⚠ THREAT DETECTED | 84.51.100.47 | PORT SCAN | HONEYPOT DEPLOYED ⚠ BRUTE FORCE | 203.0.113.18 | SSH | BANNED IN 0.3s ✓ 299 TOOLS ACTIVE | 76 PLUGINS LOADED | SENECA-32B ONLINE ⚠ SQL INJECTION ATTEMPT | 192.0.2.99 | CRITICAL | IMMEDIATE BAN ✓ NIGHTLY REPORT GENERATED | 47 THREATS BLOCKED | ALL SYSTEMS NOMINAL ⚠ THREAT DETECTED | 198.51.100.47 | PORT SCAN | HONEYPOT DEPLOYED ⚠ BRUTE FORCE | 203.0.113.18 | SSH | BANNED IN 0.3s ✓ 299 TOOLS ACTIVE | 76 PLUGINS LOADED | SENECA-32B ONLINE ⚠ SQL INJECTION ATTEMPT | 192.0.2.99 | CRITICAL | IMMEDIATE BAN ✓ NIGHTLY REPORT GENERATED | 47 THREATS BLOCKED | ALL SYSTEMS NOMINAL
// OPEN SOURCE AI SECURITY PLATFORM · 299 TOOLS · 76 PLUGINS

ARGOS

PROTECT EVERYTHING · TRUST NO ONE

AI-powered security that sees everything, never sleeps, and belongs to everyone.
A complete autonomous defense and pentesting platform — not a passive monitor,
an active guardian that thinks, adapts, and responds.

GET ARGOS FREE VIEW SOURCE
argos-agent — seneca-32b — 332 tools
$ python3 main.py --mode telegram [✓] Seneca-32B loaded via llama.cpp (port 8080) [✓] 37 built-in tools · 84 plugins (332 tools) loaded [✓] Realtime watcher active (systemd) · Nightly cron 02:00 [✓] Channels: Telegram · Discord · Webhook [→] Threat: SQL injection from 198.51.100.47 [!] CRITICAL pattern — immediate ban via fail2ban [✓] Banned · Report generated · Telegram alert sent [✓] AbuseIPDB reported · LEO report ready
332
TOTAL TOOLS
84
PLUGINS
100%
FREE FOREVER
24/7
AUTONOMOUS
0
CLOUD REQUIRED
// CAPABILITIES

What ARGOS
can do

Defense, offense, intelligence — all in one autonomous platform powered by a custom fine-tuned AI model.

[◈]
SENECA AI ENGINE
Custom fine-tuned Seneca-Cybersecurity-LLM-x-QwQ-32B running via llama.cpp. Trained by 8 specialist professor models. Reasons about behavior, not just signatures. Runs on-premise with no GPU.
32B PARAMETERS · NO GPU REQUIRED
[⊕]
HONEYPOT ENGINE
Deploys context-aware decoys that mirror your real infrastructure. Lures attackers in, logs every byte, collects forensic evidence, generates law enforcement reports.
SSH · HTTP · MYSQL · FTP · REDIS
[▣]
REALTIME WATCHER
24/7 systemd service. Bans IPs within seconds of attack. CRITICAL patterns (SQLi, CMDi, reverse shell) → immediate ban in 1 hit. HIGH patterns → ban after 5 hits in 120s.
SYSTEMD · FAIL2BAN · INSTANT BAN
[◉]
NETWORK MONITOR
Deep behavioral analysis of all traffic. Identifies port scans, DDoS, data exfiltration, C2 beaconing. Nightly aggregated analysis at 02:00 with JSON reports.
PSUTIL · SCAPY · NIGHTLY CRON
[⊞]
PROCESS GUARDIAN
Monitors all running processes for anomalous behavior. Detects ransomware, cryptominers, rootkits, privilege escalation. Suspends (not kills) — evidence is preserved.
SUSPEND · ISOLATE · PRESERVE
[⊟]
EVIDENCE COLLECTOR
Forensic-grade evidence for every attack. Tamper-evident audit log (SHA256 chain). Formal law enforcement reports: Polizia Postale, CSIRT-IT, Europol, FBI IC3.
SHA256 CHAIN · LEO REPORTS
[⊗]
PLUGIN SYSTEM
Hot-loadable plugins — drop a .py file in and it's live with no restart. 332 tools across 34 categories: threat intel, OSINT, pentest, C2, MCP integration, hook middleware, MITRE ATT&CK, IoT, LLM red team and more.
HOT-RELOAD · 332 TOOLS · 34 CATEGORIES
[◫]
PENTEST PLATFORM
Full offensive capabilities: autonomous white-box 5-phase pipeline (Shannon integration), PentestGPT, Pentest-Swarm (5 AI agents), Nebula AI, NetExec, Gobuster, Sn1per, Nettacker (200+ modules), skipfish (10,000+ checks), rapidscan, Vaile.
WHITE-BOX · 5-PHASE · AUTHORIZED USE ONLY
[◈]
THREAT INTELLIGENCE
20+ integrated threat intel sources: VirusTotal, GreyNoise, AlienVault OTX, AbuseIPDB, Shodan, Censys, Hybrid Analysis, SpiderFoot (400+ modules), theHarvester, Sherlock, and more.
FREE APIS AVAILABLE
[⊞]
RED TEAM TOOLS
MITRE ATT&CK simulation (Red Canary Atomic Red Team), LLM adversarial testing, DoS resilience (MHDDoS 57 methods), C2 frameworks (emp3r0r), red team infra (Overlord + Terraform).
MITRE ATT&CK · C2 · INFRA
[⊗]
COMMUNITY INTEL
Opt-in threat sharing. When one node flags an IP, every node knows. Contribute anonymized indicators — never shares your IP, topology, logs, or PII.
OPT-IN · PRIVACY FIRST
[◈]
SELF-IMPROVING AI
Every incident becomes training data. Fine-tuning pipeline on RunPod: 8 professor models generate training examples, LoRA adapts the model weekly. Gets smarter with your environment.
LORA · RUNPOD · WEEKLY FINE-TUNE
// PLUGIN ECOSYSTEM

84 plugins.
332 tools.
Drop & go.

Every plugin is a Python file. Drop it in agent/plugins/ and it's live.
No restart, no config. The AI discovers it automatically.

THREAT INTEL
5 plugins · 22 tools
VirusTotal · GreyNoise · AlienVault OTX · ThreatFox/URLHaus · OpenCTI
URL & FILE ANALYSIS
3 plugins · 11 tools
URLScan.io · Hybrid Analysis (Falcon Sandbox) · Qualys SSL Labs
IP & EMAIL INTEL
5 plugins · 16 tools
Censys · IPInfo · IP2Location · EmailRep + Pulsedive · HaveIBeenPwned
PENTEST REPORT
1 plugin · 1 tool
HTML + Markdown + JSON · CVSS scoring · MITRE ATT&CK · Executive Summary
AI PENTEST AGENTS
5 plugins · 18 tools
PentestGPT · PentAGI · Pentest Copilot · Nebula AI · pentest_pipeline (Shannon 5-phase white-box)
OFFENSIVE CLI
5 plugins · 18 tools
Sn1per · NetExec (SMB/SSH/LDAP/WinRM) · Gobuster · Payload library · Reverse shells (11 types)
HONEYPOT PLATFORM
1 plugin · 3 tools
T-Pot Elasticsearch integration · Attack stats · Harvested credentials
DoS RESILIENCE
1 plugin · 5 tools
MHDDoS (57 methods) · Impulse · DDoS-Ripper · Kraken · Full stress test
AI RED TEAM
1 plugin · 4 tools
LLM jailbreak testing · Prompt injection · L1B3RT4S collection · Any OpenAI-compatible endpoint
MICROSOFT 365
1 plugin · 6 tools
Power Platform recon · Resource dump · Copilot hunter · LLM Hound · MCP recon
PENTEST PLATFORMS
3 plugins · 10 tools
Pentest-Swarm (5 AI agents) · emp3r0r C2 · Overlord red team infra (Terraform)
WEB & API SECURITY
2 plugins · 9 tools
OWASP Nettacker (200+ modules) · rapidscan · Vaile · Astra REST API · skipfish (10K+ checks)
DLP EVASION
1 plugin · 3 tools
Cloakify: encode data as emoji, LOTR quotes, sports teams — test DLP bypass controls
PENTEST FRAMEWORKS
1 plugin · 6 tools
fsociety all-in-one · DarkSpiritz (Metasploit-style) · KaliIntelligenceSuite OSINT
IoT PENTEST
1 plugin · 4 tools
MQTT · CoAP · Modbus · BACnet · S7comm protocol detection · Default credential testing
MITRE ATT&CK
1 plugin · 4 tools
Red Canary Atomic Red Team · Technique YAML execution · bash/powershell/python executors
OSINT PLATFORMS
2 plugins · 9 tools
SpiderFoot (400+ modules) · Username recon across 200+ platforms · Instagram OSINT
HAK5 PAYLOADS
1 plugin · 4 tools
OMG Cable · BashBunny · KeyCroc · SharkJack · USB Rubber Ducky payload library
WORDPRESS
1 plugin · 3 tools
WPScan: vulnerable plugins/themes · CVE data · User enumeration · Password attacks
SOCIAL ENGINEERING
1 plugin · 4 tools
maskphish URL obfuscation · seeker geolocation capture · Storm-Breaker A/V testing
LFI / SSTI / ENCODERS
1 plugin · 4 tools
LFI/RFI payloads (PHP wrappers, /proc) · SSTI 8 engines (Jinja2/Twig/Freemarker/ERB) · WAF bypass encoders
NEBULA AI
1 plugin · 3 tools
Natural language pentesting: "! scan 192.168.1.1 for open ports" — Ollama local or OpenAI
MCP INTEGRATION
1 plugin · 5 tools
Model Context Protocol client — connette ARGOS a GitHub, PostgreSQL, Slack, filesystem e qualsiasi server MCP. Tool auto-discovery.
HOOK MIDDLEWARE
1 plugin · 5 tools
Pre/Post tool execution hooks: audit log automatico, rate limiter, dangerous tool gate. Hook custom registrabili runtime.
AGENT FEATURES
1 plugin · 6 tools
Token tracking · Session compaction · Permission modes (readonly/workspace/full) · Parity audit · Cost estimation
SAST / CODE ANALYSIS
2 plugins · 8 tools
Semgrep (30+ languages) · Bandit (Python) · Trivy (Docker, packages, IaC, SBOM)
AI SECURITY
1 plugin · 5 tools
Garak LLM scanner · Prompt injection · Jailbreak detection · LLM red team · Security benchmark
MALWARE DETECTION
1 plugin · 5 tools
YARA rules (file + process scan) · ClamAV · Custom rule management
MEMORY FORENSICS
1 plugin · 6 tools
Volatility 3 — pslist · netscan · malfind · hashdump · cmdline · OS auto-detect
NETWORK IDS
1 plugin · 4 tools
Zeek pcap analysis · Suricata alerts · IOC extraction · eve.json parser
ADVANCED PENTEST
3 plugins · 12 tools
Metasploit msfrpc · SQLmap (inject/dump/shell) · FFUF (dirs/vhosts/params/fuzz)
CLOUD SECURITY
1 plugin · 5 tools
ScoutSuite multi-cloud · Prowler compliance (CIS/GDPR/PCI-DSS) · IAM analyzer · Quick audit
THREAT INTEL FEEDS
1 plugin · 6 tools
malicious-ip (14+ fonti) · ShadowWhisperer honeypot · Ipsum tier-6 · EmergingThreats · Spamhaus DROP · apply to UFW/iptables · 40k+ IPs
IOT HONEYPOT
1 plugin · 5 tools
Emula BusyBox router/cam · cattura credenziali e comandi botnet · classifica Mirai/Gafgyt/Mozi/QBot · URL malware extraction
LLM SECURITY (OWASP)
1 plugin · 5 tools
OWASP LLM Top 10 · prompt injection · jailbreak · data extraction · audit completo con risk score · funziona su Seneca locale
IP INVESTIGATOR
1 plugin · 5 tools
Geo · ASN · WHOIS · ThreatFox · URLHaus · Pattern analisi attackers · Watcher auto-enrichment · Zero API key
ACTIVE DIRECTORY
2 plugins · 9 tools
BloodHound CE (attack paths, shortest path) · Impacket (secretsdump, Kerberoast, AS-REP, SMB enum)
SIEM / THREAT INTEL
3 plugins · 11 tools
Wazuh SIEM · MISP (IOC sharing, event management) · OSV-Scanner (Google dependency CVE)
WEB SCANNER
1 plugin · 3 tools
Nikto — web server vulns, security headers, misconfigurations, SSL issues
IOC EXTRACTOR
1 plugin · 4 tools
DataSurgeon pure Python · IPv4/IPv6 · domain · URL · email · hash MD5/SHA1/SHA256 · CVE · JWT · API keys · AWS keys · credentials · zero deps
FAST RECON
1 plugin · 5 tools
RustScan (65K ports in 3s) → nmap -sV -sC → sn0int OSINT · full pipeline auto-fallback · masscan CIDR sweep · CVE hint detection
STRESS TEST
1 plugin · 5 tools
Authorized load testing · wrk/ab HTTP benchmark · hping3 TCP · iperf3 bandwidth · Slowloris resilience · mandatory authorization gate
SIGMA / LOG ANALYSIS
1 plugin · 5 tools
Zircolite · SIGMA rules su Windows EVTX / Sysmon / Linux audit · MITRE ATT&CK mapping · pipeline multi-formato · auto-download regole
DFIR FORENSICS
1 plugin · 5 tools
EVTX analysis · registry forensics · prefetch · timeline bodyfile · IR artifact collection (cron, SUID, history, modified files) · dfir-toolkit Rust
MOBILE FORENSICS
1 plugin · 5 tools
MVT (Amnesty Int.) · Pegasus / Predator / stalkerware IOC scan · iOS backup · Android APK · STIX2 threat feed auto-aggiornato
NETWORK CAPTURE
1 plugin · 5 tools
tcpdump / tshark capture · PCAP analysis · FlowMeter ML classification · DNS/HTTP/credential extraction · session management
FAVICON OSINT
1 plugin · 5 tools
MurmurHash3 favicon fingerprinting · Shodan / ZoomEye / Fofa search · C2 infra discovery · phishing clone detection · zero API key per hash
EXIF FORENSICS
1 plugin · 5 tools
ExifTool · GPS coordinates da foto · author attribution · device fingerprint · steganography hints · batch scan · 200+ formati
DOCUMENT ANALYSIS
1 plugin · 5 tools
Apache Tika · 1000+ formati: PDF / Office / email / archivi · malware triage con risk score · language detection per APT attribution · IOC extraction
WEB RECON & CRAWLER
1 plugin · 5 tools
Site mapper · admin panel finder · form CSRF analysis · JS API endpoint extraction · Firecrawl scraping · Playwright screenshot
CREWAI MULTI-AGENT
1 plugin · 4 tools
CrewAI orchestration · 3-agent recon crew · vuln analysis crew · threat hunt crew · IR playbook generator · usa Seneca-32B locale
PRAISONAI AGENTS
1 plugin · 4 tools
Fast single/multi-agent tasks · security analysis · threat classification · code audit · OSINT profiling · 100+ LLM providers · Seneca-32B locale
KNOWLEDGE GRAPH
1 plugin · 4 tools
Cognee persistent threat intel graph · ingest IOCs/CVEs/reports · semantic search · IOC correlation · export JSON/CSV/STIX2 · cross-session memory
AGENT ORCHESTRATION
1 plugin · 4 tools
Agent Squad routing · task classification · multi-specialist dispatch · parallel security analysis · pentest/IR/OSINT team assembly
COMPOSIO INTEGRATIONS
1 plugin · 5 tools
250+ app integrations · Slack/Telegram alerts · GitHub/Jira ticket creation · webhook dispatcher · security event routing
ACTIVEPIECES AUTOMATION
1 plugin · 4 tools
Self-hosted workflow automation · trigger flows on security events · ip_banned/intrusion/malware/data_leak response · webhook creation · local queue fallback
DEERFLOW RESEARCH
1 plugin · 4 tools
ByteDance deep research agent · web search + code execution + structured reports · threat actor profiles · CVE deep dive · OSINT synthesis
HERMES AGENT
1 plugin · 4 tools
Autonomous agent with terminal + file + web tools · security audit · host investigation · code analysis · 40+ built-in capabilities
SUNA AI AGENT
1 plugin · 4 tools
Kortix Suna generalist agent · browser automation · web research · HTTP security scan · OSINT via live web · computer use capabilities
// ARCHITECTURE

Built to
think, not
just watch

Three-layer intelligence. The agent handles the obvious. Seneca-32B handles the complex. Human judgment via Telegram handles the unprecedented. Every decision feeds back into the model — it learns from your environment.

ARGOS DEFENSE STACK

┌─ LAYER 1: AGENT ─────────────────────┐
│ Network · Processes · Filesystem │
│ Realtime watcher (systemd, 24/7) │
│ Instant ban: fail2ban + iptables │
└──────────────────────┬───────────────┘

┌─ LAYER 2: SENECA-32B (LOCAL) ────────┐
│ QwQ-32B fine-tuned via llama.cpp │
│ 332 tools · 84 plugins · hot-reload │
│ Parallel subagents (ThreadPool) │
└──────────────────────┬───────────────┘

┌─ LAYER 3: ESCALATION ────────────────┐
│ Telegram / Discord → human decision │
│ Claude API → complex reasoning │
│ SHA256 audit chain · LEO reports │
└──────────────────────┬───────────────┘

FEEDBACK LOOP → LORA FINE-TUNING
8 professor models · RunPod weekly
// BUILT-IN TOOLS — 37 ALWAYS AVAILABLE

The core.
No plugins needed.

37 tools built directly into the agent — always available, no external dependencies.

// NETWORK RECON
  • nmap_scanPort scan + service detection
  • masscan_scanUltra-fast full-port discovery
  • dns_lookupA/MX/TXT/NS/CNAME/SOA records
  • whois_lookupWHOIS for domain or IP
  • reverse_dnsIP to hostname
  • ping_hostICMP reachability check
// OSINT & THREAT INTEL
  • cve_lookupNVD CVE — CVSS score + severity
  • ip_reputationGeo + ASN + proxy detection
  • shodan_hostOpen ports + CVEs (free)
  • shodan_searchSearch exposed hosts by service
  • hash_lookupMalwareBazaar hash check
  • extract_iocsIPs/domains/hashes/CVEs from text
// VULNERABILITY SCANNING
  • nuclei_scan10,000+ templates: CVEs, panels
  • whatweb_scanCMS/framework fingerprinting
  • ssl_checkTLS cert expiry + cipher check
// ADVANCED OSINT & ATTRIBUTION
  • theharvester_scanEmails/subdomains from OSINT
  • sherlock_searchUsername across 400+ networks
  • ipwhois_lookupRDAP + abuse contact email
  • subdomain_enumcrt.sh + hackertarget passive
  • abuseipdb_checkAbuse score from 700k+ orgs
  • abuseipdb_reportReport attacker to global DB
  • build_attacker_dossierComplete attacker profile
  • generate_leo_reportFormal law enforcement report
// AUTO-HARDENING
  • lynis_auditHardening score 0-100 + warnings
  • harden_sshDisable password auth, limit retries
  • setup_ufwUFW: deny all, allow only specified
  • auto_hardenUFW + sysctl + fail2ban + services
// LOG ANALYSIS & DEFENSE
  • analyze_logDetect SQLi/XSS/brute/C2/ransomware
  • read_log_fileRead + analyze log from filesystem
  • generate_reportJSON security report → /opt/argos/reports
  • ban_ipPermanent ban via fail2ban
  • unban_ipRemove ban (false positive)
  • list_banned_ipsList all currently banned IPs
// REMOTE ACCESS CHANNELS

Control from
anywhere.

Four ways to interact with ARGOS. Send natural language commands, get instant results, receive threat alerts — from any device.

[✈]
TELEGRAM
Full two-way control via bot. Send commands, receive instant threat alerts, approve/reject decisions. Works from anywhere in the world.
[◈]
DISCORD
Discord bot with WebSocket gateway + HTTP fallback. Full ARGOS capabilities in your Discord server. Rate-limited and authenticated.
[⊞]
WEBHOOK
HTTP webhook server with rate limiting and bearer auth. Integrate ARGOS into any automation pipeline, CI/CD, or external system.
[▣]
CLI
Interactive terminal mode. Full agentic loop with conversation history, session compaction, and direct tool access on the server.
"The difference between a company that gets destroyed by a cyberattack and one that doesn't shouldn't be how much money they have."
— THE ARGOS MANIFESTO · SECURITY IS A RIGHT
// DEPLOYMENT MODES

Your rules.
Your data.

Three ways to run ARGOS. Pick the one that fits your situation. Switch anytime.

STANDALONE
Everything runs on your device. Zero external connections. Total privacy. Ideal for individuals and privacy-focused organizations.
  • Seneca-32B runs locally on device
  • No data leaves your machine
  • Works completely offline
  • No account required
RECOMMENDED
SELF-HOSTED
Run your own ARGOS server. All devices in your network connect to it. Best performance, full control, shared intelligence within your org.
  • Centralized AI on your server
  • Protect unlimited devices
  • React dashboard + WebSocket
  • Docker deployment ready
CLOUD
Use the community ARGOS server. Lightweight agent on your device, heavy lifting done remotely. Pay only real infrastructure costs.
  • Minimal hardware required
  • Community threat intelligence
  • Telegram + Discord channels
  • Cost: infrastructure only
// PLUG & PLAY

One server.
Every device.

Deploy ARGOS on any Ubuntu 24.04 server. Every device on your network connects instantly — no client install, no account, no cloud.

// QUICK START
git clone https://github.com/wlmzz/ARGOS-SECURITY.git /opt/argos/app
cd /opt/argos/app
sudo bash installer/install.sh    # base install
sudo bash install_tools.sh        # 14 security CLI tools

# Start all services
systemctl start argos-llama argos-server argos-watcher bloodhound-ce
// ENDPOINTS
ARGOS API http://YOUR_SERVER_IP/ Dashboard, chat, events
API (direct) http://YOUR_SERVER_IP:7070/ No proxy — always accessible
WebSocket ws://YOUR_SERVER_IP/ws/{id} Real-time threat stream
BloodHound CE http://YOUR_SERVER_IP:8890/ AD attack path analysis
LLM (Seneca) http://YOUR_SERVER_IP:8080/v1 OpenAI-compatible API
Qdrant http://YOUR_SERVER_IP:6333 Vector DB
SearXNG http://YOUR_SERVER_IP:8888 Private search engine

PROTECT
EVERYTHING.

// 299 TOOLS · 76 PLUGINS · FREE · OPEN SOURCE · FOREVER
DOWNLOAD ARGOS READ THE DOCS
// PLUGIN CATEGORY