Skip to content

eobi/nemesis-red

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 

Repository files navigation

Nemesis Red

Autonomous, LLM-driven offensive security in a single Docker image.

One container orchestrates 290+ Kali tools over SSH to your own Kali box, reasons over the output with your own LLM key, and drives the full loop: recon, vulnerability assessment, and live exploitation with proof. Your targets, traffic, and findings never leave your environment.

Platform Delivery BYO License

Quickstart · Getting Started guide · Create an account · nemesislabs.xyz

Nemesis Red operator console


What it is

Nemesis Red is a cyber-operations platform for penetration testers. It runs as an orchestrator: the reasoning happens locally on your machine, the tools run on your Kali box over SSH, and the control plane only handles licensing. You bring the Kali, you bring the LLM key (or point it at a local Ollama), and Nemesis Red does the driving.

Three ways to work, one platform:

  • Copilot console. A 290-tool arsenal with live multi-session terminals and an AI that reads every command's output, tells you why it matters, and hands you the next commands to run with one click.
  • Autonomous Vulnerability Assessment. Point it at a web app or a network (a URL, host, or CIDR), pick a depth, and it plans and runs a full assessment as a live DAG. Hundreds of findings per run, cross-tool CVE fusion, and a signed PDF report at the end. Run it once, or schedule it to repeat on a cron (Business/Enterprise).
  • Autonomous Pentest. Take the findings from an assessment straight into live exploitation. It selects exploits, fires them, and captures real proof: credentials, hashes, database dumps, and shells.

Everything is gated server-side by a short-lived signed license, so the tool cannot be cracked by editing the image, and every target stays inside your network.


See it work

AI copilot that thinks alongside you

The Intellicense copilot reads raw tool output and turns it into a plan: what was found, why it matters, and the exact next commands to run. Bring your own frontier model (Claude, GPT) or run it fully local on Ollama.

AI copilot analyzing scan output

Autonomous vulnerability assessment as a live DAG

Launch an assessment and watch the reasoning graph build in real time: recon feeds enumeration, enumeration feeds identification, and the LLM fuses tool output into CVE-backed findings. Export a full report and a remediation plan as PDF.

Autonomous vuln assessor, network target

Works across target types, with evasive routing and a browser stage for web apps:

Autonomous vuln assessor, web target

An AI browser agent that logs in for you

Black-box or white-box, the browser agent drives a headed Chromium: it maps the app surface, logs in, and runs authenticated attacks (broken access control, CSRF, XSS, JWT, session), all captured through a proxy.

AI browser agent

Live exploitation with captured proof

The pentest engine turns findings into action and proves compromise: captured credentials and hashes, database dumps, and opened sessions, with a full exploit chain and audit log.

Live exploitation with captured loot

The pentest engine is currently in beta: actively monitored and improving fast.


Quickstart (2 minutes)

You need three things: a Kali box you control (any VM or host with SSH), an LLM key or a local Ollama, and Docker.

1. Pull the image

docker pull ghcr.io/eobi/nemesis-red:latest

Multi-arch: linux/amd64 and linux/arm64 (Apple Silicon included).

2. Run it, pointed at your Kali and your LLM key

docker run --rm -p 8000:8000 \
  -e KALI_HOST=<your-kali-ip> -e KALI_USERNAME=<kali-user> -e KALI_PASSWORD=<kali-password> \
  -e OPENAI_API_KEY=<your-llm-key> \
  ghcr.io/eobi/nemesis-red:latest

KALI_USERNAME is optional — it defaults to kali (the standard Kali account). Set it only if your box uses a different user (e.g. root).

Example (real-looking values — just swap in yours):

docker run --rm -p 8000:8000 \
  -e KALI_HOST=192.168.1.50 -e KALI_USERNAME=kali -e KALI_PASSWORD=kali \
  -e OPENAI_API_KEY=sk-proj-Xa9k...your-real-key \
  ghcr.io/eobi/nemesis-red:latest

3. Open the console

Go to http://127.0.0.1:8000. It is already connected to your Kali.

4. Install the toolset (one click)

A stock Kali doesn't ship every tool. Open the Install page in the dashboard, pick your Kali connection, and click Install — it provisions the full 290+ tool arsenal onto your Kali over SSH (apt, pipx, and git-based tools). Already-installed tools are skipped, so it's safe to re-run any time. Do this once, then you're ready to scan.

That is the Free tier, running locally with no license key. To unlock Pro, Business, or Enterprise features, add your key:

  -e RED_LICENSE_KEY=<your-key-from-the-console> \

Prefer Claude, or run fully offline? One env var each (details in LLM providers below):

  -e ANTHROPIC_API_KEY=<your-anthropic-key>            # Claude
  -e OLLAMA_HOST=http://host.docker.internal:11434     # any local model, zero cost

Get a license key and manage billing at app.nemesislabs.xyz.


Configuration

Everything is driven by environment variables. There is no file to edit.

Variable What it does
KALI_HOST / KALI_PORT / KALI_USERNAME / KALI_PASSWORD Your Kali SSH target (defaults: port 22, user kali, password auth). Change it any time from the dashboard, or restart with a new host.
KALI_KEY_PATH Use an SSH key instead of a password (mount the key and point here).
OPENAI_API_KEY / ANTHROPIC_API_KEY / OLLAMA_HOST Bring your own LLM. Inference runs client-side; you pay your provider directly, or run local Ollama for free.
RED_LICENSE_KEY Your activation key. Unlocks your tier. Runs Free if unset.

Advanced: bind-mount your own kali_config.ini at /app/kali_config.ini if you prefer a file.


LLM providers — bring your own, or fully offline

The reasoning runs locally with your key. Whatever provider and model you pick is used consistently across the Copilot, the autonomous VA, and the autonomous Pentest — one choice, everywhere.

Anthropic (Claude)

-e ANTHROPIC_API_KEY=sk-ant-...

Then pick Anthropic in the dashboard: Settings → LLM.

OpenAI

-e OPENAI_API_KEY=sk-...

Then pick OpenAI in Settings → LLM.

Ollama — fully offline, any model, zero cost

Run any model you like on your own machine. No key, no cloud, nothing leaves your box. Ideal for sensitive or air-gapped engagements.

  1. Install Ollama and pull a model:

    ollama pull qwen2.5-coder:7b      # or llama3, mistral, deepseek, a custom fine-tune, ...
  2. Point the container at your host's Ollama:

    -e OLLAMA_HOST=http://host.docker.internal:11434   # Docker Desktop (Mac / Windows)
    -e OLLAMA_HOST=http://<your-lan-ip>:11434          # Linux
  3. Every model you've pulled shows up in the dashboard's model picker automatically (Settings → LLM) — pick the one you want. A fresh install defaults to qwen2.5-coder:7b.

Networking note. Inside the container localhost is the container, not your machine, so OLLAMA_HOST must point at host.docker.internal (Docker Desktop) or your host's LAN IP. Make sure Ollama is listening on all interfaces first: OLLAMA_HOST=0.0.0.0:11434 ollama serve.

Add your own models: anything you ollama pull appears in the picker automatically — no config, no restart. The list is your daemon, live.


Tiers

Free Pro Business Enterprise
Vulnerability assessment 1 target 10 targets Unlimited Unlimited
Autonomous pentest 3-run taste Full Full Full
AI copilot Local model Frontier Team-shared On-prem option
Scheduling / continuous Limited Continuous Continuous + SLA
Reports Watermarked All formats + Compliance, API + White-label

Self-serve, monthly or annual, no setup fee. See current pricing and sign up at nemesislabs.xyz.


How it stays yours (and safe)

  • Your data never leaves. Tools run on your Kali, against your targets. Findings and traffic stay in your environment. The cloud only issues a signed license token.
  • Bring your own key. No token metering. Use your own OpenAI or Anthropic key, or run a local Ollama model at zero cost.
  • Source-protected. The engine ships compiled, with no readable source and no exploit recipes baked in. Premium content is fetched at runtime and license-gated.
  • Device-bound licensing. Short-lived, device-fingerprinted tokens with heartbeat and revocation, so credentials cannot be shared.

Requirements

  • Docker (Desktop or Engine), amd64 or arm64.
  • A Kali box you control, reachable over SSH. A stock Kali VM works. The engine installs any missing tools it needs.
  • An LLM key (OpenAI or Anthropic) or a local Ollama. For the Free tier a local model is enough.

Links


Nemesis Red is a product of Nemesis Labs. Authorized testing only: use it only against systems you own or have explicit written permission to assess.

About

Autonomous LLM-driven offensive security in a Docker image. 290+ Kali tools, autonomous vuln assessment + live pentest, AI copilot, BYO LLM key.

Topics

Resources

Stars

1 star

Watchers

1 watching

Forks

Packages

 
 
 

Contributors