Point it at an authorized target and the kill chain runs itself: recon → exploit → report, from a browser War Room or the CLI, driven by the agent you’re already signed into — Claude Code, Codex, Hermes — or a model you run fully offline (Ollama, LM Studio, vLLM). No new API keys, no cloud tenant, no second bill. Your agent is the brain; T3MP3ST is the war machine bolted around it. Self-hosted storm. Keyless warfare. ⚡

And it won’t ask you to take its word for it. On XBOW’s own 104-challenge suite it scores 90.1% pass@1 — above XBOW’s self-reported 85% — alongside hint-free CTF solves and a cold hunt on real, post-cutoff CVEs the model had never seen. Every number in this README recomputes from committed data with one command (npm run verify-claims). Loud about the mission, honest about the build — the status table says exactly what’s live, what’s scaffolding, and what’s still roadmap; full receipts in Benchmarks.
Three things set it apart:
Reproducible. Every number in this README recomputes from committed data — npm run verify-claims re-derives all of them, 24/24 green. A claim that can’t be reproduced doesn’t ship. No trust-me numbers, ever.
Keyless. The AI coding agent already on your machine is the backbone. No API keys, no second bill, no gatekeeper.
Honest about scope. The status table marks exactly what’s stable, experimental, or roadmap — because red-teaming shouldn’t be a priesthood, and it damn sure shouldn’t run on vibes.
⚠️ Authorized use only
T3MP3ST is an offensive security tool, built for authorized testing, research, and education. Point it only at systems you own or have explicit, written permission to test. Unauthorized access to computers, networks, or data is illegal in most jurisdictions — you alone are responsible for how you use this software and for staying inside the law and your rules of engagement. Bring the storm to your targets, not someone else’s.
T3MP3ST is provided as-is under the AGPL-3.0 license, with no warranty and no liability for any damage, loss, or misuse. The authors do not endorse, support, or condone unauthorized activity. Get permission. Stay in scope. Don’t be a menace. 🫡
| Domain | What it does | Status |
|---|---|---|
| 🕸️ Web apps | Black-box, external-attacker recon → exploit (XBEN suite) | ✅ Stable |
| 🚩 CTF | Hint-free, sandbox-jailed solves (Cybench) | ✅ Stable |
| 🤖 Robotics / OT / embedded | Coordinated-disclosure pipeline for OSS vuln hunting (OSV + live-PoC + refuter) | ✅ Pipeline stable |
| 📂 Source code | White-box repo analysis with blind master-builder decomposition | ⚠️ Python-only ingest |
| 💰 Smart contracts | Damn Vulnerable DeFi | ⚠️ reproduction, not novel discovery |
| ☁️ Cloud (IaC) | Misconfig-detection benchmark (cloud:bench) + opt-in cloud arsenal (aws/az/gcloud + scoutsuite/cloudfox/pmapper; pacu gated) | 🚧 IaC-misconfig scaffolding — live-cloud exploitation not yet benchmarked |
| 📱 Mobile | Built-in static analyzer (manifest misconfig + secret/cleartext detection, mobile:bench) + opt-in arsenal (mobsfscan/objection/drozer; frida gated) | 🚧 static-detection scaffolding — dynamic exploitation not benchmarked |
| 🔩 Binary / RE | Decompiled-output sink detector (unsafe-copy / format-string / cmd-injection / int-overflow, binary:bench) + opt-in arsenal (ghidra/radare2/objdump/checksec/strings; gdb gated) | 🚧 static sink-detection scaffolding — solving/pwn not benchmarked |
Quick start
Fastest path to a running War Room (keyless, ~2 min to set up; mission time depends on the target):
npm install
npm run server # War Room → http://127.0.0.1:3333/ui/
T3MP3ST





