Autonomous AI Agent Framework for Security Research
Project description
Autonomous AI Agent Framework for Security Research
[!IMPORTANT] LEGAL & SECURITY DISCLAIMER: This framework is designed strictly for educational purposes, authorized security research, and defensive penetration testing. The authors are not responsible for any misuse, unauthorized targeting, or damage caused by the autonomous execution capabilities of this tool. Users are solely responsible for ensuring full legal authorization before initiating any scans or test sequences.
What is Elengenix?
Elengenix is an open-source framework that turns security research into a reasoning problem. Rather than scripting fixed attack sequences, it deploys an AI agent that reads a target, builds an attack tree, selects tools, interprets findings, and adapts its strategy in real-time — the same way a skilled penetration tester thinks.
It is designed to be provider-agnostic, mobile-deployable (Termux), and safe by design: every command passes through a governance engine that blocks destructive operations without limiting research flexibility.
Why It Exists
The current state of security tooling has a fundamental gap: tools are powerful, but brittle. They require deep expertise to chain together, produce unfiltered noise, and cannot reason about what a finding actually means in the context of a target's architecture.
Elengenix exists to close this gap — to give researchers a collaborator that understands both the technical and business dimensions of a vulnerability, can estimate its exploitability and payout value, and documents the full chain of evidence automatically.
Core Design Principles
- Reasoning over rules — The agent dynamically constructs its attack plan from a live understanding of the target, not a predefined checklist.
- Multi-model collaboration — Up to 3 AI models work as a team (Strategist, Recon Lead, Exploit Analyst), cross-validating findings and sharing context.
- Safety without friction — A governance layer classifies every action as SAFE, PRIVILEGED, or DESTRUCTIVE. Dangerous commands are blocked; sensitive ones require user confirmation; safe ones execute immediately.
- Memory across sessions — Findings, decisions, and context persist across sessions via semantic vector memory (ChromaDB / SQLite FTS5 fallback).
Quick Start
Prerequisites: Python 3.10+, Go 1.20+
git clone https://github.com/Ashveil1/Elengenix.git && cd Elengenix
# Install dependencies (Python + Go security tools)
chmod +x setup.sh && ./setup.sh
# Verify environment
elengenix doctor
# Configure AI providers
elengenix configure
Supports Android via Termux: chmod +x termux_setup.sh && ./termux_setup.sh
Usage
Terminal UI
elengenix tui
Two operational modes:
- CHILL — Safe research, chat, code review. Tool execution disabled.
- HUNT — Full autonomous vulnerability hunting.
| Key | Action |
|---|---|
Ctrl+M |
Toggle CHILL / HUNT |
Ctrl+S |
Settings overlay |
Ctrl+G |
Help |
Slash Commands
/target <domain> Set target scope
/mode <chill|hunt> Switch mode
/talk <1|2|3|all> Route to specific agent in the team
/session <new|list|load> Manage sessions
/stats Memory & scan statistics
CLI Commands
elengenix scan <target> # Full automated scan pipeline
elengenix autonomous <target> # Fully autonomous mode
elengenix sast <path> # Static code analysis
elengenix research <cve> # CVE / exploit research
elengenix watchman # 24/7 monitoring daemon
elengenix scan <target> -q # Quiet mode: suppress phase-by-phase output
Phase 0: Elengenix Framework Pre-flight
Every elengenix scan invocation starts with Phase 0: Pre-flight, which runs
5 pure-Python modules + a PythonRecon fallback to produce baseline findings
without requiring any third-party tool or AI provider. This guarantees
actionable output even when the network is rate-limited, AI quota is exhausted,
or no scanners are installed.
| Phase | Module | What it does |
|---|---|---|
| 1 | PythonRecon |
HTTP probe, directory discovery, port scan, subdomain enumeration, parameter discovery (interest-based delta) |
| 2 | SmartWAFDetector |
Probe-based WAF detection + suggested evasions (Cloudflare, Akamai, ModSecurity, etc.) |
| 3 | ActiveFuzzer |
XSS / SQLi / SSTI payload testing on top-3 discovered parameters |
| 4 | BOLATester |
Differential IDOR testing on endpoints with user/account/profile path tokens |
| 5 | LearningEngine |
Records every finding to a per-target SQLite database |
| 6 | CoverageAnalyzer |
Tracks endpoint coverage and untested paths |
The preflight findings are passed to the AI agent (if available) as context and
saved to reports/<target>_<timestamp>/elengenix_findings.json.
elengenix_findings.json format
[
{
"tool": "python_recon",
"type": "param_discovery",
"severity": "Low",
"url": "https://target.com/api/users",
"title": "Interesting parameter: q (GET)",
"details": "Delta: 42% (baseline=1200, test=1700)"
}
]
Fields: tool, type (recon_http|endpoint|port|subdomain|param_discovery|waf|xss|sqli|bola),
severity (Critical|High|Medium|Low|Informational), url, title, details.
When AI is unavailable
If the configured AI provider (Gemini, OpenAI, NVIDIA NIM, etc.) returns errors — usually due to quota exhaustion, invalid API key, or network issues — Elengenix does not produce an empty report. Instead it auto-generates a report from preflight findings:
- Severity breakdown — count by Critical/High/Medium/Low/Informational
- Type breakdown — count by finding type
- High-priority targets — top 10 Critical/High findings with URLs
- Recommended next steps — numbered list of follow-up actions
- AI provider fix instructions — link to https://aistudio.google.com/apikey
A prominent yellow banner is printed when AI is unavailable. Fix AI access:
- Check API keys in
.env(GEMINI_API_KEY, OPENAI_API_KEY, etc.) - Verify provider quota at https://aistudio.google.com/apikey
- Or reconfigure with
python3 main.py configure
Architecture
User Input ──► Governance Gate ──► AI Reasoning Engine
│
┌────────────────────┼────────────────────┐
▼ ▼ ▼
Attack Planner Tool Registry Analysis Pipeline
(Dynamic tree) (90+ tools) (BOLA, CVSS, WAF,
SOC, Exploit Chain)
│
Vector Memory
(Cross-session recall)
AI Providers Supported
OpenAI · Anthropic · Google Gemini · Groq · NVIDIA NIM · Mistral · DeepSeek · Perplexity · OpenRouter · Ollama (local)
Testing
python3 -m pytest tests/ -v
Test coverage includes: governance enforcement, native shell execution policy, target validation, multi-agent coordination, and session management.
Project Structure
main.py # CLI router
agent_brain.py # Core AI reasoning engine
cli_textual.py # Terminal UI (Textual)
tools/
governance.py # Risk classification engine
multi_agent.py # Team Aegis collaboration (up to 3 models)
analysis_pipeline.py # Post-finding analysis (CVSS, BOLA, chains)
vector_memory.py # Semantic memory (ChromaDB / SQLite FTS5)
safe_exec.py # Governance-gated native shell execution
tests/ # pytest test suite
knowledge/ # Security methodology documentation
Contributing
See CONTRIBUTING.md for code standards, logging conventions, and security rules.
Core rules: 4-space indent · type hints everywhere · raw shell only behind governance · API keys in .env only
License
- License: GPL-3.0 — see LICENSE for details.
⚡ Compute Sponsorship & API Integration
We are incredibly grateful to the AMD AI Cloud program for sponsoring the high-performance compute infrastructure powered by AMD Instinct™ MI300X accelerators.
Rather than competing with general-purpose frontier models, Elengenix is built on a hybrid-intelligence model:
- Downstream Utility Specialization — We leverage local AMD accelerators to pre-process large security data sets, run high-frequency log parsing, and train specialized, lightweight helper models (e.g., 7B/8B parameter models) for specific local formatting and regex extraction tasks.
- Frontier API Orchestration — The main strategic planners, multi-agent consensus logic, and high-level reasoning systems are designed to consume frontier APIs like Claude and GPT. These models act as the master orchestrators that direct our local utilities.
Built by independent security researchers, for the open-source security community.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file elengenix-1.0.0.tar.gz.
File metadata
- Download URL: elengenix-1.0.0.tar.gz
- Upload date:
- Size: 993.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0c3f326d14223e01b493d2cbb73c5a9f61b3f36c163194f45fb0fbedc7113684
|
|
| MD5 |
76df502a43187da6720546db0dbbb9f5
|
|
| BLAKE2b-256 |
8b8dc5c484a99e9f7bd6a52b47a583a7348e1e52628d98033d86577edf123458
|
File details
Details for the file elengenix-1.0.0-py3-none-any.whl.
File metadata
- Download URL: elengenix-1.0.0-py3-none-any.whl
- Upload date:
- Size: 956.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3ef27e8a8c1ff6a2b02f6a28267d3255a1718552fa97bc3d590e269a83b30bc3
|
|
| MD5 |
7e7f2a3bf60cadcdcce03519608b81a0
|
|
| BLAKE2b-256 |
576e9523cd5482a0dc382a7fe26cb17ce284d966e540c1e720f586c8dd08ff87
|