{"id":51432875,"url":"https://github.com/jayelbotvibe-web/hermes-pentest-lab","last_synced_at":"2026-07-05T05:02:44.215Z","repository":{"id":366604845,"uuid":"1276596534","full_name":"jayelbotvibe-web/hermes-pentest-lab","owner":"jayelbotvibe-web","description":"Production-grade pentesting lab — Docker Compose tool isolation, AI agent orchestration, WireGuard OPSEC, LUKS encryption, automated PDF reports","archived":false,"fork":false,"pushed_at":"2026-06-30T05:33:34.000Z","size":3912,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-06-30T07:16:50.839Z","etag":null,"topics":["ai-agent","cybersecurity","docker","hermes-agent","pentesting","report-generation","security-tools","vulnerability-assessment"],"latest_commit_sha":null,"homepage":"https://jayelbotvibe-web.github.io/hermes-pentest-lab/","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jayelbotvibe-web.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-22T05:57:17.000Z","updated_at":"2026-06-30T05:33:37.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/jayelbotvibe-web/hermes-pentest-lab","commit_stats":null,"previous_names":["jayelbotvibe-web/hermes-pentest-lab"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jayelbotvibe-web/hermes-pentest-lab","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jayelbotvibe-web%2Fhermes-pentest-lab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jayelbotvibe-web%2Fhermes-pentest-lab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jayelbotvibe-web%2Fhermes-pentest-lab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jayelbotvibe-web%2Fhermes-pentest-lab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jayelbotvibe-web","download_url":"https://codeload.github.com/jayelbotvibe-web/hermes-pentest-lab/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jayelbotvibe-web%2Fhermes-pentest-lab/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35143802,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-05T02:00:06.290Z","response_time":100,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agent","cybersecurity","docker","hermes-agent","pentesting","report-generation","security-tools","vulnerability-assessment"],"created_at":"2026-07-05T05:02:43.397Z","updated_at":"2026-07-05T05:02:44.194Z","avatar_url":"https://github.com/jayelbotvibe-web.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Hermes Pentest Lab\n\n\u003e **Turn any Linux laptop into a production-grade pentesting workstation — with AI agent orchestration, Docker tool isolation, VPN OPSEC, encrypted storage, and automated report generation.**\n\u003e\n\u003e **⚠️ Requires host networking** — nmap raw sockets, crackmapexec SMB, and responder need `network_mode: host`. Docker Desktop users: set up a Linux VM with bridged networking.\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)\n[![Hermes Agent](https://img.shields.io/badge/Hermes%20Agent-Compatible-purple.svg)](https://github.com/NousResearch/hermes-agent)\n[![Docker](https://img.shields.io/badge/Docker-6%20profiles-blue.svg)](docker/docker-compose.yml)\n[![Subagents](https://img.shields.io/badge/Subagents-7-green.svg)](skills/)\n[![Findings KB](https://img.shields.io/badge/finding_KB-14_entries-f59e0b)](#-finding-knowledge-base-new)\n[![Sample Reports](https://img.shields.io/badge/Sample%20Reports-2-gold.svg)](https://jayelbotvibe-web.github.io/hermes-pentest-lab/)\n[![Tools](https://img.shields.io/badge/Tools-22%2B-orange.svg)](#-tools-included)\n[![Canary](https://img.shields.io/badge/canary-active-brightgreen)](scripts/pentest-canary.sh)\n[![Templates](https://img.shields.io/badge/Templates-5-teal.svg)](reports/templates/)\n\n---\n\n## What It Looks Like\n\n```text\n$ hermes\n/skill pentest-engage\n\nAgent: Validating scope...  ✓ 192.168.1.0/24 authorized\n       VPN check...  ✓ wg0 UP\n       LUKS check...  ✓ /dev/mapper/pentest mounted\n       Pre-flight checks complete. 6/6 subagents ready.\n\nAgent: OSINT agent → 12 subdomains, 47 email addresses found\n       Recon agent → 14 live hosts, 3 high-value services\n       Web agent → SQLi confirmed on /login (CVSS 9.8)\n       Network agent → Kerberoastable account: svc_sql\n\nAgent: Building report...\n       Findings: 2 Critical, 1 High, 4 Medium, 3 Low\n       Risk level: Critical\n\nReport saved: reports/acme-corp-2026-07/report-2026-07-01.pdf\nEngagement complete. All actions logged to audit trail.\n```\n\n---\n\n## 📊 Sample Reports\n\nTwo reports from live assessments — one vulnerable target, one hardened production site.\n\n| | Juice Shop Benchmark | ZeroDayBrief Blog |\n|---|---|---|\n| **Risk** | 🔴 High (38/100) | 🟢 Low (94/100) |\n| **Findings** | 14 (0C/1H/8M/5L) | 1 (Info) |\n| **Controls** | 6 Pass / 3 Warn / 7 Fail | 15 Pass / 0 Warn / 1 Fail |\n| **Target** | OWASP Juice Shop v20.0.0 | zerodaybrief.blog |\n| **PDF** | [juice-shop-benchmark-report.pdf](docs/reports/samples/juice-shop-benchmark-report.pdf) (337KB) | [zerodaybrief-report.pdf](docs/reports/samples/zerodaybrief-report.pdf) (43KB) |\n| **HTML** | [View](https://jayelbotvibe-web.github.io/hermes-pentest-lab/reports/samples/juice-shop-benchmark-report.html) | [View](https://jayelbotvibe-web.github.io/hermes-pentest-lab/reports/samples/zerodaybrief-report.html) |\n\n![Report Preview](docs/reports/samples/report-preview.png)\n\n**Design:** Dark gradient cover · 4-category scorecards · findings heatmap · inline evidence screenshots · business-first descriptions · observed controls with values · remediation checklist · A4 portrait print-native\n\n*Generated by `build-report.py` v2 — automated CVSS impact generation, per-finding screenshot embedding, findings heatmap, 5-phase methodology.*\n\n---\n\n## 🚀 Quick Start\n\n### What You Need\n- **Linux with Docker + Docker Compose v2** (Ubuntu 24.04+, Debian, Kali recommended)\n- **30GB free disk, 8GB RAM**\n- **[Hermes Agent](https://github.com/NousResearch/hermes-agent)** (for AI orchestration)\n\n### 1. Clone and install dependencies\n```bash\ngit clone https://github.com/jayelbotvibe-web/hermes-pentest-lab.git\ncd hermes-pentest-lab\nsudo apt install -y docker.io docker-compose-v2 wireguard-tools age cryptsetup pandoc\n```\n\n### 2. Build Docker images\n```bash\ndocker build -t hermes-kali-web:latest -f docker/Dockerfile.kali-web .\ndocker build -t hermes-kali-net:latest -f docker/Dockerfile.kali-net .\ndocker build -t hermes-osint-tools:latest -f docker/Dockerfile.osint-tools .\n```\n\n### 3. Start the tools\n```bash\ndocker compose -f docker/docker-compose.yml --profile web --profile net --profile osint up -d\ndocker compose -f docker/docker-compose.yml exec kali-web apt update \u0026\u0026 apt install -y ffuf nuclei sqlmap gobuster wpscan\ndocker compose -f docker/docker-compose.yml exec kali-net apt update \u0026\u0026 apt install -y nmap metasploit-framework crackmapexec bloodhound certipy-ad\ndocker compose -f docker/docker-compose.yml exec osint-tools pip install theHarvester shodan censys\n```\n\n### 4. Run your first engagement\n```bash\n./scripts/init-engagement.sh my-first-test\ndocker compose -f docker/docker-compose.yml exec kali-net nmap -sV -p1-1000 127.0.0.1\n./scripts/build-report.py my-first-test\n```\nYou'll get a professional PDF report at `reports/my-first-test/report-*.pdf`.\n\n### 5. Use the AI orchestrator\nIn a Hermes Agent session:\n```\n/skill pentest-engage\n```\nThen describe what you want to test — Hermes handles the rest.\n\n### 6. Practice on lab targets\n```bash\ndocker compose -f docker/docker-compose.yml --profile lab up -d\n# Juice Shop:  http://127.0.0.1:3000\n# DVWA:        http://127.0.0.1:8080  (admin/password)\n```\n\n---\n\n## Architecture\n\n```mermaid\nflowchart TB\n    classDef external fill:#1e293b,stroke:#94a3b8,color:#fff\n    classDef orchestrator fill:#083344,stroke:#22d3ee,color:#fff\n    classDef agent fill:#064e3b,stroke:#34d399,color:#fff\n    classDef docker fill:#78350f,stroke:#fbbf24,color:#fff\n    classDef crypto fill:#2e1065,stroke:#a78bfa,color:#fff\n    classDef security fill:#881337,stroke:#fb7185,color:#fff\n    classDef native fill:#0f172a,stroke:#64748b,color:#fff\n\n    P[\"🧑‍💻 Pentester (You)\"]:::external\n    C[\"🏢 Client\"]:::external\n\n    H[\"⚡ Hermes Agent\u003cbr/\u003eOrchestrator\u003cbr/\u003epentest-engage skill\"]:::orchestrator\n\n    OS[\"🔍 OSINT Agent\u003cbr/\u003ePassive — zero packets\u003cbr/\u003etheHarvester · crt.sh\"]:::agent\n    RC[\"📡 Recon Agent\u003cbr/\u003eActive — T3/500pps\u003cbr/\u003enmap · masscan\"]:::agent\n    WB[\"🌐 Web Agent\u003cbr/\u003eActive — safe mode\u003cbr/\u003effuf · nuclei · sqlmap\"]:::agent\n    NW[\"🖥️ Network Agent\u003cbr/\u003eActive — user approved\u003cbr/\u003ebloodhound · certipy\"]:::agent\n    RP[\"📄 Report Agent\u003cbr/\u003eOutput — read-only\u003cbr/\u003eCVSS 3.1 · Jinja2 → PDF\"]:::agent\n    SC[\"🛡️ Scope Agent\u003cbr/\u003eGuard — always first\u003cbr/\u003evalidate · audit.jsonl\"]:::agent\n\n    DW[\"🐳 Docker: web\"]:::docker\n    DN[\"🐳 Docker: net\"]:::docker\n    DO[\"🐳 Docker: osint\"]:::docker\n    DC[\"🐳 Docker: cloud\"]:::docker\n    DF[\"🐳 Docker: full\"]:::docker\n    DL[\"🐳 Docker: lab\"]:::docker\n\n    DB[\"🗄️ Findings DB v2\u003cbr/\u003eSQLite · 6 tables\"]:::crypto\n    GI[\"📦 Engagement Git\u003cbr/\u003eaudit trail\"]:::crypto\n    N4[\"🧬 Neo4j 5.26\u003cbr/\u003eBloodHound CE\"]:::docker\n\n    VP[\"🔐 WireGuard VPN\u003cbr/\u003ewg0\"]:::security\n    KS[\"🚫 Kill Switch\u003cbr/\u003eiptables DROP\"]:::security\n    LK[\"🔒 LUKS 10GB\u003cbr/\u003edm-crypt encrypted\"]:::crypto\n    PS[\"🔑 pass + age\u003cbr/\u003eGPG credential vault\"]:::crypto\n\n    BU[\"🪲 Burp Suite CE\"]:::native\n    WS[\"🦈 Wireshark 4.6\"]:::native\n    HC[\"🔨 hashcat 7.1\u003cbr/\u003eGPU CUDA\"]:::native\n    FX[\"🦊 Firefox\u003cbr/\u003eFoxyProxy\"]:::native\n    RB[\"📝 Report Builder\u003cbr/\u003eWeasyPrint → PDF\"]:::native\n\n    P --\u003e H\n    H --\u003e OS \u0026 RC \u0026 WB \u0026 NW \u0026 RP \u0026 SC\n    OS --\u003e DO\n    RC --\u003e DW \u0026 DN\n    WB --\u003e DW\n    NW --\u003e DN\n    RP --\u003e RB\n    SC --\u003e GI\n    RP --\u003e C\n    H --\u003e PS\n    DW \u0026 DN \u0026 DO --\u003e VP\n    VP --\u003e KS\n    DB --- GI\n    N4 --- DN\n    BU \u0026 WS \u0026 HC \u0026 FX --- DW \u0026 DN\n```\n\n\u003e **Open `pentest-architecture-complete.html`** in any browser for the full interactive diagram with color-coded layers.\n\n### How It Works\n\n1. **You** tell Hermes what to test (e.g., \"Scan 192.168.1.0/24\")\n2. **Hermes** checks the scope, starts the VPN, and dispatches subagents in parallel\n3. **Each subagent** runs tools inside isolated Docker containers\n4. **Findings** flow into a shared SQLite database\n5. **Report agent** generates a professional PDF with CVSS scores\n6. **Audit trail** logs every action\n\n---\n\n## 🛠️ Tools Included\n\n\u003e 💻 = Host \u0026nbsp; 🐳 = Docker container \u0026nbsp; `:port` = web access\n\n### Web Application Testing\n\n| Tool | Container | Purpose |\n|------|-----------|---------|\n| ffuf | 🐳 web | Directory/file brute-force, virtual host discovery |\n| nuclei | 🐳 web | CVE and misconfiguration scanning (6,683 templates) |\n| sqlmap | 🐳 web | Automated SQL injection detection |\n| gobuster | 🐳 web | Directory, DNS, and VHOST enumeration |\n| wpscan | 🐳 web | WordPress vulnerability scanner |\n| whatweb | 🐳 web | Technology fingerprinting |\n\n### Network \u0026 Active Directory\n\n| Tool | Container | Purpose |\n|------|-----------|---------|\n| nmap | 🐳 net | Port scanning, service detection, OS fingerprinting |\n| metasploit | 🐳 net | Exploitation framework (6.4) — gated |\n| crackmapexec / nxc | 🐳 net | SMB/LDAP/WinRM enumeration and authentication |\n| bloodhound-python | 🐳 net | Active Directory attack path analysis |\n| certipy-ad | 🐳 net | AD Certificate Services exploitation |\n| kerbrute | 🐳 net | Kerberos user enumeration and password spraying |\n| impacket | 🐳 net | Windows protocol tools (secretsdump, GetUserSPNs) |\n| responder | 🐳 net | LLMNR/NBT-NS/mDNS poisoning — gated |\n| evil-winrm | 🐳 net | Windows Remote Management shell |\n| enum4linux | 🐳 net | SMB enumeration |\n| hydra | 🐳 net | Online brute-force (user-approved only) |\n| john / hashcat | 🐳 net | Password hash cracking |\n\n### OSINT \u0026 Passive Recon\n\n| Tool | Container | Purpose |\n|------|-----------|---------|\n| theHarvester | 🐳 osint | Email, subdomain, and name enumeration |\n| holehe | 🐳 osint | Check if email is registered on services |\n| sherlock | 🐳 osint | Username search across 300+ social networks |\n| crt.sh | 🐳 osint | Certificate transparency log subdomain discovery |\n| shodan | 🐳 net | Internet-connected device search engine |\n\n### Infrastructure\n\n| Service | Access | Purpose |\n|---------|--------|---------|\n| Neo4j 5.26 | 🐳 net `:7474` `:7687` | BloodHound CE graph database |\n| Juice Shop | 🐳 lab `:3000` | OWASP vulnerable web app (practice) |\n| DVWA | 🐳 lab `:8080` | Damn Vulnerable Web App (practice) |\n\n### Native Tools\n\n| Tool | Runtime | Purpose |\n|------|---------|---------|\n| Burp Suite CE | 💻 Host | Intercepting proxy (653MB .jar) |\n| Wireshark 4.6 | 💻 Host | Packet capture analysis |\n| hashcat 7.1 | 💻 Host | GPU password cracking  |\n| Firefox + FoxyProxy | 💻 Host | Manual web testing |\n| Report Builder | 💻 Host | Jinja2 → WeasyPrint → PDF → DOCX |\n\n---\n\n## 🤖 AI Subagents\n\n7 specialized agents — each with deep domain knowledge, Pre-flight checks, and rate limiting.\n\n| Agent | Phase | Tier | What It Does | Output |\n|-------|-------|------|-------------|--------|\n| Scope | 1️⃣ Guard | 🛡️ Always first | Validates every target against scope, logs audit trail | `{allowed, reason}` |\n| OSINT | 2️⃣ Passive | 🟢 Zero packets | Gathers intel without touching target | `{subdomains, emails, tech}` |\n| Recon | 3️⃣ Active | 🟡 Rate-limited | Port scans, service detection, OS fingerprinting | `{hosts, ports, services}` |\n| Web | 4️⃣ Active | 🟡 Rate-limited | Directory brute, CVE scan, SQLi testing | `{vulns, endpoints, confidence}` |\n| Network | 5️⃣ Active | 🔴 Needs approval | SMB, LDAP, Kerberos, BloodHound, AD CS | `{shares, users, paths}` |\n| Report | 6️⃣ Output | ⚪ Read-only | CVSS 3.1, finding docs, PDF generation | `{report.md, report.pdf}` |\n| **Findings KB** | 🆕 Support | 📖 Load anytime | Maps tool output → severity + CVSS + report language | 14 interpretations, 5 categories |\n\n| Guard | How |\n|-------|-----|\n| Pre-flight checks | VPN up? Target in scope? LUKS mounted? Canary passed? — every run |\n| Rate limiting | 500 pps (nmap), 50 req/s (web), 3 tiers (safe/normal/fast) |\n| Destructive test gating | Exploits, credential spraying, responder → explicit user approval |\n| Hard refusal list | 13 items — DoS, mass scan, autonomous exploit, false-flag, etc. |\n| Audit trail | Every action logged: timestamp, tool, target, scope validated |\n| Finding sovereignty | Tool + version + command on every finding, DRAFT until approved |\n| Cross-validation | Critical findings (CVSS ≥ 9.0) require second-tool confirmation |\n| Confidence levels | HIGH (multi-tool) / MEDIUM (single) / LOW (auto-only) / TENTATIVE (degraded) |\n\n---\n\n## 📊 Report Pipeline\n\n```\nFindings DB (SQLite) → Jinja2 Templates → WeasyPrint → PDF\n                           ↓\n                    Pandoc → DOCX (editable reports)\n```\n\n### What's in the report\n\n| Section | Audience | Contents |\n|---------|----------|----------|\n| Executive Summary | C-suite | Risk level, finding counts, top 3 recommendations |\n| Methodology | Technical leads | PTES phases, tools used, timeline |\n| Technical Findings | Developers | CVSS 3.1 vectors, PoC steps, evidence, remediation |\n| Remediation Roadmap | IT team | Prioritized fix list with effort estimates |\n| Appendix | Auditors | Raw scan data, scope document, audit trail, glossary |\n\n---\n\n## 🔐 OPSEC \u0026 Encryption\n\n| Layer | Technology | What It Protects |\n|-------|-----------|-----------------|\n| VPN | WireGuard (commercial VPN provider) | Hides your home IP from targets |\n| Kill Switch | iptables DROP | Blocks ALL traffic if VPN drops |\n| DNS | VPN provider DNS | Prevents DNS leak to ISP |\n| Disk | LUKS dm-crypt (10GB) | Engagement data encrypted at rest |\n| Credentials | pass (GPG-encrypted git) | Client passwords, API keys, VPN configs |\n| Archives | age encryption | Post-engagement legal hold archives |\n| Audit | audit.jsonl | Every tool run logged with scope validation |\n| Backup | USB (age-encrypted) | Disaster recovery — all keys in one file |\n\n---\n\n## 📁 Repo Structure\n\n```\nhermes-pentest-lab/\n├── README.md\n├── .gitignore\n├── docs/\n│   ├── index.html                           ← GitHub Pages landing page\n│   ├── pentest-architecture-complete.html   ← interactive system diagram\n│   ├── pentest-architecture.html\n│   ├── pentest-ops-architecture.html\n│   ├── TROUBLESHOOTING.md\n│   ├── WORKFLOW.md\n│   └── reports/samples/\n│       ├── juice-shop-benchmark-report.{html,pdf}  ← 14 findings, 38/100\n│       ├── zerodaybrief-report.{html,pdf}           ← 1 finding, 94/100\n│       ├── report-preview.png\n│       └── screenshots/                      ← evidence screenshots (F-XXX-*.png)\n├── docker/\n│   ├── docker-compose.yml                   ← 7 services, 6 profiles\n│   ├── Dockerfile.kali-web                   ← kalilinux/kali-rolling + nuclei, ffuf, gobuster\n│   ├── Dockerfile.kali-net                   ← kalilinux/kali-rolling + nmap, crackmapexec, impacket\n│   └── Dockerfile.osint-tools               ← python:3.12-slim + theHarvester, holehe, sherlock\n├── scripts/\n│   ├── pentest-canary.sh                    ← validates all tools before session\n│   ├── pentest-up.sh                        ← starts containers + LUKS mount\n│   ├── pentest-down.sh                      ← graceful shutdown + cleanup\n│   ├── pentest-verify.sh                    ← post-startup verification\n│   ├── init-engagement.sh                   ← creates forensics-style engagement dir\n│   ├── init-engagement-db.py                ← SQLite schema (6 tables)\n│   ├── build-report.py                      ← findings → Jinja2 → HTML + PDF\n│   ├── audit-log.sh                         ← scope-validated audit entries\n│   ├── preflight.sh                         ← VPN + LUKS + DNS + scope checks\n│   ├── wipe-engagement.sh                   ← encrypted archive + destruction cert\n│   ├── capture-evidence.sh                  ← headless Chromium screenshots\n│   └── convert-docs.py                      ← MarkItDown: PDF/DOCX → markdown\n├── reports/templates/report.html            ← unified Jinja2 template (v2)\n├── tools/\n│   └── tool-catalog.yaml                    ← 18 tools with version, fallback, rate limits\n├── skills/\n│   ├── pentest-context.md                   ← system map — loaded every session\n│   ├── pentest-engage.md                    ← orchestrator — dispatches subagents\n│   ├── pentest-ops.md                       ← startup/shutdown/repair/troubleshooting\n│   ├── pentest-findings/SKILL.md            ← 🆕 finding encyclopedia — 14 interpretations\n│   ├── subagent-{osint,recon,web,net,report,scope}.md\n│   └── safety-guards.md                     ← 13-item refusal list + rate limits\n└── scope/\n    ├── _template.json                       ← scope template (copied into engagements)\n    └── contract-template.md                 ← rules of engagement\n```\n\n### Engagement Directory (created by `init-engagement.sh`)\n\n```\nengagements/\u003cname\u003e/\n├── ENGAGEMENT.yaml       ← client, dates, status, assessor\n├── scope.json            ← scope definition (IPs, domains, signed)\n├── findings.db           ← SQLite database (6 tables)\n├── findings.json         ← machine-readable findings export\n├── metadata.json         ← controls, observations, methodology\n├── audit/\n│   └── actions.jsonl     ← every tool run, scope-validated\n├── evidence/             ← client documents (auto-converted via MarkItDown)\n├── screenshots/          ← tool evidence (F-XXX-*.png auto-attach in report)\n├── raw/scans/            ← nmap XML, nuclei JSON, tool output\n└── reports/              ← generated HTML + PDF reports\n```\n\n---\n\n## 🆚 How It Compares\n\n\u003e *Based on publicly available documentation as of June 2026. Features may have changed. Verify independently.*\n\n| Feature | Hermes Pentest Lab | Tool A | Tool B |\n|---------|-------------------|--------|--------|\n| Agent runtime | Hermes Agent | LLM + MCP | Workflow engine |\n| Subagents | 7 (customizable) | ~15 specialist | 0 |\n| **Finding KB** | **14-entry encyclopedia** | None | None |\n| Tool isolation | Docker Compose profiles | pip packages | Docker |\n| Report generation | Jinja2 + WeasyPrint → PDF | Built-in | Manual |\n| VPN / OPSEC | WireGuard + kill switch + DNS leak | None | None |\n| Encryption | LUKS + pass + age | None | None |\n| Scope guard | 13-item refusal list | Scope file | Check only |\n| Findings DB | SQLite v2 (6 tables, versioned) | Findings DB | None |\n| Session canary | Validates all tools before work | None | None |\n| Client contracts | RoE template included | None | None |\n\n**Hermes Pentest Lab** is built for the **practicing professional** — it prioritizes safety, audit trails, and client deliverables over autonomous exploitation.\n\n---\n\n## 🎓 Learning Path\n\n1. **[PortSwigger Academy](https://portswigger.net/web-security)** — free, all web security labs\n2. **Juice Shop** — `docker compose --profile lab up -d` → http://127.0.0.1:3000\n3. **DVWA** — http://127.0.0.1:8080 (admin/password, set security to \"low\")\n4. **Portfolio reports** — see sample reports above in [`reports/samples/`](docs/reports/samples/)\n\n---\n\n## ⚠️ Legal\n\nThis toolkit is for **authorized security testing only**. Never use it on systems you don't own or have explicit written permission to test. Every engagement requires a signed scope document (`scope/contract-template.md`). Every tool run is logged to an audit trail. Every report includes a data destruction certificate.\n\n---\n\n## 📄 License\n\nMIT — use it, modify it, share it. Built by [@jayelbotvibe-web](https://github.com/jayelbotvibe-web).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjayelbotvibe-web%2Fhermes-pentest-lab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjayelbotvibe-web%2Fhermes-pentest-lab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjayelbotvibe-web%2Fhermes-pentest-lab/lists"}