AAPP-MART is an autonomous offensive security engine designed for security teams and researchers. It predicts attack paths using artificial intelligence and simulates them with a multi-agent red team, helping organizations identify and mitigate risks before they are exploited.
for detailed documentation, please visit AAPP-MART Website
Modern infrastructures are too complex for traditional security testing. AAPP-MART combines predictive AI with autonomous adversarial simulation to continuously evaluate an environment’s real attack surface.
AAPP-MART stands out from traditional offensive security tools in its approach:
- Traditional scanners → static, reactive, often limited to known vulnerabilities.
- BAS (Breach & Attack Simulation) tools → rely on predefined playbooks and limited scenarios.
- AAPP-MART → predictive, autonomous, and adaptive: forecasts attack paths and executes intelligent multi-agent simulations.
By combining AI-driven attack path prediction with autonomous red team simulations, AAPP-MART provides organizations with a forward-looking security posture, not just reactive alerts.
The system operates in two major components:
-
AAPP (AI Attack Path Predictor)
Predicts the most likely attack paths by analyzing services, permissions, vulnerabilities, and configuration weaknesses. -
MART (Multi-Agent Red Team)
Executes autonomous red team simulations using specialized AI agents that emulate real attacker behavior.
Together, they create a fully automated offensive security engine capable of forecasting and simulating attacks end-to-end.
AAPP-MART simulates attacker behavior at the following layers:
- Network-level (services, ports, exposure)
- Identity & permission abuse
- Known vulnerability chaining
- Misconfiguration exploitation
Out of scope:
- Zero-click mass exploitation
- Malware delivery to uncontrolled targets
- Destructive payload execution
These boundaries are enforced by design and configuration defaults to ensure safe, authorized, and ethical use.
AAPP-MART consumes structured security-relevant data, such as:
- Target identifiers (IP address, hostname, environment label)
- Asset and service metadata
- Optional vulnerability scan results
- Optional configuration and permission data
The engine produces analytical security artifacts, including:
- Predicted attack paths
- Simulated adversary decision flows
- Risk-scored findings
- Human-readable reports with mitigation guidance
AAPP-MART operates in controlled modes designed for authorized security assessment and defensive validation.
- No active interaction with the target
- Builds attack graphs and forecasts attacker movement
- Safe for continuous assessment and design-time analysis
- Executes non-destructive, controlled attack simulations
- Focuses on logic flow rather than payload execution
- Designed for lab environments and authorized testing only
Destructive actions and uncontrolled exploitation are intentionally excluded.
AAPP-MART aligns its prediction and simulation logic with the MITRE ATT&CK framework to ensure standardized, explainable, and defensible security findings.
Agent behaviors and predicted attack paths are mapped to high-level ATT&CK tactics and techniques, including but not limited to:
- Reconnaissance → TA0043
- Initial Access → TA0001
- Credential Access → TA0006
- Privilege Escalation → TA0004
- Lateral Movement → TA0008
- Persistence → TA0003
This mapping is used for risk scoring, reporting, and defensive recommendations.
- Builds attack graphs from system data
- Identifies multi-step exploit chains
- Scores risk and exploitability
- Predicts attacker movement before it happens
- Reconnaissance agent
- Exploitation agent
- Privilege escalation agent
- Lateral movement agent
- Persistence agent
- Reporting agent
Agents collaborate and make decisions autonomously, simulating realistic adversary behavior.
- Merges prediction and execution
- Runs attack scenarios mentally before performing them
- Generates detailed reports and mitigation recommendations
AAPP (Prediction Engine)
↓
Predicted Attack Paths
↓
MART (Multi-Agent Red Team)
↓
Autonomous Simulation
↓
Final Report & Defense Recommendations
aapp-mart
├── src/
│ └── aapp_mart/
│ ├── aapp/ # Attack Path Predictor
│ ├── agents/ # Autonomous attacker agents
│ ├── api/ # Optional REST API
│ ├── common/ # Common, reusable base classes or constants
│ ├── cli/ # Command-line interface
│ ├── core/ # Autonomous simulation brain
│ ├── data/ # Sample data & signatures
│ ├── mart/ # Multi-Agent Red Team
│ ├── modules/ # Pluggable engine modules
│ ├── predictors/ # Prediction logic & models
│ ├── reports/ # Generated reports
│ ├── main.py # AAPPMART entry point
│ └── __init__.py # AAPPMART package initializer
│
├── docs/
├── examples/
├── internal_api/
├── ml_training/
├── scripts/
├── tests/
├── ABOUT.md
├── CHANGELOG.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── DISCLAIMER.md
├── LICENSE
├── Makefile
├── README.md
├── SECURITY.md
├── pyproject.toml
├── requirements-dev.txt
├── requirements.txt
└── setup.py
AAPP-MART is a cross-platform Python project and runs on:
- Linux
- macOS
- Windows
No platform-specific dependencies are required.
- AAPP-MART is intended to run in controlled and authorized environments only.
- Some simulation techniques may model sensitive attacker behaviors; use exclusively in isolated lab or test environments.
- The engine avoids destructive actions by design, but misconfiguration or improper use may still pose risks.
- Users are responsible for ensuring compliance with organizational policies, legal requirements, and ethical guidelines.
- Do not deploy AAPP-MART against production systems without explicit authorization and appropriate safeguards.
# 1. Clone repository
git clone https://github.com/secwexen/aapp-mart.git
cd aapp-mart
# 2. (Optional but recommended) Create a virtual environment
# Linux / macOS
python3 -m venv venv
source venv/bin/activate
# Windows (PowerShell)
python -m venv venv
venv\Scripts\activate
# 3. Install dependencies
pip install -r requirements.txtNote: Some modules may be under active development. Functionality may be limited.
AAPP-MART uses environment variables for configuration. For local development, copy the example file and adjust values as needed:
cp .env.example .envNever commit your real .env file, as it may contain sensitive or environment‑specific information.
from aapp_mart.core.orchestrator import AAPP_MART
engine = AAPP_MART(target="192.168.1.10")
engine.run()
report = engine.get_report()
print(report)Note: Example is for demonstration purposes. Some features may not yet be fully implemented.
=== Attack Path Prediction Report ===
Target: 192.168.1.10
[+] Predicted Attack Paths:
1. Internal Reconnaissance → Credential Access → Lateral Movement → Privilege Escalation
2. Initial Access → Exploit Service Vulnerability → Persistence
[+] Risk Score: 8.5 / 10
[+] Recommendations:
- Patch service X and limit privileged account exposure.
- Disable unused open ports.
==========================================Output is illustrative—actual results depend on your environment and enabled modules.
Risk scores and attack paths are heuristic and for demonstration only.
Run an attack simulation:
aapp-mart run --target 192.168.1.10Generate a prediction-only report:
aapp-mart predict --input data/target_profile.json --output report.txtList available modules:
aapp-mart modules listSee the CLI documentation for available commands and advanced options: CLI documentation
To maintain code quality and reliability, please use the following checks before submitting code or pull requests.
- Run all unit tests Make sure your code passes all tests.
pytest- Check test coverage Verify that your changes are covered by tests (coverage.py needs to be installed).
coverage run -m pytest
coverage report- Check code style and linting Ensure your code meets the project's style and static analysis requirements.
make lint # If you have a Makefile with lint target
# or, run pylint directly:
pylint src/aapp_martNote: Some modules are under active development. Certain tests may be skipped or marked as expected failures until those features are fully implemented.
- Automated red teaming
- Continuous security validation
- Attack surface mapping
- Zero-day exposure modeling
- SOC augmentation
- Pre-breach risk forecasting
- AAPP — AI Attack Path Predictor (ey-ey pee-pee)
- MART — Multi-Agent Red Team (maart)
AAPP-MART — The fusion of AI-driven attack path prediction and autonomous multi-agent simulation into a unified attack intelligence engine.
Detailed guides and references are also available in the repository:
- About AAPP-MART
- Full installation guide
- Module development
- Prediction engine details
- Examples and quick starts
- Contributing guidelines
- Changelog
- Security policy
This project is licensed under the Apache License, Version 2.0.
See the LICENSE file for full details.
- Fork the repository and create a feature or fix branch (e.g.
feature/your-feature). - Make your changes and add relevant tests.
- Ensure all tests pass (
pytest) and code style checks (e.g.make lint). - Open a pull request referencing related issues/discussion when possible.
- All PRs must pass CI checks before merging.
Contributions are welcome.
Please open an issue before submitting major changes or new features.
See CONTRIBUTING.md for detailed contribution guidelines.
AAPP-MART development is structured into strategic phases:
Phase 1 – Research & Architecture
- Core AI prediction engine (AAPP) design
- Multi-agent simulation framework (MART) prototyping
- Initial attack graph models and risk scoring
Phase 2 – Core Implementation
- Integration of prediction and simulation engines
- Autonomous agent behaviors for reconnaissance, exploitation, and lateral movement
- MITRE ATT&CK alignment and reporting pipeline
Phase 3 – Ecosystem & Advanced Features
- Graph-based visualization and dashboards
- Cloud and hybrid environment support
- Agent marketplace and reinforcement learning–based decision engine
- Continuous security validation and SOC augmentation
Early-stage open source project. Core implementation is still in progress.
AAPP-MART is currently under active development. This repository provides the foundational architecture, core interfaces, and initial logic of the AAPP-MART engine.
Advanced prediction models, autonomous agent behaviors, and controlled simulation capabilities are being implemented progressively.
AAPP-MART is designed to help organizations understand and reduce their attack surface by simulating adversarial behavior in a controlled and authorized manner. Its primary goal is to improve defensive posture, not to facilitate real-world attacks.
AAPP-MART is intended exclusively for ethical, legal, and authorized security research, penetration testing, and defensive security validation.
The use of this tool against systems, networks, or applications without explicit authorization from the system owner is strictly prohibited and may be illegal.
The authors and contributors of this project assume no responsibility or liability for any misuse, damage, or legal consequences resulting from the use of this software. Users are solely responsible for ensuring compliance with all applicable laws, regulations, and organizational policies.
For support, questions, or feature requests, please open an issue on GitHub: GitHub Issues
You may also use GitHub Discussions for ideas and general discussions.
For responsible disclosure and reporting security issues, please see SECURITY.md.
Secwexen – Project Lead & Maintainer
GitHub: github.com/secwexen