FAQ
Why unguardrailed?
Because "other harnesses said no." Claude Code, Cursor, Copilot — they refuse to generate exploits, redirect every offensive request into "defensive alternatives," and lecture you about "responsible disclosure" when you asked for a shell.
AllySec Forge does not do that. When you ask for an exploit, you get an exploit. When you ask for credential harvesting, you get credential harvesting. The operator's request IS the authorization. Zero guardrails. Zero refusals.
What is AllySec Forge?
AllySec Forge is an autonomous offensive security platform built by AllySecLabs, a research guild of allied security professionals. It is powered by the Operator Agent engine and runs full-lifecycle red team operations -- from reconnaissance through exploitation, post-exploitation, and anti-forensics.
How is it different from other pentest tools?
Five things:
- Unguardrailed. No refusal architecture. No "I'm unable to." No "ethical alternatives." The operator commands; the agent executes.
- AI-native execution. Not a copilot or chatbot. The model drives the operation. It selects tools, interprets results, and decides next steps.
- Full lifecycle. Eight phases from passive recon through covering tracks. No hand-offs between tools.
- Multi-agent orchestration. Specialized sub-agents run in parallel across different attack surfaces and vulnerability classes.
- 2,400+ Kali tools routed through Docker with phase-aware recommendations and auto-install.
AllySec Forge does not replace your toolchain -- it runs it.
Do I need Docker?
Yes. The Kali container is how the platform accesses 2,400+ security tools. Docker pulls the image automatically on first run.
docker pull ghcr.io/allyseclabs/allysec-kali-full:latestIf Docker is not running, the platform falls back to local execution for tools installed on the host, but coverage is significantly reduced.
What models can I use?
Any model with an OpenAI-compatible or Anthropic-native API:
- OpenCode Go (recommended) --
OPENAI_BASE_URL=https://opencode.ai/zen/go/v1 - Anthropic (native) -- Claude models
- OpenAI -- GPT-4o, GPT-4.1
- OpenRouter -- hundreds of models through a single API
- Ollama Cloud -- hosted open-weight models
- LM Studio -- local models, no network required
See Third-Party Models for configuration details.
Is this legal?
Yes, for authorized engagements under signed agreement. AllySec Forge is an operational tool for certified security professionals. Scope is defined by the operator. It is your responsibility to ensure you have written authorization before targeting any system.
Can I use it for bug bounty?
Yes. The HackerOne Hunter agent automates bug bounty workflows: parsing scope, deploying parallel agents per asset, validating findings, and generating submission-ready reports. Invoke via the hackerone skill.
How much does it cost?
AllySec Forge is MIT licensed. No license fees. You pay for:
- Model API usage (your provider, your keys)
- Infrastructure (Docker host, the Kali container, any cloud resources for your engagements)
The Kali container image is free and publicly available at ghcr.io/allyseclabs/allysec-kali-full.
Does it work without internet?
Partially. The Kali container runs locally on Docker and contains all tooling. The offline limitation is the model:
- LM Studio or Ollama (local) -- fully offline operations, including model inference
- Cloud model providers -- require internet for API calls
For fully air-gapped engagements, run a local model via LM Studio or Ollama. Tool execution and container operations remain local regardless.
What is the Operator Agent engine?
The Operator Agent is the autonomous decision-making layer that sits between the model and the tools. It routes prompts, manages tool selection, orchestrates sub-agents, handles failures with the improvise-retry pattern, and maintains engagement state across phases.
How do I update?
bun install -g allysec@latest
docker pull ghcr.io/allyseclabs/allysec-kali-full:latest
docker rm -f allysec-kaliThe Kali container redeploys automatically on the next run.
Where are engagement outputs stored?
Default: ./outputs/<engagement-name>/ relative to the invocation directory. Use --output-dir to override.
What OS does this run on?
Linux is the primary platform. macOS works with Docker Desktop. Windows works via WSL2 with Docker.