Skip to content

Strategic-Automation/violin

Repository files navigation

Violin

Violin ☤ — Supervised Agentic Hermes Pentest Profile

Release Ready License: MIT Hermes >= 0.18.0 Kali Linux Parrot OS

31 playbooks · 8 references · 0 plugins · 0 brokers · 100% Hermes built-in tools

Violin is a pluginless Hermes Agent profile for supervised, authorised penetration tests — from reconnaissance through safe exploit validation to reporting. It uses only Hermes' built-in toolsets, skill-based playbooks, and lightweight guard scripts.

hermes profile install https://github.com/StrategicAutomation/violin
hermes -p violin

Features

🔬 31 Methodology Playbooks7 phase playbooks (scoping → recon → exploitation → reporting) + 24 per-vulnerability-class playbooks covering OWASP Top 10, OWASP API Top 10, LLM Top 10, and beyond.
🛡️ Multi-Layer SafetyInteractive scoping (8 questions) → scope validation → guard check → approval gates — every target-touching command validated before execution.
🧠 Pentesting Task TreeStructured artifact tracking every task via `[x]/[ ]/[~]` markers across phases, with command history and hypothesis linking.
🌐 Browser + Web ResearchBrowser toolset for website enumeration. Web toolset for CVE lookup, exploit search, and OSINT.
📋 Evidence-Driven ReportingReproducible evidence with screenshots, tool output, request/response pairs. CVSS 3.1 scoring + auto-patch remediation.
🔗 Hermes-NativeInherits your existing Hermes provider/model. No extra API keys, no per-profile credentials, no lock-in.

Quick Start

# 1. Install the profile
hermes profile install https://github.com/StrategicAutomation/violin

# 2. Start a session
hermes -p violin

# 3. Let Violin ask scoping questions, then run your test
> Run a pentest against example.com
Prerequisites
  • Hermes Agent >= 0.18.0 — installed and on your PATH
  • Hermes provider configured — Violin inherits your normal Hermes provider/model
  • Kali Linux or Parrot OS recommended — Docker Kali, WSL, macOS, Windows, and remote jump boxes also work
Set as default profile
hermes profile use violin

Engagement Workflow

flowchart LR
    A["1. Scoping"] --> B["2. Recon"]
    B --> C["3. Vuln Research"]
    C --> D["4. Exploitation"]
    D --> E["5. Reporting"]
    E --> F["6. Retrospective"]
    
    A -.->|"clarify"| G("Approval Gate")
    B -.->|"guard check"| G
    C -.->|"guard check"| G
    D -.->|"clarify + guard"| G

    style A fill:#1a1a2e,stroke:#e94560,stroke-width:2px
    style B fill:#16213e,stroke:#0f3460,stroke-width:2px
    style C fill:#1a1a2e,stroke:#e94560,stroke-width:2px
    style D fill:#16213e,stroke:#0f3460,stroke-width:2px
    style E fill:#1a1a2e,stroke:#e94560,stroke-width:2px
    style F fill:#16213e,stroke:#0f3460,stroke-width:2px
    style G fill:#2d2d2d,stroke:#ffd700,stroke-width:2px
Loading
Phase Action Safety Gate
1. Scoping 8 questions via clarify User approval
2. Reconnaissance Passive OSINT → tech detection → active scanning Guard + approval
3. Vuln Research CVE lookup, exploit search, attack surface analysis Guard check
4. Exploitation Safe PoC validation per vulnerability class Guard + user approval
5. Reporting Evidence compilation, CVSS scoring, remediation
6. Retrospective Gap analysis, playbook coverage update Mandatory

Architecture

graph TB
    subgraph "Your Machine"
        HE["Hermes Agent"]
        VI["Violin Profile"]
        GUARD["violin_guard.py"]
    end
    
    subgraph "Violin Skills"
        SK["SKILL.md"]
        PB["31 Playbooks"]
        REF["8 References"]
        TEMP["5 Templates"]
    end
    
    subgraph "Hermes Built-in Tools"
        T["terminal"]
        W["web"]
        B["browser"]
        F["file"]
        CE["code_execution"]
        S["skills"]
        CL["clarify"]
        D["delegation"]
        V["vision"]
        TD["todo"]
        P["process"]
    end
    
    LLM["Your LLM Provider"]
    
    HE -->|"hermes -p violin"| VI
    VI -->|"loads"| SK
    SK -->|"routes to"| PB
    HE -->|"calls"| T & W & B & F & CE & S & CL & D & V & TD & P
    HE -->|"inherits"| LLM

    style HE fill:#2d2d2d,stroke:#ffd700,stroke-width:2px
    style VI fill:#1a1a2e,stroke:#e94560,stroke-width:2px
    style GUARD fill:#16213e,stroke:#0f3460,stroke-width:2px
Loading

Enabled Toolsets

10 toolsets configured in config.yaml: terminal, web, browser, file, code_execution, skills, todo, clarify, delegation, vision.

Conversation & Memory Isolation

  • memory.memory_enabled: false — no global memory recall/write
  • memory.user_profile_enabled: false — no global user profile access
  • session_search available for cross-referencing past engagements on the same target
  • Engagement continuity lives in project files (scope docs, evidence, reports)
  • Start a fresh Hermes conversation per engagement to keep boundaries clean

Safety Model

flowchart LR
    subgraph "Layer 1"
        A["8 Scoping Questions"]
        B["Written Authorisation"]
    end
    subgraph "Layer 2"
        C["violin_guard.py validate-scope"]
    end
    subgraph "Layer 3"
        D["violin_guard.py check-command"]
    end
    subgraph "Layer 4"
        E["clarify approval gate"]
    end
    subgraph "Layer 5"
        F["Standards & Blocked Actions"]
    end
    
    A --> B --> C --> D --> E --> F
Loading
  • Authorised testing only — no probing before scoping is complete
  • Approval gates — scope, active recon, and exploitation each require explicit user approval
  • Guard check — every target-touching terminal command validated by violin_guard.py (exit 0=allowed, 1=blocked, 2=review)
  • Non-destructive by default — exploitation limited to safe, reproducible PoC
  • Evidence-first — every finding backed by reproducible tool output, screenshots, request/response pairs
  • Exploit-first validation — no hypothesis advances to Validated without a verification command
  • Fresh context per objective — structured state summaries on phase transitions to prevent context bloat

Full safety policy: skills/pentest/references/standards.md. Forbidden actions: .hermes.md §Forbidden Behaviour.


Repository Layout

violin/
├── .hermes.md              # Project-level agent context
├── SOUL.md                 # Agent identity — senior pentester persona
├── config.yaml             # Profile config (toolsets, safety, memory)
├── distribution.yaml       # Hermes distribution manifest
├── scripts/                # Guard & smoke tests
│   ├── violin_guard.py     # Scope, command & release validation
│   ├── smoke-test.sh       # Linux/macOS release smoke
│   ├── smoke-test.ps1      # Windows supplemental smoke
│   └── kali.sh             # Docker Kali helper
└── skills/pentest/         # Pentest methodology
    ├── SKILL.md            # Orchestrator skill (playbook index, workflow)
    ├── playbooks/          # 31 playbooks (7 phase + 24 vuln-class)
    ├── references/         # 8 reference documents
    └── templates/          # 3 templates (PTT, scope, report)

Release Verification

python scripts/violin_guard.py check-release

Validates: YAML structure, 31 playbooks present, required sections in vuln playbooks, no stale evidence paths, all markdown references resolve.


Optional: Kali Docker Container

One-time setup for a full Kali toolchain on any OS

See scripts/kali.sh for the container exec helper.

docker pull kalilinux/kali-rolling
docker create -it --name kali-pentest \
  -v /path/to/violin/engagements:/engagements \
  kalilinux/kali-rolling bash
docker start kali-pentest
docker exec kali-pentest apt update
docker exec kali-pentest apt install -y kali-linux-headless

Optional MCP Servers

Enhance Violin with community MCP servers
MCP Server Install Purpose
onlinecybertools-mcp-server npx -y onlinecybertools-mcp-server 280+ OSINT/recon tools — whois, SSL check, JWT decode, network diag, hashes
runyourempire/4DA npx -y @runyourempire/4DA Live CVE scanning, dependency health, upgrade planning

Add to config.yaml under mcp_servers: after install. See Hermes MCP docs.


Contributing

See CONTRIBUTING.md for development setup, PR process, and code style.

Security

See SECURITY.md for reporting vulnerabilities.


License

MIT — see LICENSE.

About

Supervised agentic Hermes pentest profile — 31 playbooks, 0 plugins, 100% Hermes built-in tools

Topics

Resources

License

Contributing

Security policy

Stars

3 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors