ARES is an advanced AI-powered autonomous reconnaissance and exploitation framework built in Go. It combines intelligent exploit generation, multi-provider LLM support, web search integration, and automated attack chaining for comprehensive security assessments.
✅ Autonomous AI-powered attack agent - Auto-PWN with intelligent goal-based exploitation
✅ Advanced exploit generation & chaining - Adaptive PoC generation with evasion techniques
✅ Web vulnerability scanning - Fast concurrent port scanning with service detection
✅ Protocol brute-forcing - Custom protocol bruting with multiple backends
✅ GitHub tools auto-installer - Auto-download, install, and execute security tools
✅ Shodan/web search integration - Real-time intelligence gathering
✅ Multi-language PoC support - Python3, Bash, Go, Ruby, JavaScript
✅ Persistence & cleanup modules - Post-exploitation automation
✅ Multi-provider LLM fallback - OpenRouter, OpenAI, Anthropic, Groq, Cohere
- Go 1.25.5 or higher
- Git
- Bash shell
# Clone the repository
git clone https://github.com/peruz-a/ares.git
cd ares
# Install dependencies
go mod download
go mod verify
# Build ARES
go build -o ares ./cmd/ares
# Run ARES
./ares# Build and run with Docker
docker build -t ares:latest .
docker run -it ares:latest
# Or use Docker Compose
docker-compose up -d
docker-compose exec ares bashEdit ares_config.ini and add your API keys in the [LLM_Providers] section:
[LLM_Providers]
OPENROUTER_API_KEY=sk-or-v1-xxxxxxxxxxxx
OPENAI_API_KEY=sk-xxxxxxxxxxxx
ANTHROPIC_API_KEY=sk-ant-xxxxxxxxxxxx
GROQ_API_KEY=gsk-xxxxxxxxxxxx
COHERE_API_KEY=xxxxxxxxxxxx
[API_SERVICES]
SHODAN_KEY=your_shodan_api_key
CENSYS_API_ID=your_censys_id
CENSYS_API_SECRET=your_censys_secret
[LLM_Settings]
OpenRouterModel=tngtech/deepseek-r1t2-chimera:free
ProviderTimeout=30
WebSearchEnabled=trueOr use environment variables:
export OPENROUTER_API_KEY="sk-or-v1-xxxxxxxxxxxx"
export SHODAN_API_KEY="your_api_key"# Autonomous attack agent
ares> auto-pwn <target> [goal]
# Fast concurrent port scanner
ares> scan <target> [ports]
# Offensive research assistant
ares> ai-chat <prompt>
# Custom protocol brute-force
ares> brute-force <target> <port> <protocol># List available vulnerabilities
ares> list-vulns
# Build custom exploit chain
ares> build-chain <goal>
# Auto-build privilege escalation
ares> privesc-chain
# Auto-build lateral movement
ares> lateral-chain
# Execute built chains
ares> exec-chain <target> [targets...] [reverse-shell-port]Examples:
build-chain "full compromise"
privesc-chain
exec-chain 192.168.1.100 10.0.0.5 4444# Generate adaptive PoC for CVE
ares> gen-poc <cve> [language]
# Generate custom security tools
ares> gen-tool <function> [language]
# Customize exploit for target
ares> adapt-exploit <exploit-id>
# Generate multi-language payloads
ares> gen-payload <type> [language]Supported Languages: python3, bash, go, ruby, javascript
Built-in Features:
- Multi-language support
- Obfuscation & evasion
- In-memory execution
- Anti-forensics cleanup
- Error recovery
- Staged delivery
# List available tools
ares> tools
# Auto-download & install tool
ares> install-tool <name>
# Remove tool
ares> uninstall-tool <name>
# Execute tool
ares> launch-tool <name>Pre-configured Tools:
- nuclei (vulnerability scanner)
- ffuf (web fuzzer)
- katana (web crawler)
- sqlmap (SQL injection)
- subfinder (subdomain enumeration)
- metasploit-framework
# Install crontab persistence
ares> persist
# Self-delete & shred traces
ares> cleanup
# XOR obfuscation
ares> crypto-xor <text># Show command history
ares> history
# Re-execute previous command
ares> run-id <id>
# Exit ARES
ares> exit | quitares> scan 192.168.1.100 80,443,3306Scans specific ports on target, identifies services.
ares> ai-chat What are the latest Apache RCE exploits?Consults web intelligence for current exploit techniques.
ares> gen-poc CVE-2024-3156 python3Generates a working proof-of-concept in Python with adaptive evasion.
ares> auto-pwn 192.168.1.100 "full compromise"Launches AI-driven autonomous exploitation workflow.
ares> build-chain "privilege escalation"
ares> exec-chain 192.168.1.100 10.0.0.5 4444Builds and executes a privilege escalation chain.
ares> launch-tool nuclei -target example.com &
ares> launch-tool ffuf -u http://example.com/FUZZ &Parallel execution of multiple security tools.
ARES includes comprehensive web search integration and automatic fallback support for multiple LLM providers:
- Real-time web information during exploit development, PoC generation, and AI analysis
- Automatic provider switching if one fails
- Multiple LLM providers for redundancy and flexibility
Web search is integrated into:
- AI Chat - Enriches AI responses with current web data
- PoC Generation - Searches for latest exploit info before generating
- Exploit Customization - Finds latest adaptation and evasion techniques
- Tool Generation - Searches for tool implementation best practices
- Auto-PWN - Service analysis with current vulnerability info
- OpenRouter (Default) - Free models available
- OpenAI - GPT-3.5-turbo and later
- Anthropic - Claude models
- Groq - Fast inference with Mixtral
- Cohere - Command model
The system automatically handles provider failures:
[*] Attempting to use OpenRouter provider...
[-] OpenRouter provider failed: connection timeout
[*] Trying next provider...
[*] Attempting to use OpenAI provider...
[+] Successfully used OpenAI provider
ares/
├── cmd/ares/ # CLI application
├── internal/
│ ├── ai/ # LLM providers & web search
│ ├── agent/ # Autonomous attack agent
│ ├── scanner/ # Network & protocol scanners
│ ├── exploits/ # Exploit database & executor
│ ├── tools/ # GitHub tool manager
│ ├── reporting/ # Report generation
│ ├── post/ # Post-exploitation modules
│ ├── config/ # Configuration management
│ └── evasion/ # Obfuscation & evasion
├── ares_config.ini # Configuration file
├── Dockerfile # Docker configuration
├── docker-compose.yml # Docker Compose setup
└── go.mod # Go module definition
ProviderChain (Main interface)
├── OpenRouterProvider
├── OpenAIProvider
├── AnthropicProvider
├── GroqProvider
└── CohereProvider
Each provider implements:
Chat(prompt string) (string, error)Name() string
Error: "command not found: go"
# Install Go from https://golang.org/dl/
go version # Verify installationError: Missing dependencies
go mod tidy && go mod downloadError: Build fails
go clean -cache
go build -o ares ./cmd/aresError: "no LLM providers configured"
- Add at least one API key to
ares_config.inior set environment variables - Verify the key is not empty
Error: "all providers failed"
- Check API keys are correct and valid
- Verify internet connectivity
- Check provider API status
- Increase timeout value if needed
Error: "User not found" (OpenRouter 401)
- Verify your OpenRouter API key is correct
- Ensure the key is set in
ares_config.inior environment variable - Check that
OPENROUTER_API_KEYis not empty
- Check internet connectivity
- DuckDuckGo should be accessible from your network
- No VPN restrictions blocking the search
-
API Key Security: Never commit API keys to version control
- Use environment variables in production
- Keep
ares_config.iniin .gitignore
-
Cost Optimization:
- OpenRouter free models are cost-effective
- Set timeout appropriately (default: 30 seconds)
- Use faster models for time-sensitive operations
-
Web Search Optimization:
- The system performs smart searches with relevant keywords
- Results are automatically deduplicated
- Search queries include specific CVE/software names
-
Provider Selection:
- OpenRouter for cost-free options
- OpenAI for high-quality responses
- Groq for fast inference
- Anthropic for safer, more controlled outputs
- Go Version: 1.25.5 or higher
- Memory: 512MB minimum (1GB+ recommended)
- Storage: 500MB for tools and generated artifacts
- Network: Internet access for web search and LLM providers
- Real-time web search (DuckDuckGo integration)
- Shodan API integration
- Threat intelligence from AI models
- Custom search capabilities
- 10+ critical CVEs in database
- CVSS scoring (0-10)
- Exploitability ratings
- Dependency tracking
- Multi-language support
- Obfuscation techniques
- Evasion methods
- Error handling
- Staged delivery
- Auto-download from GitHub
- Version tracking
- Dependency resolution
- Auto-launch in chains
- Web search adds ~2-5 seconds per request (depends on network)
- Most providers respond within 10-20 seconds
- Total request time: ~15-30 seconds per operation
- Can be disabled in config if preferred
- GitHub Wiki: https://github.com/peruz-a/ares/wiki
- Issue Tracker: https://github.com/peruz-a/ares/issues
- Discussions: https://github.com/peruz-a/ares/discussions
ARES v3.0 - Offensive Security Tool
Current Version: 3.0
Language: Go (1.25.5+)
Type: Autonomous Reconnaissance & Exploitation System
All commands are logged and can be repeated with run-id <id>