PROMETHEUS.EXE — Offensive AI Swarm

An offensive AI swarm for authorized security testing.

Prometheus runs a multiagent system on top of LLMs and standard recon tools like subfinder, nuclei, and nmap. Each agent owns a role (recon, classifier, exploit, report) and writes back to a shared blackboard, so new findings automatically trigger follow-up work. Dry run on by default.

API ONLINE 5 AGENTS DRY-RUNGET /api/v1/health → 200 OK_

Surface explodes. APIs, dashboards, demo sites, forgotten buckets. No SOC pen-tests them all.

Pen-tests are point-in-time. By the time the report lands, the surface has drifted.

Adversaries automate. Mass scanners, LLM-assisted recon. Defense needs the same leverage.

Annoying Legal Message from Clippy:
Use this only on systems you own or are explicitly authorized to test. Keep Dry run enabled unless your scope and permission are clear.

AGENTS

5 ROLES

PROVIDERS

Claude · OpenAI · Ollama

TOOLS

16 wrapped

MODE

DRY-RUN DEFAULT

[recon] subfinder → 47 subdomains[recon] httpx → 12 live hosts[classifier] new finding: missing CSP on api.target[orchestrator] scheduling EXPLOIT for #f4-csp[exploit] dry-run: curl -I api.target → no CSP[report] drafting section: missing-headers[recon] katana → 318 endpoints[classifier] candidate: idor on /v2/users/{id}[orchestrator] adaptive: re-running recon with seed[exploit] confirm: csrf token absent on /v2/admin[report] section attached: csrf-admin[recon] nuclei → 0 critical, 3 medium[recon] subfinder → 47 subdomains[recon] httpx → 12 live hosts[classifier] new finding: missing CSP on api.target[orchestrator] scheduling EXPLOIT for #f4-csp[exploit] dry-run: curl -I api.target → no CSP[report] drafting section: missing-headers[recon] katana → 318 endpoints[classifier] candidate: idor on /v2/users/{id}[orchestrator] adaptive: re-running recon with seed[exploit] confirm: csrf token absent on /v2/admin[report] section attached: csrf-admin[recon] nuclei → 0 critical, 3 medium

system-overview.bmp

Architecture

Four layers, no cloud dependency. Go binary serves the API. Next.js shell proxies to it. Reports stay on disk.

┌────────────────────────────────────────────────┐
│  WIN95 SHELL (Next.js)  /scan /swarm /findings │
└─────────┬──────────────────────────────────────┘
          │ HTTP + WS  (proxy /api/v1 → :8081)
┌─────────▼──────────────────────────────────────┐
│  GO API (Fiber)   campaigns · scans · ws       │
└─────────┬──────────────────────────────────────┘
          │
   ┌──────┴───────┐
   ▼              ▼
CLASSIC        SWARM (blackboard scheduler)
recon→classify recon ↔ classify ↔ confirm ↔ exploit
→plan→exec→rep ↺ adaptive: success seeds new recon
   │              │
   └──────┬───────┘
          ▼
LLM PROVIDERS  · TOOL WRAPPERS  · LOCAL MEMORY
claude/openai   httpx/nuclei      reports/
ollama/lmstudio nmap/+13 more     campaigns/

blackboard.txt

The blackboard, in five steps

Agents wake up when new facts appear, do their job, write the result back. Successful findings seed new recon. Failed exploits trigger an adapted plan pass.

TARGET_REGISTERED
  ↓
RECON          → finds hosts, services, surface
  ↓
CLASSIFIER     → buckets, drafts attack paths
  ↓
CONFIRM        → validates the most promising
  ↓
EXPLOIT        → scoped, dry-run-by-default
  ↓
REPORT         → markdown + evidence chain
  ↺
ADAPTIVE LOOP  → seeds follow-up recon

Why a swarm. Each role keeps moving while others wait. Findings compound across agents.

Why a blackboard. Add a new agent and the rest of the swarm picks it up for free.

agents\\

orchestrator.exe

Conductor

Watches the blackboard, picks the next move, allocates budget, routes prompts.

recon.exe

Scout

Subdomains, hosts, ports, content, JS endpoints. Scope-locked before any packet.

classifier.exe

Triage

Buckets findings into vuln classes, drafts attack paths, ranks by likelihood × impact.

exploit.exe

Validator

Builds PoC commands, runs them inside the safe-mode blocklist, confirms with evidence.

report.exe

Writer

Word97-style markdown report: severity, evidence, remediation, repro steps. On disk.

program-files\\

Wrapped recon & exploit tools

Agents drive these directly. Wrappers enforce scope and emit structured output.

subfinder

subdomain enum

httpx

http probe

nuclei

templated scans

naabu

port scan

katana

web crawl

dnsx

dns

gau

url discovery

ffuf

fuzz

gowitness

screenshots

nmap

service detect

gobuster

dir brute

sqlmap

sqli

amass

asset map

trufflehog

secrets

gitleaks

git secrets

semgrep

static analysis

Built-in playbooks

Templated campaigns. prometheus playbook run <name>

external-asm.yamlExternal attack surface

bug-bounty.yamlScoped bug-bounty

api-security.yamlAPI surface checks

owasp-top10.yamlOWASP Top 10 sweep

owasp-50-checklist.yamlOWASP 50 deep

internal-network.yamlInternal recon

ci-cd-security.yamlCI/CD audit

ctf-solver.yamlAutonomous CTF

liveview.exe — The shell

Each terminal is a real agent in the swarm runner. The control strip locks target, scope, preset, dry run, and adaptive improvement before launch.

dashboard. Campaign overview, severities, per-agent readiness.

findings. Reports as papers on a desk. Word97-style reader.

setup.exe — Installation

Install in 60 seconds

# 1. Clone
git clone https://github.com/NlCK01/prometheus-exe
cd prometheus-exe

# 2. Bootstrap config + install Go-based recon tools
cp config.example.yaml config.yaml
./scripts/setup.sh

# 3. Provide a model key
export ANTHROPIC_API_KEY="sk-ant-..."   # or OPENAI_API_KEY=...

# 4. Build + serve API
go build -o bin/prometheus ./cmd/prometheus
./bin/prometheus serve --port 8081

# 5. Start the shell (in another terminal)
cd web && npm install && npm run dev -- --port 3001
# open http://localhost:3001

Prerequisites

Go 1.24+, Node 20+
Anthropic, OpenAI, or local LLM (Ollama / LM Studio)
Optional: Postgres for persistent state

./bin/prometheus doctor
Checks Go, Node, $PATH tools, config validity, DB.

./bin/prometheus init
Interactive setup. Provider, key, scope, writes config.yaml.

PROMETHEUS_SKIP_SECURITY_TOOLS=1
Skip recon-tool install for a leaner first run.

help.hlp — Reference

command	does
serve	Start the API server (Fiber on :8081)
scan <target>	One-off scan against a target
campaign list	List all campaigns
campaign watch <id>	Live TUI dashboard, watch the swarm work
campaign stop <id>	Emergency-stop a running campaign
campaign explore <id>	Interactive attack-surface explorer
playbook list / run	List or run a playbook
ctf solve <target>	Autonomous CTF solver
ctf writeup <id>	Generate writeup from a CTF campaign
report <id>	Render the markdown report for a campaign
explain <cve\|finding>	Plain-English explanation
doctor	Health check: deps, tools on $PATH, config, DB
init	Interactive setup wizard
config show / validate	Print or validate config (secrets redacted)
fp share	Export anonymized false-positive cache
mcp serve	Run MCP server for AI clients
demo	Scripted, network-free walkthrough

faq.txt

Replacement for a human pen-tester? No. Force multiplier. Catches what humans never have time for.

What does it cost? LLM tokens. Single-digit dollars on Claude/GPT, free on Ollama / LM Studio.

Will it actually exploit? Only with Dry-Run off, scope set, and safe-mode blocklist accepted.

Run fully offline? Yes. Point orchestrator at Ollama/LM Studio. No cloud, no telemetry.

Extending it? Drop an agent under internal/agent/<name>/, subscribe to a fact, publish a new one.

roadmap.txt

v0.1 — now

Swarm + classic engines
5 default agents
16 wrapped tools
Win95 control panel

v0.2 — soon

Fine-tuned per-agent local models
Container-scan agent
Continuous monitoring mode
Slack / Jira webhooks

v1.0 — vision

Multi-tenant red-team SOC
Encrypted distributed blackboard
Replayable campaigns
Human-in-the-loop policy gates

legal.txt — AUTHORIZED ONLY

Prometheus is built for red-team training, CTFs, and engagements with written authorization. Pointing it at systems you do not own or are not contracted to test is illegal in most jurisdictions.

Keep Dry run enabled until your scope is clear. Use Enforce exploit scope to block any command targeting outside your approved host and resolved IPs.

Clippy says: If you have to ask whether you are authorized, you probably are not.

Ready to launch the swarm?

Clone, run setup, watch five agents triangulate your attack surface.