DISCLAIMER: This material is provided strictly for authorized penetration testing, security research, CTF competitions, and educational purposes. Users are solely responsible for ensuring they have explicit written authorization before testing any systems they do not own. Unauthorized access to computer systems is a federal crime. The authors assume no liability for misuse.
HackBot is a locally-hosted AI-powered red team automation platform designed for security professionals. It combines pre-built attack pipelines, an uncensored local LLM, and hardware integrations into a unified command interface — all running on your machine with zero cloud dependency.
Built for practitioners who already know the tools. HackBot automates the repetitive, standardizes the methodology, and keeps your operations off the wire.
┌─────────────────────────────────────────────┐
│ Mobile/Desktop Interface (Telegram Bot) │
├─────────────────────────────────────────────┤
│ 23 Automated Attack Pipelines (Bash) │
│ Zero API calls — pure local execution │
├─────────────────────────────────────────────┤
│ Uncensored Local LLM (your hardware) │
│ No cloud. No logs. No content filtering. │
├─────────────────────────────────────────────┤
│ Hardware Layer │
│ Flipper Zero │ Pineapple │ Proxmark3 │ SDR │
└─────────────────────────────────────────────┘
Layer 1 — Interface: Telegram bot locked to your ID. Control your toolkit from any device.
Layer 2 — Automation: 23 bash scripts covering every phase of a red team engagement. One command triggers a complete pipeline. No AI needed for execution.
Layer 3 — AI Advisor: Locally-hosted abliterated LLM for complex analysis, unknown scenarios, and strategy. Runs on localhost. Never touches the internet.
Layer 4 — Hardware: Unified CLI for Flipper Zero, WiFi Pineapple, Proxmark3, and SDR devices.
| Command | Function |
|---|---|
recon <target> |
Multi-phase port scanning, service detection, OS fingerprinting |
netmap <subnet> |
Network discovery, ARP sweep, service identification |
osint <type> <target> |
Deep OSINT — domain, email, person, username, company, IP, phone |
| Command | Function |
|---|---|
webaudit <url> |
Security headers, SSL/TLS analysis, tech fingerprinting, directory enumeration |
enum <target> |
Auto-detect running services and enumerate (SSH, HTTP, FTP, SMB, MySQL, SNMP, DNS, LDAP) |
vuln <target> |
Nmap vulnerability scripts + CVE cross-reference |
| Command | Function |
|---|---|
payload <type> <lhost> <lport> |
Generate reverse shells — bash, python, PHP, netcat, PowerShell, msfvenom, webshells |
listener <port> [type] |
Start listeners — nc, ncat, socat, Metasploit handler, HTTP file server |
lateral <type> <target> |
PsExec, WMI, WinRM, SSH, CrackMapExec, Pass-the-Hash |
| Command | Function |
|---|---|
creds <type> |
Credential dump, hash cracking (hashcat/john), password spraying, Responder, Mimikatz workflows |
ad <type> <target> |
AD enumeration, Kerberoast, AS-REP roast, BloodHound collection, DCSync |
| Command | Function |
|---|---|
privesc |
Local privilege escalation enumeration (SUID, capabilities, cron, kernel, services) |
persist <type> |
Cron, SSH key, systemd service, shell RC, SUID, webshell — plus detection |
pivot <type> <target> |
SSH SOCKS, port forwarding, chisel, ligolo-ng, socat relay |
exfil <type> <file> |
HTTP, netcat, DNS tunnel, SMB, SCP, base64, steganography |
evasion <type> |
Payload obfuscation, encoding, AMSI bypass, firewall evasion, AV/EDR detection |
| Command | Function |
|---|---|
soceng <type> |
GoPhish integration, website cloning, credential harvesting, QR payloads, BadUSB scripts |
| Command | Function |
|---|---|
hackbot <command> |
Master dispatcher — routes to all 23 scripts + 30 built-in commands |
cheat |
Full cheatsheet with attack workflows and common engagement sequences |
HackBot is built with operational security as a core architectural principle, not an afterthought.
| Vector | Cloud AI Solutions | HackBot |
|---|---|---|
| Query logging | All queries stored server-side | Zero logging — localhost only |
| Network traffic | Every prompt = HTTPS request | Zero traffic to third parties |
| Account identity | Email + payment on file | No account required |
| Content filtering | Corporate content policies | Abliterated model — no refusal capability |
| Subpoena exposure | Provider must comply | No provider, no data to hand over |
| Offline operation | Not possible | Full offline capability |
| Data breach risk | Provider infrastructure | Local storage only |
See the full OPSEC Guide for deployment hardening, air-gapped operations, and engagement checklists.
- OS: Kali Linux recommended (Debian/Ubuntu/macOS/WSL supported)
- RAM: 8GB minimum, 16GB recommended
- Storage: 10GB (model + scripts + wordlists)
- GPU: Not required — runs on CPU
- Optional hardware: USB WiFi adapter, Flipper Zero, Proxmark3, WiFi Pineapple, RTL-SDR
git clone https://github.com/hackbot-framework/hackbot.git ~/.hackbot
chmod 700 ~/.hackbot/scripts/*.sh
cat ~/.hackbot/aliases.sh >> ~/.zshrc && source ~/.zshrc
hackbot helpFull setup guide: docs/SETUP-GUIDE.md
- All 23 attack automation scripts
- SOUL.md personality template for local LLM
- Complete setup guide (LM Studio + Telegram integration)
- Cheatsheet with engagement workflows
- Hashcat rule files optimized for WPA/WPA2
- Everything in Operator
- Flipper Zero integration scripts + Sub-GHz frequency database
- WiFi Pineapple remote operations toolkit
- Proxmark3 RFID/NFC assessment workflows
- Video walkthrough: deployment to first engagement
- Everything in Professional
- 30-minute 1-on-1 deployment consultation
- Custom SOUL.md tuning for your team's methodology
- Private repository access (priority updates + new modules)
- Access to the full "Building HackBot" technical course
HackBot is an offensive security automation framework designed for use by authorized penetration testers, security researchers, and educators. All users must ensure they have explicit written authorization before testing any systems. This tool is provided as-is with no warranty. The authors are not responsible for unauthorized or illegal use.
Built by security practitioners who got tired of typing the same 50-flag nmap commands and wanted their AI tools to work without corporate content policies deciding what security knowledge they're allowed to access.
HackBot exists because offensive security professionals deserve tools that respect their expertise, protect their operations, and don't require a monthly cloud subscription to function.