APHIDS
Automated Penetration-testing & Hacking Intelligence Distribution System
40+ offensive security tools. One container. Six execution modes.
AI-native from day one.
Get Started in 30 Seconds#
Full Quick Start Guide Installation Options
Six Ways to Run#
CLI Mode
One-shot scans from YAML config files. Pause, resume, and checkpoint support built in.
aphids-cli -o options.yaml
CLI Mode →
MCP Mode
Expose all 40+ tools to AI agents. Claude Desktop, Windsurf, Cursor — works out of the box.
aphids-cli --mcp
MCP Mode →
Agent Mode
Persistent scanning agents with WebSocket heartbeat, auto-reconnect, and 3 concurrent threads.
aphids-cli --agent --agent-name scanner-01
Agent Mode →
CI/CD Mode
SARIF v2.1.0 output, severity-based pipeline gating, exit code 3 for threshold violations. GitHub Actions, GitLab CI, Jenkins, Azure.
--fail-on-severity high --sarif results.sarif
CI/CD Integration →
Offline Mode
Air-gapped environments. No network, no API key. Results saved locally as JSON.
online: disabled
Unattended Mode
Auto-approve all prompts. Perfect for cron jobs, scheduled scans, and automation.
aphids-cli -o options.yaml --unattended
How It Works#
graph LR
A[options.yaml] -->|Configure| B[APHIDS Container]
B -->|Execute| C{40+ Tools}
C --> D[Nmap]
C --> E[Nuclei]
C --> F[Semgrep]
C --> G[...]
D & E & F & G -->|Parse| H[Structured JSON]
H -->|Upload| I[The Hive]
I --> J[Neo4j Graph]
I --> K[AI Analysis]
I --> L[Reports]
style B fill:#302b63,stroke:#8b5cf6,color:#fff
style I fill:#1a1a2e,stroke:#06b6d4,color:#fff
style J fill:#1a1a2e,stroke:#10b981,color:#fff
style K fill:#1a1a2e,stroke:#ec4899,color:#fff
style L fill:#1a1a2e,stroke:#f59e0b,color:#fff
40+ Security Tools#
| Category | Tools | Target Type |
|---|---|---|
| Port Scanning | Nmap, Masscan | Host / CIDR |
| Vuln Scanning | Nuclei, Nikto, Wapiti | URL / Host |
| Web Application | ZAP, Dalfox, SQLMap, Commix | URL |
| Fuzzing | FFuF, Gobuster, Feroxbuster, Wfuzz, Katana | URL |
| Subdomain Enum | Amass, Subfinder, Sublist3r, DNSx | Domain |
| HTTP Analysis | httpx, WhatWeb, WAFw00f | URL / Domain |
| Secret Detection | Gitleaks, TruffleHog | Directory |
| SAST | Semgrep, Bandit | Directory |
| SCA / Deps | Safety, Dep-Check, Trivy, Grype | Directory |
| Auth Testing | Hydra, JWT Tool | URL / Host |
| Protocol | TestSSL, Smuggler, CORScanner | URL / Host |
| Recon | ParamSpider, Arjun, SearchSploit | URL / Domain |
| Binary | Checksec, Binwalk | File |
| CMS | WPScan | URL |
Hive Platform Integration#
When connected to The Hive, APHIDS becomes part of a complete offensive security operations platform:
Attack Graph Intelligence
Neo4j visualizes relationships between assets, findings, and vulnerabilities. See attack paths emerge from your data.
AI Threat Analysis
Claude analyzes your attack surface via AWS Bedrock. Natural language queries, automated insights, AI-assisted reporting.
Runbooks & Attack Trees
Reusable scan workflows with conditional logic, scope enforcement, and visual graph editors.
Vulnerability Intelligence
CVE/NVD/EPSS enrichment, CVSS v3.1 calculator, SLA tracking, and Jira integration.
Tactical Reporting
Professional pentest reports with AI-generated narratives, finding summaries, and executive overviews.
Multi-Tenant Engagements
Organize work by engagement with isolated data, team access controls, and audit trails.
Environment Variables — No Config File Needed#
The preferred way to configure APHIDS. No config.yaml required.
# This is all you need for online mode
export APHIDS_API_KEY="your-key-here"
aphids-cli -o options.yaml
| Variable | Purpose | Default |
|---|---|---|
APHIDS_API_KEY |
Hive API key | — |
APHIDS_API_URL |
REST API base URL | https://api.hive.darksidesecurity.io/ |
APHIDS_WS_URL |
WebSocket URL | Auto-derived |
APHIDS_CONTAINER_RUNTIME |
docker / podman / nerdctl |
Auto-detect |
APHIDS_TOOL_TIMEOUT |
Per-tool timeout (seconds) | 1800 |
APHIDS_DEBUG |
Debug logging | false |
Full Configuration Reference All Environment Variables
Ready to get started?