Quick Start • Installation • Features • Documentation • Contributing
Halberd is a multi-cloud attack tool designed for security teams to validate cloud defenses through realistic attack emulation. Supporting Microsoft Entra ID, Microsoft 365, Azure, AWS, and Google Cloud Platform, Halberd enables comprehensive security assessments across your entire cloud ecosystem via an intuitive web interface that runs directly in the browser.
# Pull and run the latest version
docker run -d --name halberd -p 8050:8050 ghcr.io/vectra-ai-research/halberd:main
# Access the web interface
open http://localhost:8050git clone https://github.com/vectra-ai-research/Halberd.git
cd Halberd
docker compose up -dDetailed docker deployment documentation
- Python 3.8.x - 3.12.x
-
Clone the repository
git clone https://github.com/vectra-ai-research/Halberd.git cd Halberd -
Set up Python virtual environment
python3 -m venv venv source venv/bin/activate # Windows: venv\Scripts\activate pip install -r requirements.txt
-
Optional : Install Azure CLI (Required for Azure testing)
# Linux/macOS curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash # macOS with Homebrew brew install azure-cli # Windows - Download from Microsoft documentation
-
Launch Halberd
python run.py
-
Access Halberd
Navigate to
http://127.0.0.1:8050in your browser
# Custom host and port
python run.py --host 0.0.0.0 --port 8080
# Enable TLS
python run.py --ssl-cert /path/to/cert.pem --ssl-key /path/to/key.pem
# Development mode with debugging
python run.py --dev-server --dev-server-debug- Multi-Cloud Coverage: Comprehensive testing across Azure, AWS, GCP, Entra ID, and M365
- Attack Automation: Create and execute complex attack playbooks
- Scheduling Engine: Automate & schedule attacks
- Detailed Reporting: Generate automated reports with actionable insights
- Analysis Dashboard: Real-time visualization of attack paths and results
- Technique Library: Extensive collection of cloud attack techniques
- Playbook Engine: Chain multiple techniques into sophisticated attack scenarios
- Access Management: Built-in credential and session management
- Result Analysis: Rich output formatting with detailed execution logs
Fully integrated AI attack agent to enhance security testing capabilities:
- LLM Integration: Claude powered AI attack agent
- Technique Discovery: Intelligent attack path discovery & context-aware attack execution
- Automated Reporting: AI-generated testing reports tailored to your specific testing scenarios
- Research Integration: Attach images and documents to rapidly create and execute attack paths based on new research and threat intelligence
Enable Attack Agent: Simply click on settings icon in Halberd app and add your Anthropic API key.
- Select Target Cloud: Navigate to
Attackpage and choose target cloud (Azure, AWS, GCP, etc.) - Establish Access: Establish access using a
Initial Accesstechnique - Select Technique: Browse and select attack techniques
- Execute: Configure & run the attack technique
- Review Result: Review technique result in
Responsewindow - Analysis: Analyze overall testing through the
Analyzedashboard - Reporting: Generate comprehensive security assessment report
For detailed usage instructions, checkout Halberd Wiki - Usage
- User Guide - Comprehensive usage instructions
- Deployment Guide - Detailed deployment instructions
- Halberd CLI - Integration and automation guides
We welcome contributions from the security community! Please review our contribution guidelines before submitting pull requests.
- Issues: GitHub Issues
- Documentation: Halberd Wiki
- Community: Discussions
Halberd is developed by Arpan Sarkar and inspired by the outstanding work of the cloud security community. Special thanks to all contributors who have helped make this project possible.
