Autonomous Red Teaming Kernel
Hellcat is a continuous, adaptive red teaming system that combines kernel-level orchestration (scheduling, dispatch, verification, self-healing, learning) with specialized pentesting operators (recon, vulnerability analysis, exploitation, reporting). It powers ClawdStrike, a cybersecurity cluster in Backbay Industries' decentralized production marketplace.
Hellcat maintains a TargetGraph -- a directed property graph of attack surfaces, vulnerabilities, credentials, access levels, and defenses. The kernel loop continuously plans attacks, dispatches specialized operators to isolated StrikeCells, validates exploit proofs through 4-level evidence gates, and feeds results back into the graph. An OPSEC-aware Noise Monitor ensures testing stays stealthy and within authorized scope.
Load TargetGraph --> Plan Attacks --> Dispatch Operators --> Validate Proofs --> Update Graph --> Learn --> Repeat
| Concept | Description |
|---|---|
| TargetGraph | Attack surface as a directed property graph (targets, vulns, creds, defenses) |
| StrikeCells | Isolated browser/network sandboxes per attack operation |
| Operators | Specialized attack agents: ReconOp, InjectionOp, XSSOp, AuthOp, AuthzOp, SSRFOp, ReportOp |
| ProofValidator | 4-level evidence gates with reproducibility checks |
| Noise Monitor | OPSEC awareness: detect detection, back off, manage noise budget |
| AttackPatternDB | Learning layer: which techniques work against which stacks |
| Engagement Playbooks | Reusable attack patterns accumulated across engagements |
# Install Python dependencies
uv pip install -e ".[dev]"
# Run kernel (single cycle, dry run)
hellcat run --once --dry-run
# Run kernel (continuous)
hellcat run --watch
# Check status
hellcat status
# Run tests
uv run pytest -v- CLAUDE.md -- Source of truth for working in this codebase
- Architecture Overview -- Kernel loop, TargetGraph, operators, proof gates
- Data Model -- Graph schema, status states, dependency edges
- Scheduling Algorithm -- Attack planning and prioritization
- Quality Gates -- Proof validation
- Security & Safety -- Scope enforcement, guardrails
+-------------------------------------------------------------------+
| HELLCAT KERNEL |
| AttackPlanner | OperatorDispatch | ProofValidator |
| |
| TargetGraph State | Noise Monitor (OPSEC) |
+-------------------------------------------------------------------+
| ^
| spawn StrikeCells | Exploit+Proof
v |
+-------------------------------------------------------------------+
| STRIKECELL POOL |
| ReconOp | InjectionOp | XSSOp | AuthOp | SSRFOp | ... |
+-------------------------------------------------------------------+
| |
v v
+-------------------------------------------------------------------+
| OPERATOR EXECUTION |
| PromptEngine | Claude executor | Playwright MCP | Tools |
+-------------------------------------------------------------------+
MIT