AI-powered security engineering

Security platform with Claude Code integration. MCP tools, templates, agent orchestration for offensive security. 50+ exploit templates and 25+ reusable snippets.

Get Started View Source

armsforge

$ af_list_templates category="exploit" language="python"
bof-exploit      Buffer overflow with ROP chain
format-string    Format string read/write primitive
http-stager      Multi-stage HTTP payload delivery

$ af_detection_lookup type="suspicious_api" pattern="VirtualAllocEx"
Risk: HIGH — Sysmon Event 8, ETW Microsoft-Windows-Kernel-Memory
Bypass: indirect syscall via ntdll stub resolution

FEATURES

Offensive security, AI-accelerated

MCP tools, exploit templates, agent orchestration, and OPSEC analysis — all integrated with Claude Code.

MCP Tool Integration

Six core tools registered via Model Context Protocol with Zod-validated parameters. Browse templates, generate exploits, look up detection risks, and retrieve snippets directly from Claude Code.

$ af_get_template name="bof-exploit" target_os="windows"
Generating buffer overflow exploit...
Target: Windows x64, DEP+ASLR bypass
Template ready — 142 lines, ROP chain included

50+

Exploit Templates

Agent Orchestration

Specialized AI agents for every offensive discipline. Exploit dev, payload engineering, implant scaffolding, OPSEC review, and privesc analysis with model routing.

OPSEC Analysis

Detection risk assessment across AV, EDR, SIEM, and SOC controls. Suspicious API matching, Sysmon correlation, ETW analysis, and AMSI bypass guidance.

Payload Engineering

Multi-stage delivery systems, custom encoders, polymorphic engines. Shellcode loaders in C, C#, Rust, Go, and Nim with evasion techniques.

AI Agents

Implant Development

C2 framework scaffolding with persistent access modules. Domain fronting, beacon jitter, process injection with OPSEC-safe patterns. Memory-only operation support.

$ /armsforge:exploit buffer-overflow --target windows
Agent: exploit-dev (Sonnet)
Generating BOF with ROP chain...
$ /armsforge:opsec-review --code ./payload.c
Risk assessment: 3 findings

Template System

50+ exploit templates and 25+ reusable snippets. Language-specific scaffolds for Python, C#, Rust, and Go with parameter injection.

CAPABILITIES

Full offensive toolkit

Windows-primary with full Linux and macOS support. Every major vulnerability class covered.

Buffer Overflow

Format String

Process Injection

Shellcode Gen

ROP Chains

HTTP Stagers

C2 Implants

Sysmon Evasion

ETW Analysis

AMSI Bypass

Domain Fronting

MCP Tools

Zod Validation

Agent Routing

ptrace (Linux)

macOS Payloads

                ● Full  
                ● Partial  
                ● Not Supported
            

ARCHITECTURE

MCP-driven pipeline

Zod-validated tools, template engine, detection database, and specialized agents with model routing.

MCP Server

Six Zod-validated tools (af_*) registered via Model Context Protocol. Handles template browsing, code generation, detection lookups, and snippet retrieval.

Template Engine

50+ exploit templates indexed by category, language, and architecture. Parameter injection with target-specific customization. Snippet catalog with 25+ reusable patterns.

Detection Database

Suspicious API signatures, Sysmon event mappings, ETW provider analysis, and AMSI trigger patterns. Risk scoring with bypass guidance.

Agent System

Six specialized agents with model routing: exploit-dev, payload-eng, implant-dev (Sonnet), opsec-reviewer (Opus), finding-writer (Haiku), privesc-analyst (Sonnet).

GETTING STARTED

Install and integrate

Clone, build, and start using MCP tools and skills in Claude Code immediately.

build.sh

$ git clone https://github.com/Real-Fruit-Snacks/armsforge.git
$ cd armsforge && npm install
$ npm run build

# Development with watch
$ npm run dev

usage.sh

# MCP tools in Claude Code
$ af_list_templates category="exploit"
$ af_get_template name="bof-exploit"

# Skill invocation
$ /armsforge:exploit buffer-overflow
$ /armsforge:opsec-review