Share
## https://sploitus.com/exploit?id=1BA014E3-69D1-53E6-A62B-087B7D42FCE7
PRAETOR
Policy-governed Reconnaissance, Exploitation And Testing ORchestrator

An LLM-driven autonomous penetration-testing orchestrator that you can actually run safely β€”
because scope, phase limits, destructive-action confirmation, and a full audit trail are built into its core,
and every offensive action ships with the blue-team detection it would trip.



Quickstart Β·
Why it's different Β·
How it works Β·
Governance Β·
Safety


---

> **Authorized use only.** PRAETOR is for systems you own or have **written permission** to test, and for CTF / lab environments. The scope file *is* the authorization boundary β€” the tool refuses to touch anything outside it, and refuses to run at all without an explicit `authorized: true` attestation. See [Safety & legal](#safety--legal).

## What it is

Point PRAETOR at a **scope file** and it drives a full engagement autonomously:

```
recon ──▢ scan ──▢ exploit ──▢ loot ──▢ report
   β”‚        β”‚         β”‚          β”‚         β”‚
   └── every step is gated by scope + phase + destructive policy,
       logged to an append-only audit trail, and mirrored into the
       blue-team detection a defender would have seen.
```

It orchestrates the standard toolchain (`nmap`, `nuclei`, `httpx`, `ffuf`, …) when those tools are installed, and falls back to a **deterministic simulator** so the entire chain β€” and the whole test suite β€” runs offline with zero external dependencies.

## Why PRAETOR is different

The current crop of autonomous pentest frameworks optimizes for raw power. PRAETOR optimizes for **governed, auditable autonomy** and **purple-team value**:

| | Typical autonomous pentest tool | **PRAETOR** |
|---|---|---|
| Scope enforcement | often advisory | **hard gate** β€” out-of-scope targets are refused, not scanned |
| Authorization | implicit | **explicit `authorized: true` attestation required to run** |
| Destructive actions | just runs | **policy + confirmation gate**, off by default |
| Auditability | logs, maybe | **append-only JSONL of every action, decision, and result** |
| Defensive value | none | **blue-team mirror** β€” every action emits its MITRE ATT&CK id + Sigma rule |
| Runs with no tools installed | no | **yes** β€” deterministic simulator mode |
| LLM outage / no key | breaks | **degrades to a deterministic planner** |

The **blue-team mirror** is the headline: PRAETOR is simultaneously an attacker *and* a detection-engineering teaching tool. Run it against a lab box and it hands you the Sigma rules and log sources that would have caught it.

## Quickstart

```bash
git clone https://github.com/Dhanush-Aries/praetor && cd praetor
uv venv && uv pip install -e .          # or: pip install -e .

# 1. See what tools you have
praetor tools

# 2. Validate a scope (dry, no scanning)
praetor scope-check -s scope.example.yaml

# 3. Run fully offline against the built-in simulated lab (no tools, no network)
praetor run -s scope.example.yaml --offline --yes

# 4. Real recon against nmap's permission-granted test host
praetor recon -s scope.example.yaml
```

Every run writes `praetor-audit.jsonl` (the audit trail) and `praetor-report/` (Markdown + JSON + **SARIF 2.1**).

## How it works

```
                    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
   scope.yaml ─────▢│  Orchestrator loop  (reconβ†’scanβ†’exploitβ†’loot) β”‚
                    β”‚                                               β”‚
   Planner ────────▢│  1. build candidate actions (wrappers / sim)  β”‚
   (LLM or          β”‚  2. planner orders / selects                  β”‚
    deterministic)  β”‚  3. ── Gate ──▢ scope? phase? destructive?    │──▢ block / allow
                    β”‚  4. ToolRunner (argv, no shell) or simulator  β”‚
                    β”‚  5. parse β†’ findings β†’ blue-team enrich       β”‚
                    β”‚  6. append to audit log                       β”‚
                    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                             β–Ό
                              report.md Β· report.json Β· report.sarif.json
```

- **Planner** β€” an LLM (Anthropic/OpenAI, auto-detected from env keys) orders candidate actions and decides escalation; with no key it transparently falls back to a deterministic planner.
- **Tool wrappers** β€” uniform `build()/parse()` interface around real CLIs; `nmap` output is parsed into structured findings.
- **Simulator** β€” deterministic vulnerable lab (`*.lab` hosts) so the exploit chain is reproducible for demos and CI.

## Governance

The scope file is the contract:

```yaml
name: "local-lab-demo"
mode: lab                 # lab = full chain permitted; authorized = conservative
authorized: true          # explicit attestation β€” REQUIRED to run
max_phase: exploit        # recon | scan | exploit | loot | report
allow_destructive: false  # writes/deletes/submits need this + confirmation
allow_hosts:  [scanme.nmap.org, localhost]
allow_cidrs:  [127.0.0.0/8, 10.0.2.0/24]
deny_hosts:   []          # always-block wins over allow
targets:      [scanme.nmap.org, http://localhost:8080]
```

The **Gate** evaluates every action in order β€” authorization β†’ in-scope β†’ phase ceiling β†’ destructive policy β€” and records an allow/block decision (with a human-readable reason) to the audit log before anything executes.

## Safety & legal

PRAETOR is a **defensive-minded offensive tool** built for authorized engagements, CTFs, and labs. Scanning or exploiting systems you do not own or have explicit permission to test is illegal in most jurisdictions. The author does not condone unauthorized use. The scope gate and audit trail exist precisely to keep usage lawful and accountable β€” do not remove them.

## License

MIT β€” see [LICENSE](LICENSE).