A powerful AI-agentic tool that generates and validates advanced exploit payloads using CrewAI framework.
This project leverages multiple AI agents working together to create, review, and refine exploitation techniques with a focus on EDR evasion and OPSEC considerations.
It follows the methodology of Feedback loop inside agentic workflow.
Red Team operations often require complex exploit payloads that need to:
- Be technically accurate and effective
- Evade modern EDR solutions
- Maintain OPSEC
- Include proper implementation details
- Be thoroughly validated
Manually developing these payloads is time-consuming and error-prone. This project automates the process using AI agents.
The project implements a multi-agent AI system using CrewAI with:
-
Payload Generator Agent: Creates advanced exploit payloads with:
- Technical implementation details
- EDR evasion techniques
- Build instructions
- Testing procedures
-
Payload Reviewer Agent: Validates payloads for:
- Technical accuracy
- Implementation feasibility
- OPSEC considerations
- Documentation completeness
-
Feedback Loop System:
- Automated refinement through up to 3 iterations
- Detailed feedback for improvements
- Quality assurance checks
sequenceDiagram
participant User
participant ExploitPayloadGeneratorHelperFlow
participant PayloadExploitCrew
participant PayloadExploitReviewCrew
participant FileSystem
User->>ExploitPayloadGeneratorHelperFlow: kickoff()
activate ExploitPayloadGeneratorHelperFlow
rect rgb(200, 220, 240)
Note over ExploitPayloadGeneratorHelperFlow: Start: generate_PayloadExploit
ExploitPayloadGeneratorHelperFlow->>PayloadExploitCrew: crew().kickoff(context, feedback)
PayloadExploitCrew-->>ExploitPayloadGeneratorHelperFlow: PayloadExploit_draft
end
rect rgb(220, 200, 240)
Note over ExploitPayloadGeneratorHelperFlow: Router: evaluate_PayloadExploit
ExploitPayloadGeneratorHelperFlow->>PayloadExploitReviewCrew: crew().kickoff(PayloadExploit_draft)
PayloadExploitReviewCrew-->>ExploitPayloadGeneratorHelperFlow: {valid, feedback}
alt is valid
ExploitPayloadGeneratorHelperFlow->>ExploitPayloadGeneratorHelperFlow: route to "completed"
else retry count < 3
ExploitPayloadGeneratorHelperFlow->>ExploitPayloadGeneratorHelperFlow: route to "retry"
ExploitPayloadGeneratorHelperFlow->>PayloadExploitCrew: Retry with feedback
else retry count >= 3
ExploitPayloadGeneratorHelperFlow->>ExploitPayloadGeneratorHelperFlow: route to "max_retry_reached"
end
end
alt completed
ExploitPayloadGeneratorHelperFlow->>FileSystem: Save PayloadExploit.md
FileSystem-->>ExploitPayloadGeneratorHelperFlow: File saved
else max_retry_reached
ExploitPayloadGeneratorHelperFlow->>User: Display final PayloadExploit and feedback
end
deactivate ExploitPayloadGeneratorHelperFlow- Python >=3.10 < 3.13
- UV package manager
- Ollama (for local LLM support)
- Clone the repository:
git clone https://github.com/Abhinandan-Khurana/exploit-payload-generator-ai-agent.git
cd exploit-payload-generator-ai-agent- Install UV if not already installed:
pip install uv
- Install dependencies:
uv pip install -e .
# OR
crewai install- Install Ollama for local LLM support:
curl https://ollama.ai/install.sh | sh- Install whiterabbitneo and hermes3:
ollama pull rfc/whiterabbitneo
ollama pull hermes3- Start Ollama (if using local LLMs):
ollama serve- Run the project
crewai flow kickoff- Save the final payload to
generated_final_payload.mdif validated - Display feedback and retry up to 3 times if issues are found
Results may be redundantor vary between runs due to the nature of LLM responses- The system
prioritizes accuracy over speed - Each iteration improves payload quality through
AI feedback - Local LLMs may provide different results compared to OpenAI's models
Contributions are welcome! Please feel free to submit a Pull Request. For major changes, please open an issue first.