English | 中文

Defaults to normal; only enters red-team mode when explicitly enabled.

This is a lightweight, pack-first red team runtime/configuration layer for Codex.

Its goal is not to turn Codex into an automated attack platform — it provides structured, layered routing for red team workflows while keeping normal operations unaffected.

• This repository is a general GitHub repository
• It should not contain personal local paths, private target data, or user-specific tool preferences

Many "persistent red team hints" ultimately lead to two bad outcomes:

1. Pollution of normal operations
2. Overly heavy injection, leading to context bloat

This project does the opposite:

• Normal mode remains normal
• Red team mode must be explicitly enabled
• Hooks remain lightweight
• Routes remain layered and restrained

• Explicit opt-in for Red Team Mode
• Three modes: normal / redteam-light / redteam-full
• Structured JSON runtime state
• Rule-first + semantic fallback phase detection
• Session-isolated state file
• Lightweight prompt overlay
• Pack-first routing mainline:

phase -> router -> pack -> leaf

Core Phases:

• web
• ad (Active Directory)
• postex (Post-Exploitation)
• reverse (Reverse Engineering)
• code-audit
• payload
• evasion

Extended Router/Pack Families:

• recon
• api
• auth
• injection
• file
• business logic
• cloud
• container / kubernetes
• network / protocol
• crypto
• mobile

The installer uses managed incremental installation:

• Preserves the user's original AGENTS.md
• Preserves the user's original hooks.json
• Injects only managed blocks from this repository
• Cleans out old-version runtime remnants from this repository
• Cleanly installs the current version
• Writes to the install manifest
• Auto-runs validation post-install

python scripts/install.py

powershell -ExecutionPolicy Bypass -File .\scripts\install.ps1

python3 scripts/install.py

Enter Red Team Mode
Enable Red Team Mode

/redteam on
/redteam light
/redteam full
enable red team mode

Exit Red Team Mode
Disable Red Team Mode

/redteam off
disable red team mode

python scripts/validate.py

The current actual routing mainline is:

phase -> router -> pack -> leaf

method still exists, but is only used as a soft tip when it is genuinely helpful — it is no longer the primary routing axis.

The repository includes:

• Installer checks
• Routing tests
• Mode switching tests
• Orchestration gate checks
• Prompt-chain checks

Run with:

python -m unittest discover -s tests -p "test_*.py"
python scripts/validate.py

• This is the control/configuration layer, not a complete attack platform
• The actual effect of the prompt overlay still depends on the target Codex environment
• The user's local private prompt system may differ from the repository version
• The actual execution depth still depends on your MCP / Tools

This project is intended solely for authorized penetration testing, red team research, and defensive security experiments.

• Use only on systems or environments where you have explicit authorization
• Unauthorized use on third-party or production systems is prohibited
• The authors and contributors assume no responsibility for misuse, legal consequences, service interruption, or data loss
• By using this project, you agree to assume all risks and ensure that your actions comply with applicable laws and regulations

• Mingxi (Mister Security Team) — suggested adding semantic judgment, removing methodology, and subdividing skills for smarter AI behavior during work phases. X: @xishan12509850
• Nirvana — suggested workflow optimization and overlay installation enablement. X: @Nirvana_543
• PINGS — suggestions for enhancing jailbreak text

Special thanks to the following projects for providing method layer, technology routing layer, and skill pack structure references:

• qiushi-skill
• yaklang/hack-skills
• mukul975/Anthropic-Cybersecurity-Skills

See CONTRIBUTING.md for contribution guidelines.

MIT, see LICENSE.