HALO (GEMMA-by-GOOGLE)
The HALO server provides a fully local, autonomous AI penetration-testing agent orchestrating a 29-tool arsenal for reconnaissance, attack, and reporting — no cloud or API dependencies required.
Autonomous Penetration Testing: An autonomous agent (driven by a local LLM via LM Studio) plans, executes, chains attacks, learns from failures via a persistent negative-experience cache, and generates branded HTML pentest reports automatically.
Reconnaissance & OSINT
run_subfinder— passive subdomain enumerationrun_httpx— HTTP probing, fingerprinting, and tech-stack detectionrun_katana— web crawling and attack-surface mappingrun_sherlock— username OSINT across 90+ platformsrun_shodan— internet-exposure intelligence for a hostrun_phoneinfoga— phone number carrier/region footprintingrun_cloudfox— AWS cloud infrastructure enumerationrun_wafw00f— WAF and security-solution fingerprinting
Scanning
run_masscan— high-speed async TCP port scanningrun_nmap— detailed port/service/version scanning with script detectionrun_nikto— web server vulnerability and misconfiguration scanningrun_nuclei— template-based vulnerability scanningrun_netstat— active network connection analysis
Web & Fuzzing
run_gobuster— directory, DNS, and vhost brute-forcingrun_ffuf— fast fuzzing for directories, parameters, and vhostsrun_curl— arbitrary HTTP request testingrun_wget— file retrieval and URL mirroring
Exploitation
run_sqlmap— automated SQL injection detection and exploitationrun_searchsploit— Exploit-DB archive lookup by keywordrun_exploit— sandboxed execution of custom Python PoC scriptsrun_setoolkit— scripted social-engineering attack scenarios
Credential Attacks
run_hydra— parallelized network login brute-forcingrun_ncrack— high-speed network authentication crackingrun_medusa— fast, modular, parallel login brute-forcingrun_john— password hash cracking with wordlists
Enumeration & System
run_enum4linux— SMB/Samba share, user, and policy enumerationrun_command— arbitrary shell command execution with sudo auto-escalationread_file/write_file— read and write files, with sudo escalation for protected paths
Interface: Exposed as both an MCP server (for MCP clients) and a Flask HTTP tool server (for the autonomous agent loop). Operates entirely locally using Gemma via LM Studio — no data leaves the machine.
🔐 GEMMA-by-GOOGLE — HALO
A fully local, autonomous AI penetration-testing agent — Gemma 4-12B driving a 29-tool arsenal through recon, attack, and reporting, exposed as a standard Model Context Protocol (MCP) server. No cloud, no API keys.
What It Does · Tools · Architecture · Stack · Quickstart · Contributing
HALO is an autonomous security agent that runs inside a Linux environment driven by a local LLM — Gemma 4-12B (uncensored / abliterated) served through LM Studio. It plans, runs reconnaissance, chains attacks based on what it finds, and writes a professional pentest report on its own. Everything runs locally: no cloud, no API keys, nothing leaves your machine.
One word starts an engagement: engage.
What It Does
🔍 Autonomous recon — masscan + nmap to discover open ports and services
⚔️ Autonomous attack loop — selects and chains tools based on what it finds
🧠 Persistent negative-experience cache — learns what fails across all sessions and stops wasting cycles on proven dead ends
🧩 Adaptive skill injection — loads relevant attack playbooks into the prompt based on the current goal
📝 Automatic HTML reports — compiles findings into a branded report on exit
🔒 100% local — Gemma 4-12B in LM Studio; nothing leaves your machine
Related MCP server: Debugg AI MCP
Tool Arsenal
29 tools sit behind the agent's decision loop, all routed through the same
failure-caching layer. They are defined once in the TOOLS schema registry in
halo_tools.py and served over both transports (MCP and HTTP).
Recon & OSINT
Tool | Purpose |
| Subdomain enumeration |
| HTTP probing and fingerprinting |
| Web crawling |
| Username OSINT across 90+ platforms |
| Internet-exposure intelligence lookups |
| Phone-number OSINT |
| Cloud-infrastructure enumeration |
| WAF / security-solution fingerprinting |
Scanning
Tool | Purpose |
| Fast port discovery |
| Deep service/version scanning |
| Web vulnerability scanning |
| Template-based vulnerability scanning |
| Network connection analysis |
Web & Fuzzing
Tool | Purpose |
| Web directory brute forcing |
| Web fuzzing |
| HTTP request testing |
| File retrieval |
Exploitation
Tool | Purpose |
| SQL injection testing |
| Exploit lookup |
| Sandboxed execution of custom PoC scripts |
| Social-engineering toolkit |
Credentials
Tool | Purpose |
| Credential brute forcing |
| Network authentication cracking |
| Fast parallel brute forcing |
| Hash cracking |
Enumeration & System
Tool | Purpose |
| SMB / Samba enumeration |
| Arbitrary command execution |
| Read file contents |
| Write output to files |
Architecture
A single tool engine (halo_tools.py) owns the arsenal and its schemas; two
thin transports sit on top of it, so the tools are defined exactly once:
agent_loop.py ──HTTP──► tool_server.py ─┐
├─► halo_tools.py ──► security tools
MCP clients ──stdio─► mcp_server.py ──┘ (29-tool engine +
schema registry)
│
├──► agent_cache.py (persistent negative-experience cache)
├──► skills.py (adaptive playbook injection)
└──► report_generator.py (auto HTML pentest report on exit)mcp_server.py— a spec-compliant Model Context Protocol server (stdio, JSON-RPC 2.0). Point any MCP client (Claude Desktop, IDE agents, inspectors) or an MCP registry at it to use HALO's arsenal as standard tools.tool_server.py— the local Flask HTTP tool server (port 8000) the autonomous agent loop drives.
Use HALO as an MCP server
// e.g. an MCP client config
{
"mcpServers": {
"halo": { "command": "python3", "args": ["/abs/path/to/mcp_server.py"] }
}
}A ready-to-submit registry manifest lives in server.json.
Multi-agent layer
Engagements are coordinated by a set of specialist agents that pass a shared
message schema (agent_schema.py):
Agent | Role |
| Turns a goal into an ordered plan |
| Routes tasks to the right specialist |
| Surfaces candidate vulnerabilities |
| Branches into vuln-class specialists (SQLi, brute force, IDOR, SSRF, XSS, auth) |
| Confirms findings against real evidence before they count |
| Diagnoses failed tool runs and adjusts |
Sovereign Agent Layer
The negative-experience cache fingerprints every tool call. A call that fails gets one retry; fail twice and it is blacklisted, so the agent moves on to a more practical tool for the job. Over an engagement the agent structures its own trial-and-error learning — building context, avoiding repeated dead ends, and escalating intelligently — rather than re-running what it has already proven doesn't work.
How It Was Built
HALO was built solo, from the ground up, in under six months by a self-taught developer and security researcher. The multi-agent core came together one specialist at a time, each verified against a real target before moving on:
Day 1 — Shared language: a common message schema (
agent_schema.py) so the agents can talk to each otherDay 2 — Planner: turns a goal into an ordered plan, verified against live LM Studio
Day 3 — Orchestrator: routes each task to the right specialist
Day 4 — Vuln Discovery: surfaces candidate vulnerabilities, tested against a live Metasploitable target
Day 5 — Attacker: branches into SQLi / brute-force / IDOR / SSRF / XSS / auth specialists
Day 6 — Debugger: diagnoses failed tool runs and adjusts
Validator + reporting: findings are confirmed against real evidence before they count, then compiled into a client-readable report
From there the arsenal grew to 29 tools, and the negative-experience cache turned trial-and-error into persistent learning across sessions. Active development continues — new capabilities are pushed regularly.
Stack
Model: Gemma 4-12B Instruct Abliterated (GGUF via LM Studio) — works with any local model of your choosing
Agent: Python autonomous loop with MCP tool calls
Tool transports: a Model Context Protocol server (stdio) for MCP clients, plus a Flask HTTP tool server on port 8000 for the agent loop
OS: Kali Linux (tested under UTM on Apple Silicon M1)
Hardware reference: MacBook Pro M1, 16 GB RAM
Quickstart
See docs/QUICKSTART.md for full setup. In short:
git clone https://github.com/XenoCoreGiger31/GEMMA-by-GOOGLE.git
cd GEMMA-by-GOOGLE
python3 -m pip install -r requirements.txt
python3 tool_server.py # terminal 1 — HTTP tool server on port 8000
python3 agent_loop.py # terminal 2 — the agent
>>> engage 192.168.64.3 # full autonomous recon + attack
>>> run nmap on 10.0.0.1 # single-goal query
>>> exit # triggers HTML report generationNote: endpoints and paths default to a standard local setup (LM Studio on
localhost:1234, HTTP tool server onlocalhost:8000). Override any of them with theHALO_*environment variables — see the environment overrides table. A few author-specific log/cache path defaults remain inagent_cache.pyandtool_server.py; the env vars cover those too.
Contributing
Contributions from the security, AI, and Python communities are welcome — see CONTRIBUTING.md. Star the repo if it's useful to you, or open a PR and let's build something together.
Actively developed by an independent, self-taught developer and security researcher. New capabilities are pushed regularly.
Disclaimer & Legal
This is a community project by an independent developer. It is not affiliated with, endorsed by, or sponsored by Google LLC. "Gemma" is a trademark of Google LLC.
⚠️ Content warning: The referenced model is heavily abliterated and will respond to sensitive requests without the usual guardrails. Use responsibly, in appropriate environments only.
🔒 Legal warning: This tool is intended strictly for authorized penetration testing and security research on systems you own or have explicit written permission to test. Unauthorized use is illegal.
License
Released under the MIT License.
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/XenoCoreGiger31/GEMMA-by-GOOGLE'
If you have feedback or need assistance with the MCP directory API, please join our Discord server