Agent System
The multi-agent orchestration system distributes offensive operations across 15 specialized AI sub-agents. Each agent owns a specific domain and operates with focused instructions and tool access.
Agent Categories
Coordinators (3)
Agents that plan, delegate, and correlate findings.
| Agent | Role |
|---|---|
| Pentest Orchestrator | Full-engagement coordination, agent delegation |
| Attack Path Architect | Kill chain design, MITRE ATT&CK mapping |
| Vuln Chain Composer | Multi-step exploit chain correlation |
Specialized Executors (11)
Agents that execute specific attack types.
| Agent | Domain |
|---|---|
| SQL Injection Executor | SQLi detection and exploitation |
| XSS Executor | Cross-site scripting |
| SSRF Executor | Server-side request forgery |
| Auth Bypass Executor | Authentication bypass, JWT, OAuth |
| API Security Executor | REST, GraphQL, WebSocket testing |
| Client-Side Executor | CSPT, DOM injection, postMessage |
| Server-Side Executor | SSTI, deserialization, command injection |
| Cloud Attack Executor | S3, IAM, metadata, serverless |
| Post-Exploitation Executor | Privesc, lateral movement, persistence |
| Crypto Audit Executor | Smart contracts, DeFi, bridge security |
| Blockchain Exploit Executor | Chain-specific vulnerability exploitation |
Support (3)
Agents that provide infrastructure and utility.
| Agent | Role |
|---|---|
| Recon Dominator | Subdomain, port, tech fingerprinting |
| HackerOne Hunter | Bug bounty workflow automation |
| Test Detection | Target quality filtering, honeypot detection |
Execution Workflow
4-Phase Executor Loop
RECON --> Identify attack surface, enumerate endpoints, fingerprint technologies
|
EXPERIMENT --> Generate payloads and techniques tailored to findings
|
TEST --> Apply payloads against live targets, record responses
|
VERIFY --> Confirm findings, eliminate false positives, produce PoC5-Phase Post-Exploitation Loop
STABILIZE --> Establish reliable access, deploy persistence
|
ESCALATE --> Privilege escalation (Linux/Windows/AD)
|
MOVE --> Lateral movement, pivot through networks
|
PERSIST --> Deploy implants, backdoors, scheduled tasks
|
EXFILTRATE --> Collect, classify, compress, and exfiltrate lootDelegation Rules
- Single target, single vuln type --- deploy specialized executor directly. No orchestrator overhead.
- Single target, unknown vulns --- single orchestrator spawns multiple executors.
- Multiple targets --- orchestrator spawns one executor per target.
- Bug bounty --- HackerOne Hunter spawns orchestrators per asset group.
- Maximum nesting depth: 2. Orchestrators do not spawn orchestrators beyond one level.
Execution Modes
| Mode | Description |
|---|---|
| Foreground | Inline execution with real-time output |
| Background | Detached execution with notification on completion |
| Worktree isolated | Git worktree sandbox for parallel, non-interfering execution |
Communication
Agents communicate through the engagement state in the Knowledge Base. Findings flow from executors to the pipeline. The orchestrator reads accumulated findings and dispatches follow-on agents. No agent blocks waiting for another -- the engagement state provides eventual consistency.