{"id":44207840,"url":"https://github.com/secwexen/aapp-mart","last_synced_at":"2026-02-27T08:55:10.602Z","repository":{"id":332770311,"uuid":"1134805594","full_name":"secwexen/aapp-mart","owner":"secwexen","description":"Autonomous Python-based offensive security engine for AI-driven attack path prediction, multi-agent red team simulation, and risk scoring.","archived":false,"fork":false,"pushed_at":"2026-02-08T14:49:53.000Z","size":2033,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-08T20:46:10.683Z","etag":null,"topics":["adversarial-ai","ai-red-team","ai-security","attack-graph","attack-path-prediction","attack-simulation","autonomous-security-agents","cyber-risk-analysis","cyber-threat-intelligence","machine-learning-security","mitre-attack","multi-agent-system","offensive-ai-framework","offensive-security","penetration-testing","python","red-team-simulation","risk-scoring","security-analytics","threat-modeling"],"latest_commit_sha":null,"homepage":"https://secwexen.github.io/aapp-mart/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/secwexen.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"docs/agents.md","dco":null,"cla":null},"funding":{"github":["secwexen"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":null,"thanks_dev":null,"custom":null}},"created_at":"2026-01-15T08:23:53.000Z","updated_at":"2026-02-08T13:58:47.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/secwexen/aapp-mart","commit_stats":null,"previous_names":["secwexen/aappmart"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/secwexen/aapp-mart","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secwexen%2Faapp-mart","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secwexen%2Faapp-mart/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secwexen%2Faapp-mart/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secwexen%2Faapp-mart/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/secwexen","download_url":"https://codeload.github.com/secwexen/aapp-mart/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secwexen%2Faapp-mart/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29285817,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-09T21:57:15.303Z","status":"ssl_error","status_checked_at":"2026-02-09T21:57:11.537Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adversarial-ai","ai-red-team","ai-security","attack-graph","attack-path-prediction","attack-simulation","autonomous-security-agents","cyber-risk-analysis","cyber-threat-intelligence","machine-learning-security","mitre-attack","multi-agent-system","offensive-ai-framework","offensive-security","penetration-testing","python","red-team-simulation","risk-scoring","security-analytics","threat-modeling"],"created_at":"2026-02-09T23:35:02.751Z","updated_at":"2026-02-27T08:55:10.581Z","avatar_url":"https://github.com/secwexen.png","language":"Python","readme":"# AAPP-MART  \n\n\u003cp\u003e\u003cimg src=\"assets/images/aapp-mart-logo.png\" width=\"250\" alt=\"aapp-mart-logo\"\u003e\u003c/p\u003e\n\n**Predict. Simulate. Secure.**  \nAn AI‑powered red‑team simulation and attack‑path prediction engine designed for enterprise‑grade security assessment.\n\n![license](https://img.shields.io/github/license/secwexen/aapp-mart)\n![version](https://img.shields.io/github/v/release/secwexen/aapp-mart?include_prereleases)\n![build](https://img.shields.io/github/actions/workflow/status/secwexen/aapp-mart/ci.yml?branch=main\u0026label=Build)\n![codeql](https://img.shields.io/github/actions/workflow/status/secwexen/aapp-mart/codeql.yml?branch=main\u0026label=CodeQL)\n![python](https://img.shields.io/badge/python-3.10%2B-blue)\n![docs](https://img.shields.io/badge/docs-online-blue)\n\n## Autonomous Attack Path Prediction \u0026 Multi-Agent Red Team Simulation Engine\n\n**AAPP‑MART (Autonomous Attack Path Prediction \u0026 Multi‑Agent Red Team)** is an open‑source Python engine for offensive security research and automated risk assessment. It combines AI‑driven attack‑path prediction with autonomous adversarial simulation to model how attackers move through an environment and to surface actionable security insights.\n\nUnlike traditional static vulnerability scanning, AAPP‑MART blends predictive analytics with multi‑agent red‑team behavior to provide continuous security evaluation. Its architecture helps defenders anticipate attack strategies, validate controls, and understand real‑world risk through repeatable and data‑driven simulations.\n  \nFor full documentation and guides, visit the official [AAPP-MART Website](https://secwexen.github.io/aapp-mart/).\n\n## Executive Summary\n\nAAPP-MART is a deterministic attack path modeling and controlled adversary simulation engine \ndesigned for authorized defensive security validation.\n\nThe system combines:\n- Graph-based attack path prediction\n- Controlled multi-agent adversary simulation\n- Risk-scored analytical reporting\n\nIt does not perform destructive exploitation.\n\n## Conceptual Usage Example\n\nThe following illustrates the intended Python API design once the core engine is fully implemented:\n\n```python\nfrom aapp_mart.core.orchestrator import AAPP_MART\n\nengine = AAPP_MART(target=\"192.168.1.10\")\nengine.run()\nreport = engine.get_report()\nprint(report)\n```\n\n\u003e This example reflects the intended public API design.  \n\u003e Core orchestration modules are currently under development.  \n\u003e See [API Reference](docs/api_reference.md) and [Architecture](docs/architecture.md) for interface details and system structure.  \n\n## Legal \u0026 Authorized Use\n\nAAPP-MART is intended solely for authorized security assessment, defensive threat modeling, \nand controlled adversary simulation within environments where explicit permission has been granted.\n\nThe system is designed for non-destructive analysis and does not support uncontrolled exploitation. \nUsers are responsible for ensuring lawful and policy-compliant usage.\n\n## Market Positioning \u0026 Research Foundations\n\nAAPP-MART sits at the intersection of **academic attack graph modeling**, **BAS tooling**, and **AI-assisted adversary simulation**, combining **deterministic graph-based prediction** with **controlled autonomous simulation**.\n\nIt continuously models, predicts, and simulates attacker behavior, providing **forward-looking defensive validation**.\n\nBuilt on research-grade principles:\n\n- **Attack Graph Theory** – Models assets, privileges, and attacker transitions\n- **Risk Modeling** – Likelihood × Impact framework\n- **Deterministic Simulation** – Predictable multi-agent behavior\n- **Graph Traversal** – DFS, Best-First, or A* exploration\n\nThreat modeling ensures clarity and reproducibility:\n\n- **STRIDE** – Spoofing, Tampering, Repudiation, Info Disclosure, DoS, Privilege Escalation\n- **Adversary Capability Model** – Attacker skills, access scope, potential actions\n- **Formal Risk Notation** – Transparent likelihood, impact, and path scoring\n\n**Conclusion:** AAPP-MART is a defensible, explainable, and academically credible simulation engine, elevating it from a standard tool to a research-grade security platform.\n\n## Overview\n\nModern infrastructures are too complex for traditional security testing. AAPP-MART combines predictive AI with autonomous adversarial simulation to continuously evaluate an environment’s real attack surface.\n\n### Why AAPP-MART?\n\nAAPP-MART stands out from traditional security tools in its approach:\n\n- **Traditional scanners** → static, reactive, often limited to known vulnerabilities.\n- **BAS (Breach \u0026 Attack Simulation) tools** → rely on predefined playbooks and limited scenarios.\n- **AAPP-MART** → predictive, autonomous, and adaptive: forecasts attack paths and executes intelligent multi-agent simulations.\n\nBy combining **AI-driven attack path prediction** with **autonomous red team simulations**, AAPP-MART provides organizations with a forward-looking security posture, not just reactive alerts.\n\n## Architecture Flow\n\nAAPP-MART combines **attack path prediction**, **multi-agent red team simulation** and **risk scoring** into a unified workflow:\n\n1. **Attack Path Prediction** – Graph-based analysis of services, permissions, and vulnerabilities.\n2. **Multi-Agent Simulation** – Autonomous adversary emulation using AI-driven agents.\n3. **CORE (Simulation Brain)** – Orchestrates AAPP + MART and manages execution.  \n\nSee full architecture in [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md).\n\n## System Components\n\nThe system operates in two major components:\n\n### **AAPP (AI Attack Path Predictor)**  \n\nPredicts the most likely attack paths by analyzing services, permissions, vulnerabilities, and configuration weaknesses.\n\n#### **AI Engine**\n\nClarifying AAPP-MART’s AI approach:\n\n- **Decision Logic** – Rule-based / ML / Hybrid (per module).  \n- **Learning** – Offline training or deterministic scoring.  \n- **Decision Factors** – Exploitability, exposure, privileges, asset criticality.\n\nExplicit AI definition ensures credibility, reproducibility, and clarity for users and reviewers.\n\n### **MART (Multi-Agent Red Team)**  \n\nExecutes autonomous red team simulations using specialized AI agents that emulate real attacker behavior.\n\nTogether, they create a fully automated offensive security engine capable of forecasting and simulating attacks end-to-end.\n\n### **CORE Orchestration Engine**\n\nThe CORE Orchestration Engine is the central coordination layer of AAPP‑MART. It manages multi‑agent behavior, controls the execution flow of attack simulations, and ensures consistent interaction between all system modules.\n\n## Docs \u0026 Resources\n\nDetailed guides and references are also available in the repository:\n\n- [Threat Model](docs/threat_model.md)\n- [Risk Model](docs/risk_model.md)\n- [Deployment Guide](docs/deployment.md)\n- [Full Installation Guide](docs/installation.md)\n- [Module Development](docs/modules.md)\n- [Prediction Engine Details](docs/prediction_engine.md)\n- [Examples \u0026 Quick Starts](docs/examples.md)\n- [Roadmap \u0026 Milestones](docs/roadmap.md)\n- [Contributing Guidelines](CONTRIBUTING.md)\n- [Changelog](CHANGELOG.md)\n- [Security Policy](SECURITY.md)\n\n## License\n\nThis project is licensed under the Apache License, Version 2.0.  \nSee the [LICENSE](LICENSE) file for full details.  \n\n## Contributing\n\n### Contributing Workflow (Summary)\n\n- Fork the repository and create a feature or fix branch (e.g. `feature/your-feature`).\n- Make your changes and add relevant tests.\n- Ensure all tests pass (`pytest`) and code style checks (e.g. `make lint`).\n- Open a pull request referencing related issues/discussion when possible.\n- All PRs must pass CI checks before merging.\n\nContributions are welcome.  \nPlease open an issue before submitting major changes or new features.  \nSee [CONTRIBUTING.md](CONTRIBUTING.md) for detailed contribution guidelines.  \n\n## Roadmap\n\nAAPP-MART development is structured into strategic phases:\n\n**Phase 1 – Research \u0026 Architecture**  \n**Phase 2 – Core Implementation**  \n**Phase 3 – Ecosystem \u0026 Advanced Features**  \n\n## Open Source \u0026 Proprietary Components\n\nAAPP‑MART is developed as a hybrid open-source project. Core components are fully open and community-driven, while certain production-grade modules remain proprietary to ensure security, reliability, and commercial sustainability.\n\n### Open Source Components\n\n- Core simulation engine\n- MART agent framework (behaviors, offensive modules)\n- MITRE ATT\u0026CK integration layer\n- Attack graph engine\n- Reporting templates (HTML, Markdown, JSON)\n- Documentation and examples\n- Testing framework (unit, integration, e2e)\n\nThis hybrid model ensures transparency and community collaboration while protecting high-value components required for enterprise deployments.\n\n## Development Status\n\nEarly-stage open source project. Core implementation is still in progress.   \n\nAAPP-MART is currently under active development.\nThis repository provides the foundational architecture, core interfaces,\nand initial logic of the AAPP-MART engine.\n\nAdvanced prediction models, autonomous agent behaviors,\nand controlled simulation capabilities are being implemented progressively.\n\n## Support \u0026 Community\n\n⭐ Found AAPP-MART useful? Give us a star and support the project!   \n💬 Join discussions, report issues, or contribute your ideas!  \n\nFor support, questions, or feature requests, please open an issue:\n[Open an issue on GitHub](https://github.com/secwexen/aapp-mart/issues)\n\nFor ideas and general discussions, use GitHub Discussions.\n\n## Security\n\nIf you discover a security vulnerability, please follow our responsible disclosure process.\n\n[Read SECURITY.md](SECURITY.md) for instructions on reporting issues securely. \n\n## Author\n\n**Secwexen**  \nProject Lead \u0026 Maintainer  \nGitHub: https://github.com/secwexen\n","funding_links":["https://github.com/sponsors/secwexen"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecwexen%2Faapp-mart","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecwexen%2Faapp-mart","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecwexen%2Faapp-mart/lists"}