
T3MP3ST
autonomous red teaming platform; multi-agent offensive-security meta-harness
The Lens
T3MP3ST points a swarm of AI agents at a target and tries to break in, then writes up how. It automates the red-team loop, reconnaissance, exploitation, and reporting, across web apps, CTF challenges, source code, embedded systems, and smart contracts. Instead of asking for its own API keys, it drives coding agents you already run, Claude Code, Codex, or Hermes. AGPL-3.0 and free.
Getting it running is light: npm install, npm run server, and a web War Room interface comes up. What is behind that interface is the honest question. The recon operator is production-ready, but the headline, a coordinated multi-agent swarm chaining exploits end to end, is still largely scaffolded. The benchmark numbers (around 90 percent on a web-security challenge suite, most of a held-out CVE set matched) come from a single agent, not the swarm the name promises. To its credit, the repo ships a verify-claims command so you can re-derive them yourself.
This is for security people doing authorized work, pentesters, CTF players, researchers probing their own code, not a push-button tool for anything you do not own. Solo researchers and small security teams: worth a look as an AI-assisted recon and triage layer today, with the exploitation swarm as a promising work in progress. Treat the automation as a force multiplier for a human who knows what they are doing, not a replacement for one.
The catch is the gap between the pitch and the product. The recon works, the autonomous kill chain does not fully exist yet, and AGPL-3.0 means anything you build on top inherits that copyleft. Judge it on what runs today, not the roadmap in the README.
Free vs Self-Hosted vs Paid
fully freeFree: All of it, AGPL-3.0. The recon engine, mission control, and War Room UI. It uses the coding agents you already pay for rather than its own keys.
Self-hosted: Runs locally, npm install and a local server. Your targets and findings stay on your machine.
Paid: None from the project. Your real cost is the token spend of whatever agents it drives.
Free under AGPL-3.0; the recon layer is real today, the autonomous exploit swarm is still mostly scaffolding.
Get tools like this every Wednesday
One featured tool, three on the radar. No fluff.
License: GNU Affero General Public License v3.0
Must share source even for SaaS/network use. Strongest copyleft.
Commercial use: ✓ Yes
About
- Owner
- pliny (User)
- Stars
- 1,896
- Forks
- 471