← all repositories
elder-plinius/T3MP3ST

Your AI coding agent is already a hacker; meet its arsenal

T3MP3ST turns the AI coding agent already on your machine into a self-hosted, keyless bug-hunting rig for authorized targets.

1.7k stars TypeScript AgentsDomain Apps
T3MP3ST
Collecting fresh signals — velocity needs a few days of history.
collecting data…
star history

What it does

T3MP3ST is a TypeScript framework that wraps your existing AI coding agent into an autonomous offensive-security pipeline for authorized targets. It drives reconnaissance, exploitation, and reporting through a browser-based War Room or the CLI, using whichever agent you already have signed in—Claude Code, Codex, Hermes, or a fully offline local model—as its brain. No new API keys, cloud tenants, or second bills are required.

The interesting bit

The project is almost aggressively honest about what actually works. Every headline number recomputes from committed artifacts, and the README bluntly admits that while the single-agent recon and exploit engine is proven—90.1% on XBEN, 8/10 post-cutoff CVEs pinned to file/line—the “multi-agent swarm” is still mostly aspiration. The eight-operator kill chain runs real tools, but coordinated end-to-end swarm exploitation is unbenchmarked and unreliable.

Key highlights

  • Mean pass@1 of 90.1% on XBOW’s 104-challenge XBEN suite, above XBOW’s self-reported 85%, with results re-derived from committed data.
  • Cold-hunted real, post-cutoff CVEs the model had never seen, pinning 8 of 10 to exact file, line, and CWE across seven languages.
  • Runs keyless by piggybacking on the AI coding agent already on your machine, or fully offline via Ollama, LM Studio, or vLLM.
  • Ships with scope containment on by default: built-in networked tools refuse off-target public hosts once a mission is set.
  • Maintains a live coordinated-disclosure pipeline with vendor drafts already held for coordination.

Caveats

  • The multi-agent swarm is experimental: headline benchmarks were achieved by a single agent, and end-to-end coordinated exploitation across the eight-operator cell is still unreliable.
  • White-box source analysis is currently limited to Python-only regex ingest, and smart-contract work only reproduces known exploit classes rather than finding novel bugs.
  • Cloud, mobile, Active Directory, and binary reverse-engineering coverage are marked as in development; the src/stubs/ directory currently holds interface-only scaffolding for cloud, persistence, swarm, and cognition modules.

Verdict

Worth a look if you want to put the AI agent already on your laptop to work for authorized bug hunting with audited claims. Skip it if you need proven multi-agent coordination or production-grade cloud and mobile coverage.

Frequently asked

What is elder-plinius/T3MP3ST?
T3MP3ST turns the AI coding agent already on your machine into a self-hosted, keyless bug-hunting rig for authorized targets.
Is T3MP3ST open source?
Yes — elder-plinius/T3MP3ST is open source, released under the AGPL-3.0 license.
What language is T3MP3ST written in?
elder-plinius/T3MP3ST is primarily written in TypeScript.
How popular is T3MP3ST?
elder-plinius/T3MP3ST has 1.7k stars on GitHub.
Where can I find T3MP3ST?
elder-plinius/T3MP3ST is on GitHub at https://github.com/elder-plinius/T3MP3ST.

heatdrop uses Google Analytics to see which pages get read — nothing else. Your call. How we handle data.