Analysis updated 2026-05-18
Load discovery modules into an agent framework like Poseidon during an authorized penetration test.
Check what cloud metadata a compromised virtual machine would expose to an attacker.
Audit an endpoint for device management enrollment and AI tooling configuration files.
| atomiczsec/noradrenaline | 0xblackash/cve-2026-46333 | badlogic/mcugdx | |
|---|---|---|---|
| Stars | 17 | 17 | 17 |
| Language | C | C | C |
| Last pushed | — | — | 2025-07-09 |
| Maintenance | — | — | Stale |
| Setup difficulty | hard | moderate | hard |
| Complexity | 4/5 | 4/5 | 4/5 |
| Audience | ops devops | researcher | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires a C toolchain per target platform and an agent framework like Poseidon to load the modules into.
Noradrenaline is a collection of small software modules written in C, built to run on macOS and Linux. Each module is a shared library, meaning a compiled file that another program can load and call at runtime. They are designed to be loaded by agent frameworks like Poseidon, which are used in authorized security testing work. The project is openly described as offensive in purpose, aimed at security professionals conducting penetration tests or red team exercises. The modules cover several categories of tasks. In the discovery category, individual modules can report things like the operating system version, installed application counts, environment variables, hostname and domain membership, proxy configuration, and firewall rules. A separate module checks whether a machine is enrolled in a device management system, which tells a tester how tightly controlled the endpoint is. Another module scans for AI tooling and agent-related configuration files, a newer category of information that security teams may want to audit. One module in the credential access category probes the cloud metadata service that major cloud providers (AWS, Azure, and Google Cloud) make available inside virtual machines. That service can sometimes expose credentials or identity information, and this module checks what is accessible from a given machine. Building the project requires a C compiler appropriate for the target platform. macOS builds use Apple toolchains, Linux builds can use local compilers or Docker containers for cross-compilation. The root Makefile ties everything together, so a single command builds all modules for the current host, or you can target a specific platform. A small test runner included in the repo lets you load any built module and call it locally without needing a live agent framework connected. The project is under active development. Linux agent support for some modules is not yet available on public platforms, and a community contributions section is listed as coming soon. The disclaimer in the README places full responsibility for use on the person running the code.
A collection of C modules for authorized red team agent frameworks that gather system, cloud, and endpoint security information.
Mainly C. The stack also includes C, macOS, Linux.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.