Analysis updated 2026-07-03
Run a full authorized attack simulation against a target network, from initial reconnaissance through privilege escalation, without manually chaining tools.
Generate a MITRE ATT&CK-mapped operation plan before each engagement so every action stays within defined rules of engagement.
Test Active Directory, cloud environments, or smart contract security using specialist agents purpose-built for each domain.
Use the local web dashboard to monitor attack progress in real time while the orchestrator agent coordinates 16 specialist sub-agents.
| purpleailab/decepticon | camelot-dev/camelot | openai/glide-text2im | |
|---|---|---|---|
| Stars | 3,691 | 3,691 | 3,690 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | easy | easy |
| Complexity | 4/5 | 2/5 | 3/5 |
| Audience | ops devops | data | researcher |
Figures from each repo's GitHub metadata at analysis time.
Requires Docker and Docker Compose, you must supply at least one AI provider API key and have authorized access to any system you target.
Decepticon is an autonomous agent designed for red team security work, meaning it simulates real attacks on computer systems to find vulnerabilities before malicious actors do. It is built for security professionals who have authorization to test the systems they target. Unlike simpler security tools that run a port scan and produce a report, Decepticon executes realistic attack chains the way a human attacker would. This includes reconnaissance (gathering information about a target), exploitation (taking advantage of vulnerabilities), privilege escalation (gaining broader access), lateral movement (spreading across a network), and command-and-control operations. Before any attack action, Decepticon generates planning documents: rules of engagement, an operation plan, deconfliction guidelines, and a MITRE ATT&CK mapping. All subsequent actions stay within those defined boundaries. The system uses 16 specialist AI agents, each responsible for a different phase or domain. An orchestrator agent coordinates overall strategy, while others handle specific tasks like Active Directory attacks, cloud environments, smart contract exploitation, and binary reverse engineering. Each agent receives a fresh context window per objective so earlier steps do not pollute later reasoning. Technical setup requires Docker and Docker Compose. Install runs from a single command, and the tool starts as a combination of a terminal CLI and a local web dashboard at port 3000. All attack tool execution happens inside a Kali Linux sandbox on a dedicated network segment, isolated from the management services. Interactive security tools like Metasploit run inside persistent terminal sessions so the agent can issue follow-up commands without workarounds. Model support is flexible and tier-based. You can configure Anthropic, OpenAI, Google Gemini, DeepSeek, Mistral, local models via Ollama, or several subscription OAuth providers, and the system builds a priority fallback chain from whatever credentials you provide. The project is Apache 2.0 licensed and has a Korean-language README in addition to the English one.
An AI-powered autonomous red team agent that simulates realistic multi-stage cyberattacks, from reconnaissance to lateral movement, inside an isolated sandbox, for authorized security testing.
Mainly Python. The stack also includes Python, Docker, Kali Linux.
Apache 2.0, use freely for any purpose including commercial, as long as you include the license and copyright notice.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.