TOTAL MULTI-AGENT REHAUL/ UPGREADE
license: gemma
base_model: huihui-ai/Huihui-gemma-4-12B-it-abliterated
tags:
- cybersecurity
- penetration-testing
- autonomous-agent
- multi-agent
- gguf
- security-tools
- llm-agent
- mcp
- kali-linux
- red-team
language: - en
pipeline_tag: text-generation
IMG_6600Final_EDIT
π HALO Security
Autonomous multi-agent AI penetration testing system β fully local, no cloud, no API keys.
Built on Kali Linux with a local LLM (GEMMA 4-12B via LM Studio) and a Flask-based MCP tool server. Five specialized agents handle recon, attack routing, PoC validation, and reporting β all autonomously, all on your own hardware.
demo
What It Does
π Autonomous recon β masscan, nmap, httpx, subfinder, katana, ffuf, nuclei, and wafw00f fingerprint the target and its defenses before anything aggressive runs
βοΈ Vuln-class routing β the Attacker agent branches into SQLi, credential brute-forcing, IDOR, SSRF, XSS, and auth/session-specific tooling based on what recon actually found
β
PoC validation β every claimed finding is checked against real evidence (confirmed injectable params, valid creds, high/critical template matches) before it's counted β no findings are trusted on faith
π Auto-generates client-ready markdown pentest reports, including honest "unconfirmed / needs manual review" entries when evidence doesn't hold up
π§ Persistent negative-experience cache β learns what fails across ALL sessions, scoped per engagement, and never wastes time on it again
π 100% local β GEMMA 4-12B running in LM Studio, nothing leaves your machine
Multi-Agent Architecture
Planner βββΊ Orchestrator βββΊ Vuln Discovery βββΊ Attacker βββΊ Validator βββΊ Report β β β β β βββΊ routes to vuln-class β β specialist (SQLi/IDOR/ β β SSRF/XSS/Auth/Brute) β β β βββΊ masscan, nmap, httpx, subfinder, β katana, ffuf, nuclei, wafw00f, nikto β βββΊ dispatches tasks, no tool calls of its own
Validator confirms or rejects each Attacker finding using real evidence, then compiles everything β confirmed and unconfirmed β into a markdown report per engagement.
Tool Arsenal (25 tools)
Tool Purpose
run_masscan Fast port discovery
run_nmap Deep service/version scanning
run_httpx HTTP probe β status, titles, tech detection
run_wafw00f WAF/security-solution fingerprinting
run_subfinder Subdomain enumeration
run_katana Web crawler and attack surface mapper
run_ffuf Fast web fuzzer for dirs/params/vhosts
run_nuclei Vulnerability template scanner
run_nikto Web vulnerability scanning
run_sqlmap SQL injection testing
run_hydra Credential brute forcing
run_ncrack Network authentication cracking
run_medusa Fast parallel brute forcing
run_searchsploit Exploit lookup
run_gobuster Web directory brute forcing
run_enum4linux SMB/Samba enumeration
run_john Hash cracking
run_sherlock OSINT across 90+ platforms
run_exploit Sandboxed Python exploit runtime
run_command Execute any shell command
write_file Write output to files
read_file Read file contents
run_setoolkit Social engineering attacks
run_curl HTTP requests
run_wget File retrieval
Sovereign Agent Layer
The negative-experience cache fingerprints every tool call (SHA-256, scoped per engagement). If it fails once, it gets one retry. Fail twice β permanently blacklisted for that engagement. The agent never wastes cycles on dead ends it has already proven don't work.
Stack
Model: GEMMA 4-12B Instruct Abliterated (GGUF via LM Studio)
Agents: Python multi-agent system (Planner, Orchestrator, Vuln Discovery, Attacker, Validator)
MCP Server: Flask on port 8000
OS: Kali Linux (UTM on Apple Silicon M1)
Hardware: MacBook Pro M1 16GB RAM
**Works with any agent or Model of the users choosing
Usage
cd ~/GEMMA-by-GOOGLE
python3 mcp_server.py &
python3 orchestrator_agent.py
Reports write to /tmp/{engagement_id}_report.md on completion.
Project Status
Active development. New capabilities and upgrades pushed regularly.
Built by a self-taught developer and security researcher. One year in.
License
MIT
Anyone who is interested in this community project is welcome to suggest, comment, or create an issue/PR . This is an ongoing community project welcoming any and all developer committed to online safety and threat awareness.