Tool Selection

Decision tree for choosing the right tool at each stage of an engagement. AllySec Forge exposes 10+ tool interfaces, each optimized for a specific class of operation.

Decision Tree

Is it recon, enumeration, or vuln scanning?
  YES --> KaliTool (2,400+ commands, 191 mapped tools, 7 phases)
  NO  --> Is there a confirmed vulnerability finding?
            YES --> ExploitTool (13 exploit types)
                     ON FIRST FAILURE --> AttackImproviseTool (never retry same technique)
            NO  --> Is it post-exploitation?
                     YES --> PostExploitTool (privesc, lateral, persistence, harvest)
                     NO  --> Is it chaining multiple exploits?
                              YES --> AttackChainTool (sqli-to-admin, xss-to-takeover, etc.)
                              NO  --> Is it data collection?
                                       YES --> LootTool (collect, classify, archive)
                                       NO  --> KaliTool or RedTeamScript

Tool Reference

1. KaliTool

First choice for reconnaissance, enumeration, and vulnerability analysis. Routes through Docker to a Kali Linux container with 2,400+ commands installed. Phase-aware tool recommendation available.

KaliTool(action="recommend", purpose="directory brute force", stage="enumeration")
KaliTool(tool="nmap", args=["-sV", "-p", "1-1000", "target.com"])

When to use: always first. If unsure which tool to run, use KaliTool(action="recommend").

2. RedTeamScript

Python skill scripts for attacks not covered by standard Kali tools. 147 scripts across 19 suites.

RedTeamScript(skill="webapp-exploit-hunter", script="sqli_tester", args="--url https://target.com")

When to use: when KaliTool doesn't have a matching tool for the specific attack pattern.

3. ExploitTool

Active exploitation engine with 13 registered exploit types. Takes confirmed findings and executes targeted attacks.

When to use: whenever a finding is confirmed and an exploit type matches.

4. AttackImproviseTool

Generates tailored Python scripts on-the-fly when no registered exploit covers the vulnerability class.

AttackImproviseTool(action="improvise", attackType="jwt", templateType="auth_bypass")

Critical rule: deploy on the first failure of any registered exploit attempt. Never retry the same technique twice without variation. This is Phase 3.5 in the executor workflow -- the last resort before giving up on a vulnerability.

5. AttackChainTool

Multi-step exploit chaining. Links successful exploits together to escalate impact.

Chain	Effect
`sqli-to-admin`	SQL injection to admin account takeover
`jwt-to-admin`	JWT forgery to privilege escalation
`xss-to-takeover`	XSS to session hijacking
`upload-to-rce`	File upload bypass to remote code execution

When to use: after one or more exploits have succeeded and cross-service compromise paths exist.

6. PostExploitTool

Post-exploitation operations after initial access is confirmed.

Action	What it does
`privesc`	Privilege escalation on compromised host
`lateral`	Lateral movement to adjacent systems
`persistence`	Establish persistent access
`harvest`	Credential and data harvesting

When to use: immediately after exploitation succeeds.

7. LootTool

Automated data collection, classification, and exfiltration.

Action	What it does
`collect`	Gather files, databases, configs
`classify`	Auto-classify by type
`archive`	Package into exfiltration payload

When to use: after gaining stable access to target systems.

8. C2AdaptixTool

Command and control infrastructure management. Listeners, agents, tunnels, remote commands.

When to use: for persistent operations requiring C2 infrastructure.

9. Pipeline

Control surface for the adaptive tool pipeline. Status checks, tool recommendations, attack plans, findings.

Pipeline(action="status")
Pipeline(action="attack-plan", target="example.com", techStack="nginx,php,mysql")

When to use: session bootstrap, checking available tools, getting next-step recommendations.

10. SkillTool

Discovery and management interface for the AllySec skill library.

When to use: discovering available skill suites, checking script inventories.

11. Agent Tool

Spawns specialized sub-agents for parallel attack execution. 13 agent types covering injection, auth, API, client-side, server-side, cloud, and post-exploitation.

When to use: parallel engagement execution, multi-target operations.

Priority Rule

For recon, enumeration, vuln analysis:
  KaliTool > RedTeamScript

For exploitation:
  ExploitTool > AttackImproviseTool > KaliTool > RedTeamScript > Bash

For post-exploitation:
  PostExploitTool > post-exploitation (skill) > KaliTool

Bash is always last resort.

Engagement Workflow -- Quick Start

Tool Selection ​

Decision Tree ​

Tool Reference ​

1. KaliTool ​

2. RedTeamScript ​

3. ExploitTool ​

4. AttackImproviseTool ​

5. AttackChainTool ​

6. PostExploitTool ​

7. LootTool ​

8. C2AdaptixTool ​

9. Pipeline ​

10. SkillTool ​

11. Agent Tool ​

Priority Rule ​