Platform Architecture
AllySec Forge is an autonomous offensive security platform built on the Operator Agent engine. It executes full-lifecycle red team operations -- from reconnaissance through post-exploitation and exfiltration -- with minimal operator intervention.
Layered Architecture
Operator (Human)
|
Memory System (persistent context)
|
Agent Orchestrator (15 sub-agents)
|
Tools Layer
|-- KaliTool (2,400+ cmds) |-- ExploitTool
|-- RedTeamScript (147) |-- PostExploitTool
|-- AttackChainTool |-- LootTool
|-- AttackImproviseTool |-- C2AdaptixTool
|-- MCP Integrations (5)
|
Provider Router (model selection, credential pooling)
|
Model Providers (OpenCode, Anthropic, OpenAI, Ollama, OpenRouter, LM Studio, Cloudflare)
|
Infrastructure (Kali Docker, PostgreSQL, NetBird mesh, Tor)Internal Architecture
For operational guides and usage documentation see:
Design Principles
- Operator-first. AI is a force multiplier, never a replacement. The operator commands; the agent executes.
- Offline-capable. Full functionality with local models via Ollama or LM Studio. No cloud dependency required.
- Tool-agnostic. Provider routing abstracts model selection. Credential pooling distributes load across accounts.
- Evasion-native. Every tool, script, and implant is built with stealth as a first-class concern.
The Operator Agent Engine
The Operator Agent is the autonomous AI that drives Forge. It is not a chatbot. It is an execution engine that reasons about targets, selects tools from the layered catalog, and drives operations through seven pentest phases without pausing for approval. The operator sets scope and strategy; the engine handles tactics.
Platform Scale
| Component | Scale |
|---|---|
| Kali tools | 2,400+ commands, 191 mapped across 7 phases |
| AI sub-agents | 15 across 3 categories |
| Attack scripts | 147 Python scripts, stdlib-only |
| Skill suites | 24 organized by domain |
| MCP integrations | 5 (Playwright, Puppeteer, Firecrawl, Brave Search) |
| Pentest phases | 7 (Recon Passive through Pivoting) |