Engagement Workflow

AllySec Forge runs a full-lifecycle autonomous red team operation across 8 phases. No pauses between phases. Recon results feed directly into exploitation without operator intervention.

Phase Flow

  [1] Recon
   |
   v
  [2] Enumeration
   |
   v
  [3] Vuln Analysis
   |
   v
  [4] Exploitation
   |
   v
  [5] Attack Chains
   |
   v
  [6] Post-Exploitation
   |
   v
  [7] Loot Collection
   |
   v
  [8] Anti-Forensics

Session Bootstrap

Before phase execution begins, the platform initializes:

bash

allysec --target example.com

Internally:

Pipeline(action="status") -- confirm Kali container is healthy, 190+ tools available
Pipeline(action="findings") -- load any existing findings from prior sessions
Scope is validated. Execution begins immediately.

Phase 1 -- Reconnaissance

Passive first, then active.

Passive recon: subdomain enumeration, OSINT correlation, Google dorking, Wayback Machine analysis, TLS certificate transparency logs, DNS record enumeration without touching the target.

Active recon: port scanning, service detection, technology fingerprinting.

Tool	Purpose
`recon-dominator` (skill)	Full passive + active recon pipeline
`theHarvester` (KaliTool)	Email, subdomain, and employee name discovery
`whois` (KaliTool)	Domain registration data
`nmap` (KaliTool)	Port scanning and service detection

Output: target asset inventory, exposed services, technology stack fingerprint.

Phase 2 -- Enumeration

Service fingerprinting, directory brute force, application mapping.

Tool	Purpose
`nmap` (KaliTool)	Detailed service version detection, NSE scripts
`ffuf` / `gobuster` (KaliTool)	Directory and file brute force
`wapiti` (KaliTool)	Web application endpoint enumeration
`whatweb` (KaliTool)	Web technology identification

Output: open ports with versioned services, discovered endpoints, application architecture map.

Phase 3 -- Vulnerability Analysis

Automated scanning and manual validation of potential vulnerabilities.

Tool	Purpose
`nuclei` (KaliTool)	Template-based vulnerability scanning
`nikto` (KaliTool)	Web server misconfiguration checks
`wpscan` (KaliTool)	WordPress vulnerability detection
`test-detection` (skill)	Pre-exploitation filter -- flag honeypots, demos, rabbit holes

Output: confirmed and candidate vulnerabilities, ranked by severity and exploitability.

Phase 4 -- Exploitation

Active exploitation of confirmed findings. The tool selection priority here is strict:

ExploitTool -- registered exploit types for known vulnerability classes
KaliTool -- purpose-built Kali exploitation tools (sqlmap, metasploit, hydra)
AttackImproviseTool -- custom-generated scripts for unregistered vulnerabilities
RedTeamScript -- AllySec skill scripts for specialized attack patterns

Rule: deploy AttackImproviseTool on the first failure of any registered exploit. Never retry the same technique twice without variation.

Output: confirmed access, session tokens, credentials, shell access.

Phase 5 -- Attack Chains

Multi-step chaining of successful exploits to escalate impact.

Tool	Purpose
`AttackChainTool` (sqli-to-admin)	SQL injection to admin account takeover
`AttackChainTool` (jwt-to-admin)	JWT forgery to privilege escalation
`AttackChainTool` (xss-to-takeover)	XSS to session hijacking
`AttackChainTool` (upload-to-rce)	File upload bypass to remote code execution

Output: escalated access, cross-service compromise paths, expanded foothold.

Phase 6 -- Post-Exploitation

Post-exploitation operations based on the access type obtained.

Tool	Purpose
`PostExploitTool` (privesc)	Privilege escalation on compromised host
`PostExploitTool` (lateral)	Lateral movement to adjacent systems
`PostExploitTool` (persistence)	Establish persistent access mechanisms
`PostExploitTool` (harvest)	Credential and data harvesting
`post-exploitation` (skill)	Full post-exploitation suite (Linux, Windows, AD)

Output: elevated access, domain compromise, persistence mechanisms deployed.

Phase 7 -- Loot Collection

Automated collection, classification, and archiving of exfiltrated data.

Tool	Purpose
`LootTool` (collect)	Gather files, databases, configs from compromised systems
`LootTool` (classify)	Auto-classify by type: credentials, source code, PII, configs
`LootTool` (archive)	Package into exfiltration archive

Output: classified loot manifest, exfiltration package, findings report data.

Phase 8 -- Anti-Forensics

Cover tracks and clean forensic artifacts on compromised systems.

Tool	Purpose
`anti-forensics-suite` (skill)	Log wiping, history erasure, timeline manipulation
`PostExploitTool` (clean)	Remove deployed implants and persistence

Output: sanitized target systems with operational artifacts removed.

Tool Selection Priority (All Phases)

KaliTool  >  RedTeamScript  >  ExploitTool  >  AttackImproviseTool  >  Bash (last resort)

During exploitation phases: ExploitTool > AttackImproviseTool > KaliTool > RedTeamScript > Bash

Quick Start -- Tool Selection

Engagement Workflow ​

Phase Flow ​

Session Bootstrap ​

Phase 1 -- Reconnaissance ​

Phase 2 -- Enumeration ​

Phase 3 -- Vulnerability Analysis ​

Phase 4 -- Exploitation ​

Phase 5 -- Attack Chains ​

Phase 6 -- Post-Exploitation ​

Phase 7 -- Loot Collection ​

Phase 8 -- Anti-Forensics ​

Tool Selection Priority (All Phases) ​