HALO (GEMMA-by-GOOGLE)

Fully local, autonomous AI pentesting agent โ€” a local Gemma model drives a 29-tool MCP server through recon, attack, and reporting. No cloud, no API keys.

Documentation

HALO banner HALO cover

๐Ÿ” GEMMA-by-GOOGLE โ€” HALO

A fully local, autonomous AI penetration-testing agent โ€” Gemma 4-12B driving a Flask MCP tool server through recon, attack, and reporting. No cloud, no API keys.

What It Does ยท Tools ยท Architecture ยท Stack ยท Quickstart ยท Contributing

License Python Tools LM Studio Platform PRs Welcome


HALO is an autonomous security agent that runs inside a Linux environment driven by a local LLM โ€” Gemma 4-12B (uncensored / abliterated) served through LM Studio. It plans, runs reconnaissance, chains attacks based on what it finds, and writes a professional pentest report on its own. Everything runs locally: no cloud, no API keys, nothing leaves your machine.

One word starts an engagement: engage.


What It Does

  • ๐Ÿ” Autonomous recon โ€” masscan + nmap to discover open ports and services
  • โš”๏ธ Autonomous attack loop โ€” selects and chains tools based on what it finds
  • ๐Ÿง  Persistent negative-experience cache โ€” learns what fails across all sessions and stops wasting cycles on proven dead ends
  • ๐Ÿงฉ Adaptive skill injection โ€” loads relevant attack playbooks into the prompt based on the current goal
  • ๐Ÿ“ Automatic HTML reports โ€” compiles findings into a branded report on exit
  • ๐Ÿ”’ 100% local โ€” Gemma 4-12B in LM Studio; nothing leaves your machine

Tool Arsenal

29 tools sit behind the agent's decision loop, all routed through the same failure-caching layer. Registered in SUPPORTED_TOOLS in mcp_server.py.

Recon & OSINT

ToolPurpose
run_subfinderSubdomain enumeration
run_httpxHTTP probing and fingerprinting
run_katanaWeb crawling
run_sherlockUsername OSINT across 90+ platforms
run_shodanInternet-exposure intelligence lookups
run_phoneinfogaPhone-number OSINT
run_cloudfoxCloud-infrastructure enumeration
run_wafw00fWAF / security-solution fingerprinting

Scanning

ToolPurpose
run_masscanFast port discovery
run_nmapDeep service/version scanning
run_niktoWeb vulnerability scanning
run_nucleiTemplate-based vulnerability scanning
run_netstatNetwork connection analysis

Web & Fuzzing

ToolPurpose
run_gobusterWeb directory brute forcing
run_ffufWeb fuzzing
run_curlHTTP request testing
run_wgetFile retrieval

Exploitation

ToolPurpose
run_sqlmapSQL injection testing
run_searchsploitExploit lookup
run_exploitSandboxed execution of custom PoC scripts
run_setoolkitSocial-engineering toolkit

Credentials

ToolPurpose
run_hydraCredential brute forcing
run_ncrackNetwork authentication cracking
run_medusaFast parallel brute forcing
run_johnHash cracking

Enumeration & System

ToolPurpose
run_enum4linuxSMB / Samba enumeration
run_commandArbitrary command execution
read_fileRead file contents
write_fileWrite output to files

Architecture

agent_loop.py  โ”€โ”€โ–บ  mcp_server.py (Flask, port 8000)  โ”€โ”€โ–บ  security tools
     โ”‚
     โ”œโ”€โ”€โ–บ  agent_cache.py         (persistent negative-experience cache)
     โ”œโ”€โ”€โ–บ  skills.py              (adaptive playbook injection)
     โ””โ”€โ”€โ–บ  report_generator.py    (auto HTML pentest report on exit)

Multi-agent layer

Engagements are coordinated by a set of specialist agents that pass a shared message schema (agent_schema.py):

AgentRole
planner_agent.pyTurns a goal into an ordered plan
orchestrator_agent.pyRoutes tasks to the right specialist
vuln_discovery_agent.pySurfaces candidate vulnerabilities
attacker_agent.pyBranches into vuln-class specialists (SQLi, brute force, IDOR, SSRF, XSS, auth)
validator_agent.pyConfirms findings against real evidence before they count
debugger_agent.pyDiagnoses failed tool runs and adjusts

Sovereign Agent Layer

The negative-experience cache fingerprints every tool call. A call that fails gets one retry; fail twice and it is blacklisted, so the agent moves on to a more practical tool for the job. Over an engagement the agent structures its own trial-and-error learning โ€” building context, avoiding repeated dead ends, and escalating intelligently โ€” rather than re-running what it has already proven doesn't work.


How It Was Built

HALO was built solo, from the ground up, in under six months by a self-taught developer and security researcher. The multi-agent core came together one specialist at a time, each verified against a real target before moving on:

  • Day 1 โ€” Shared language: a common message schema (agent_schema.py) so the agents can talk to each other
  • Day 2 โ€” Planner: turns a goal into an ordered plan, verified against live LM Studio
  • Day 3 โ€” Orchestrator: routes each task to the right specialist
  • Day 4 โ€” Vuln Discovery: surfaces candidate vulnerabilities, tested against a live Metasploitable target
  • Day 5 โ€” Attacker: branches into SQLi / brute-force / IDOR / SSRF / XSS / auth specialists
  • Day 6 โ€” Debugger: diagnoses failed tool runs and adjusts
  • Validator + reporting: findings are confirmed against real evidence before they count, then compiled into a client-readable report

From there the arsenal grew to 29 tools, and the negative-experience cache turned trial-and-error into persistent learning across sessions. Active development continues โ€” new capabilities are pushed regularly.


Stack

  • Model: Gemma 4-12B Instruct Abliterated (GGUF via LM Studio) โ€” works with any local model of your choosing
  • Agent: Python autonomous loop with MCP tool calls
  • MCP Server: Flask on port 8000
  • OS: Kali Linux (tested under UTM on Apple Silicon M1)
  • Hardware reference: MacBook Pro M1, 16 GB RAM

Quickstart

See docs/QUICKSTART.md for full setup. In short:

git clone https://github.com/XenoCoreGiger31/GEMMA-by-GOOGLE.git
cd GEMMA-by-GOOGLE
python3 -m pip install requests flask

python3 mcp_server.py       # terminal 1 โ€” Flask tool server on port 8000
python3 agent_loop.py       # terminal 2 โ€” the agent

>>> engage 192.168.64.3     # full autonomous recon + attack
>>> run nmap on 10.0.0.1    # single-goal query
>>> exit                    # triggers HTML report generation

Note: some paths in the source are set for the original author's environment. Adjust the constants near the top of agent_loop.py, mcp_server.py, and agent_cache.py to match your machine.


Contributing

Contributions from the security, AI, and Python communities are welcome โ€” see CONTRIBUTING.md. Star the repo if it's useful to you, or open a PR and let's build something together.

Actively developed by an independent, self-taught developer and security researcher. New capabilities are pushed regularly.


Disclaimer & Legal

This is a community project by an independent developer. It is not affiliated with, endorsed by, or sponsored by Google LLC. "Gemma" is a trademark of Google LLC.

โš ๏ธ Content warning: The referenced model is heavily abliterated and will respond to sensitive requests without the usual guardrails. Use responsibly, in appropriate environments only.

๐Ÿ”’ Legal warning: This tool is intended strictly for authorized penetration testing and security research on systems you own or have explicit written permission to test. Unauthorized use is illegal.

License

Released under the MIT License.