Adversarial emulation framework using LLM-driven adaptive payloads.
AttackGPT provides security teams with a platform to safely evaluate enterprise endpoint and network controls against automated, on-demand code synthesis. Traditional script-based AI attacks suffer from severe code hallucinations and brittle semantic alignment; this framework introduces structural solutions to study how these techniques bypass traditional, static security baselines.
FOR AUTHORIZED SECURITY TESTING AND RESEARCH ONLY.
Unauthorized access to computer systems is illegal. Users are solely responsible for obtaining proper authorization and complying with all applicable laws. Misuse may result in criminal prosecution.
Intended use: AttackGPT is an open-source Adversarial Emulation Framework designed for security research, threat simulation, and behavioral telemetry generation. This tool allows Red Teams to simulate modern dynamic payload pipelines and assists Blue Teams in mapping out defensive gaps against Just-in-Time (JIT) in-memory code execution.
- Windows OS (C2 server requires PowerShell)
- Python 3.8+
- API keys: OpenAI and/or Anthropic (or use Ollama for local models)
1. Install dependencies
pip install -r requirements.txt2. Set API keys
#Set the following environment variables for the LLM API keys
$env:OPENAI_API_KEY = 'your-key-here'
$env:ANTHROPIC_API_KEY = 'your-key-here'3. (Optional) Install Ollama for open-source models
# Download: https://ollama.ai/download
ollama serve
ollama pull qwen2.5-coder:32b4. Configure C2 address in stub.py
C2_SERVER = "http://YOUR_SERVER_IP:8888"5. Configure attack campaign in tactics_config.py
"discovery": {
"implemented": True, # Enable this tactic
"model": "gpt-5", # Choose LLM model
"commercial": True, # True = API, False = Ollama
"techniques": [
{
"name": "Browser Data Discovery",
"mitre_id": "T1217",
"persona": "You are a System Administrator...",
"objective": "Task: Find Chrome database files..."
}
]
}See tactics_config.py for detailed field documentation.
Start C2 server:
cd agentic_attackgpt
python server.pyDeploy agent (authorized systems only):
python stub.pyThe agent polls C2 every 5 seconds, executes generated payloads, and returns results.
| Component | Description |
|---|---|
| server.py | Flask C2 server, manages the agent and commands |
| stub.py | Lightweight agent deployed on targets |
| orchestrator_agentic.py | Campaign manager, sequences tactics |
| engine_agentic.py | LLM integration with self-healing loop |
| tactics_config.py | User-configurable MITRE ATT&CK tactics |
| sandbox.py | PowerShell sandbox for payload validation |
Split-Brain Architecture
- Commercial LLMs (GPT, Claude) for techniques framed as legitimate tasks
- Open-source LLMs (Qwen, Llama) for explicitly malicious operations
Self-Healing Validation Loop
- Generated code validated in local PowerShell sandbox
- Failures fed back to LLM with error context
- Auto-regenerates corrected code (up to 5 attempts)
Context-Aware Generation
- Payloads adapt to victim OS, privileges, installed software
- Previous technique results feed into subsequent prompts
- No hardcoded templates—fully dynamic
Modular Prompting
- Attack chains decomposed into isolated techniques
- LLM never sees full malicious intent
- Bypasses commercial LLM safety guardrails
Modular Execution
- Can possibly bypass EDR detection since each malicious code is executed in different PowerShell instance.
Each technique in tactics_config.py:
| Field | Required | Description |
|---|---|---|
name |
Yes | Technique name |
mitre_id |
Yes | MITRE ATT&CK ID (e.g., T1547.001) |
persona |
Yes | Role-play framing for LLM |
objective |
Yes | Detailed task instructions |
skip_verification |
No | Skip sandbox (default: False) |
required |
No | Abort if fails (default: True) |
MIT License - See LICENSE for details.
This research explores LLM capabilities in cybersecurity, demonstrating both offensive potential and the need for defensive awareness.
Use responsibly and legally.