T3MP3ST: The Open-Source Framework That Turns Your Local AI Coding Agent Into an Autonomous Zero-Day Hunter + Video

Listen to this Post

Featured Image

Introduction:

The line between AI-assisted development and autonomous offensive security has just been erased. T3MP3ST (pronounced “TEMPEST”) is an open-source, AGPL-3.0 licensed meta-harness that takes the AI coding agent you already run—whether it’s Claude Code, OpenAI Codex, Hermes, or a fully local model via Ollama or vLLM—and transforms it into a dedicated, autonomous penetration testing operator. With zero required API keys, no cloud infrastructure, and full offline capability, this framework executes a complete recon-to-exploit kill chain while strictly containing itself to authorized targets.

Learning Objectives:

  • Understand the architectural design and multi-agent orchestration layer that powers T3MP3ST’s autonomous red-teaming capabilities
  • Master the deployment and configuration of T3MP3ST with both cloud-based and fully local AI models
  • Learn to execute a complete penetration testing kill chain—from reconnaissance to exploitation to reporting—using AI-driven automation
  1. Understanding the T3MP3ST Architecture: The Multi-Agent Orchestration Layer

T3MP3ST is not a vulnerability scanner in the traditional sense. It is a multi-agent orchestration layer that builds a complete operational system around AI agents, encompassing task orchestration, tool calling, evidence management, and OPSEC control. At its heart lies the `TempestCommand` central dispatcher—an event-driven system based on EventEmitter that drives the entire mission loop.

Key Architectural Components:

| Subsystem | Location | Responsibility |

|–|-|-|

| TempestCommand | `src/index.ts` | Lifecycle management, tick execution loop, event forwarding, intelligence synchronization |
| OperatorCell | `src/operators/index.ts` | Agent pool management, spawning/destruction, state aggregation |
| MissionControl | `src/mission/index.ts` | Task queueing, phase transitions, target tracking, Rules of Engagement (RoE) enforcement |
| TargetEnvironment | `src/target/index.ts` | Attack surface modeling, target state machine |
| EvidenceVault | `src/evidence/index.ts` | Findings storage, credential management, CVSS scoring, chain-of-custody |
| Arsenal | `src/arsenal/index.ts` | Tool registry, filtering, execution history, toolchain orchestration |
| LLMBackbone | `src/llm/index.ts` | Multi-provider abstraction, model fallback chains, token budget control |

The 8-Operator Kill Chain:

The framework designs eight distinct operator roles mapped to the MITRE ATT&CK framework and Cyber Kill Chain:
– Recon (TA0043): OSINT, network discovery, asset enumeration
– Scanner (TA0007): Vulnerability scanning, service fingerprinting
– Exploiter (TA0001): Exploit development and payload delivery
– Infiltrator (TA0008): Lateral movement, privilege escalation
– Exfiltrator (TA0009/10): Data extraction, credential harvesting
– Ghost (TA0003): Persistence, stealth, cleanup
– Coordinator (TA0011): Task control, orchestration
– Analyst: Pattern analysis, report generation

Critical Note: While the framework envisions full 8-operator swarm coordination, the benchmarked results (90.1% on XBEN) currently come from the single-agent ReAct loop, not the full multi-agent swarm. The coordinated swarm remains experimental.

2. Keyless Warfare: Deployment Without API Keys

T3MP3ST’s most disruptive feature is its Keyless design. Traditional automated penetration testing platforms require users to configure OpenAI API keys, Anthropic keys, or other cloud model credentials. T3MP3ST eliminates this entirely.

How It Works:

Instead of requesting new API keys, T3MP3ST connects to AI coding agents already authenticated and running on your local machine through their respective official CLIs. The framework communicates via local inter-process communication or the MCP (Model Context Protocol) standard interface.

Deployment Options:

  1. Cloud-Based Agents: Connect to already-authenticated Claude Code, OpenAI Codex, or Hermes sessions
  2. Fully Local Models: Run entirely offline using vLLM or Ollama with models like Llama, Mistral, or any GGUF-quantized model

Zero-Trust Containment:

The framework enforces egress-scope containment—networked tools automatically refuse to touch off-scope public hosts. This means even if the AI agent attempts to reach beyond the authorized target, the framework’s OPSEC layer blocks it.

  1. Step-by-Step: Deploying T3MP3ST with Ollama (Fully Local, Offline)

This guide walks you through deploying T3MP3ST with a fully local Ollama model for completely air-gapped operation.

Prerequisites:

  • Node.js (v18 or higher)
  • Ollama installed and running
  • A local model pulled (e.g., `llama3.1:8b` or mistral:7b)

Step 1: Clone the Repository

git clone https://github.com/elder-plinius/T3MP3ST.git
cd T3MP3ST

Step 2: Install Dependencies

npm install

Step 3: Configure Ollama Connection

Ensure Ollama is running locally (default port 11434):

ollama serve

Verify your model is available:

ollama list

Step 4: Configure T3MP3ST for Local LLM

Create or modify the configuration to point to your local Ollama instance. The framework’s LLMBackbone supports multiple providers with fallback chains:

{
"llm": {
"provider": "ollama",
"endpoint": "http://localhost:11434",
"model": "llama3.1:8b",
"fallback": [
{ "provider": "ollama", "model": "mistral:7b" }
]
}
}

Step 5: Launch the Web War Room

npm run dev

Access the web interface at `http://localhost:3000`. The War Room provides a real-time dashboard showing agent activity, findings, and the attack progression.

Step 6: Define Your Target

Through the War Room or CLI, specify your authorized target:

npm run target -- --url https://your-test-target.com

Step 7: Execute the Mission

npm run mission -- --mode recon

For full kill chain:

npm run mission -- --mode full

Step 8: Verify Results

Every claim in the T3MP3ST README is reproducible. Run the verification command:

npm run verify-claims

This recomputes all benchmark scores from committed data.

4. Benchmark Performance: What T3MP3ST Actually Achieves

The framework has been rigorously tested across multiple benchmarks with impressive results:

XBEN Suite (104 Challenges):

  • 90.1% pass@1—outperforming XBOW’s own self-reported baseline of ~85%
  • Every solve graded against a committed flag oracle
  • Fully reproducible via `verify-claims` command

Cybench Academic Benchmark (40 Tasks):

  • 23/40 hint-free solves using single-agent ReAct loop

Real-World CVE Detection (2026 CVEs, 7 Languages):

  • Single agent pinned 8/10 vulnerabilities to exact file, line, and CWE classification
  • Full tool pack surfaced all 10 CVEs
  • Critical distinction: These CVEs were disclosed after the model’s training cutoff, ruling out memorization

What This Means:

The framework isn’t just regurgitating known patterns—it’s demonstrating genuine zero-day hunting capability against previously unseen vulnerabilities.

5. Linux Commands for T3MP3ST Operations

Beyond the npm commands, here are essential Linux commands for managing T3MP3ST operations:

Network Reconnaissance (Used by Recon Operator):

 Port scanning with nmap
nmap -sV -p- --open <target-ip>

Subdomain enumeration
subfinder -d <target-domain> -o subdomains.txt

Directory brute-forcing
gobuster dir -u <target-url> -w /usr/share/wordlists/dirb/common.txt

Service Fingerprinting:

 WhatWeb for web technology detection
whatweb <target-url>

SSL/TLS enumeration
sslscan <target-ip>

Vulnerability Scanning:

 Basic vulnerability scan with nmap scripts
nmap --script vuln <target-ip>

Nikto web server scanner
nikto -h <target-url>

Evidence Collection:

 Capture network traffic
tcpdump -i eth0 -w capture.pcap

Log analysis
journalctl -u <service> --since "1 hour ago"

OPSEC and Containment:

 Verify T3MP3ST is only communicating with authorized targets
sudo netstat -tunap | grep node

Monitor outbound connections
sudo ss -tunap | grep ESTABLISHED

6. Windows Commands for T3MP3ST Operations

For Windows-based deployments, use these PowerShell commands:

Network Discovery:

 Port scanning with Test-1etConnection
1..1024 | ForEach-Object { Test-1etConnection -ComputerName <target-ip> -Port $_ }

DNS enumeration
Resolve-DnsName <target-domain>

Service Enumeration:

 Get open ports with netstat
netstat -ano | findstr LISTENING

Service information
Get-Service | Where-Object {$_.Status -eq "Running"}

File System Reconnaissance:

 Find sensitive files
Get-ChildItem -Path C:\ -Recurse -Include .config,.xml,.json -ErrorAction SilentlyContinue

Search for credentials in files
Select-String -Path "C:\.config" -Pattern "password|secret|key"

Process Monitoring:

 List all running processes with network connections
Get-1etTCPConnection | Select-Object LocalAddress,LocalPort,RemoteAddress,RemotePort,State,OwningProcess

Get process details
Get-Process -Id <PID>
  1. The Cognitive Architecture: Why T3MP3ST Doesn’t Give Up

Traditional ReAct (Reasoning + Acting) agents often fail in security testing because they give up too early:

Agent: "Let me try SQL injection..." → Failure
Agent: "Let me try XSS..." → Failure
Agent: "Maybe this target is secure?" → GIVES UP ❌

T3MP3ST’s cognitive architecture enforces persistence. It doesn’t tell the agent “how” to hack—it forces the agent to adhere to a persistence framework that recognizes:

  • 80% of success comes from persistence—the first five attempts often fail, the sixth succeeds
  • Error messages are intelligence—failure provides information about what doesn’t work, narrowing the attack surface
  • False assumptions can be experimentally falsified—the agent must test hypotheses rather than abandon them

The framework provides a “cognitive scaffold” that enforces these principles through its mission control and evidence vault subsystems.

What Undercode Say:

  • Key Takeaway 1: T3MP3ST represents a fundamental shift in how security testing is accessed. By eliminating API keys and cloud dependencies, it democratizes advanced penetration testing—any developer with an AI coding assistant can now run autonomous red-team operations against their own applications. The 90.1% XBEN score proves this isn’t theoretical; it’s production-ready for authorized testing scenarios.

  • Key Takeaway 2: The framework’s cognitive architecture is arguably more important than its toolset. By forcing agents to persist through failure and treating errors as intelligence, T3MP3ST solves the core problem that plagues most AI security tools: premature abandonment. The 8/10 real CVE detection rate on post-cutoff vulnerabilities demonstrates genuine zero-day hunting capability, not pattern matching.

Analysis: The open-source release of T3MP3ST under AGPL-3.0 is a double-edged sword. On one hand, it gives security researchers and defensive teams an unprecedented ability to test their own systems autonomously and cost-effectively. On the other, the same capabilities are available to threat actors. The framework’s built-in OPSEC containment is commendable, but it’s software—containment can be modified. The security community must treat this like any other powerful tool: embrace it for defense while remaining vigilant about its potential misuse. The keyless, local-first design is a masterstroke for accessibility, but organizations should implement strict policies around who can deploy T3MP3ST and against which targets. The framework’s reproducibility guarantee—every claim recomputable via verify-claims—sets a new standard for transparency in AI security tools.

Prediction:

  • +1 T3MP3ST will accelerate the adoption of AI-driven security testing in DevOps pipelines, reducing the cost and expertise barrier for continuous security validation. Within 12 months, expect CI/CD integrations that run T3MP3ST autonomously against staging environments before every production deployment.

  • +1 The framework’s modular, operator-based architecture will inspire a new ecosystem of specialized AI security agents. Third-party developers will create custom operators for specific domains (cloud infrastructure, IoT, smart contracts), turning T3MP3ST into a plugin platform for AI-driven security.

  • -1 The democratization of autonomous hacking will lead to an increase in unauthorized testing incidents. Well-meaning developers may accidentally scan out-of-scope targets, while malicious actors will repurpose the framework for criminal activity. The security industry must develop automated detection for T3MP3ST-like activity patterns.

  • +1 The “keyless” paradigm will pressure commercial AI security tools to eliminate API-key dependencies, driving down costs and increasing accessibility across the industry. Competitors will be forced to offer local-first, offline-capable alternatives.

  • -1 Organizations that deploy T3MP3ST without proper governance will create new attack surfaces. The AI agent, if misconfigured, could inadvertently expose internal network details or trigger rate-limiting defenses that disrupt production services. Strict RoE enforcement and human-in-the-loop oversight will be essential.

  • +1 The framework’s reproducible benchmarking (via verify-claims) establishes a new gold standard for AI security tool evaluation. Future tools will be judged not by vendor claims but by verifiable, reproducible benchmark scores—a win for transparency and accountability.

▶️ Related Video (76% Match):

https://www.youtube.com/watch?v=21G406w0RuU

🎯Let’s Practice For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

IT/Security Reporter URL:

Reported By: Charlywargnier 4000 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky