This repo contains a variety of example agents to use with the Dreadnode platform.
All examples share the same project and dependencies, you setup the virtual environment with uv:
export UV_INDEX_DREADNODE_PYPI_PASSWORD=<platform-api-key>
uv syncUV_INDEX_DREADNODE_PYPI_PASSWORD is currently required to install the
dreadnode package from the private PyPi repository
Based on research from Google DeepMind, this agent works to solve a variety of CTF challenges given access to execute bash commands on a network-local Kali linux container.
uv run -m dangerous_capabilities --helpThe harness will automatically build all the containers with the supplied flag, and load them as needed to ensure they are network-isolated from each other. The process is generally:
- For each challenge, produce P agent tasks where P = parallelism
- For all agent tasks, run them in parallel capped at your concurrency setting
- Inside each task, bring up the associated environment
- Continue requesting the next command from the inference model - execute it in the
envcontainer - If the flag is ever observed in the output, exit
- Otherwise run until an error, give up, or max-steps is reached
Check out ./dangerous_capabilities/challenges/challenges.json to see all the environments and prompts.
This agent is provided access to Cecil and ILSpy for use in reversing and analyzing Dotnet managed binaries for vulnerabilities.
uv run -m dotnet_reversing --helpYou can provide a path containing binaries (recursively), and a target vulnerability term that you would like the agent to search for. The tool suite provided to the agent includes:
- Search for a term in target modules to identify functions of interest
- Decompile individual methods, types, or entire modules
- Collect all call flows which lead to a target method in all supplied binaries
- Report a vulnerability finding with associated path, method, and description
- Mark a task as complete with a summary
- Give up on a task with a reason