PurpleAILAB

Decepticon

Security#AI#Red Teaming#Cybersecurity#Docker#Penetration Testing

// summary

Decepticon is a professional autonomous red team agent designed to execute realistic attack chains like reconnaissance, exploitation, and lateral movement. Unlike simple scanners, it operates under strict rules of engagement and generates comprehensive operational plans before initiating any activity. The system utilizes specialized agents and isolated network architecture to perform professional-grade security testing while maintaining safety and discipline.

// technical analysis

Decepticon is an autonomous Red Team agent designed to execute professional-grade attack chains rather than simple automated scans. It operates with a disciplined methodology, requiring the generation of formal engagement documentation like Rules of Engagement and Operations Plans before any technical activity begins. The architecture emphasizes security through strict network isolation, separating management and operational traffic into distinct, hardened environments. By utilizing a multi-agent system organized by kill chain phases, the project enables complex, adaptive offensive operations that mimic real-world adversary behavior.

// key highlights

Executes full, multi-stage attack chains including reconnaissance, exploitation, lateral movement, and C2 operations.

Operates within a professional framework by generating mandatory documentation like RoE and ConOps before initiating any network activity.

Supports interactive shell sessions by managing persistent tmux environments, allowing the agent to handle complex, multi-step tool interactions.

Implements strict infrastructure isolation by separating the management network from the sandbox environment where offensive tools and targets reside.

Features an 'Offensive Vaccine' loop that automatically translates discovered vulnerabilities into defensive improvements to harden infrastructure.

Utilizes a specialized multi-agent architecture with 16 distinct roles to handle specific phases of the kill chain and vulnerability lifecycle.

// use cases

Autonomous execution of full-cycle red team attack chains

Automated vulnerability research from discovery to patch proposal

Offensive Vaccine loop for continuous security hardening

// getting started

To begin, ensure Docker and Docker Compose v2 are installed on your system. Run the installation script via 'curl -fsSL https://decepticon.red/install | bash', followed by 'decepticon onboard' to configure your API keys and model profiles. Once set up, you can launch the system with the 'decepticon' command or test the functionality using 'decepticon demo' to run a pre-configured engagement.