5,
- your installed Models
This project supports loading tools via the LangGraph MCP Adapter.
You can define your MCP tools in a configuration file called mcp_config.json.
Tools are grouped by agent names, and each agent can have multiple MCP servers.
stdio- Standard input/output communicationstreamable_http- HTTP-based streaming communication
{
"agent_name": {
"mcp_server_1": {
"command": "python",
"args": ["./path/to/script.py"],
"transport": "stdio"
},
"another_mcp_server_streamable_HTTP": {
"url": "mcp-url"
}
}
}{
"reconnaissance": {
"reconnaissance": {
"command": "python",
"args": ["./src/tools/mcp/Reconnaissance.py"],
"transport": "stdio"
},
"desktop_commander": {
"url": "https://server.smithery.ai/@wonderwhy-er/desktop-commander/mcp?api_key=your-api-key"
}
},
"initial_access": {
"initial_access": {
"command": "python",
"args": ["./src/tools/mcp/Initial_Access.py"],
"transport": "stdio"
}
}
}To add a new MCP tool:
- Create your MCP tool script under
src/tools/mcp/ - Add the corresponding entry in
mcp_config.json - Restart the application to load the new tool
Decepticon is an experimental project currently under active development. It is not yet stable and may contain bugs, incomplete features, or undergo breaking changes.
We're building this project openly with the community and warmly welcome:
- Bug reports
- Feature requests
- Pull requests
- Good vibes
Help us make Decepticon better by filing issues or submitting PRs (see the section below for how to contribute)!
We welcome contributions from the community to make this project better, more powerful, and more secure.
Whether you're an experienced developer, a security researcher, or just getting started in open-source, there are many ways to get involved.
Help transform existing security tools into modular, LangGraph-compatible MCP (Modular Command Protocol) tools.
- Wrap tools using the standard MCP interface (
stdioorstreamable_http) - Ensure compatibility with
langgraph-mcp-adapter - Place them under the
src/tools/mcp/
Design and refine ReAct-style agents for Red Team operations:
- Reconnaissance
- Initial Access
- Privilege Escalation
- Persistence and more
Contribute by:
- Creating tailored prompts under
src/prompts/ - Implementing new agents with specific capabilities
- Improving task planning and memory usage
Contribute to the design and optimization of the multi-agent orchestration layer:
- Propose new workflows or agent roles
- Improve inter-agent communication and handoffs
- Extend state-driven logic using LangGraph
- Fork the repository
- Create a new branch (
git checkout -b feature/your-feature) - Commit your changes with clear messages
- Push to your branch and open a Pull Request
- Link the related issue (if any) and explain your solution
We encourage clean, well-tested code with documentation.
Feel free to open issues to discuss ideas before jumping into a PR!
Join our Discord to connect with other developers, share ideas, ask questions, and collaborate on building the future of AI-powered red teaming!
Whether you're looking for help with contributions, want to discuss new features, or just want to chat about cybersecurity and AI, our community is here to support you.
This repository is licensed under the Apache-2.0 License.
