GRIN

Foothold → root → flag, fully autonomous. You bring the key.

>> ONE-LINER INSTALL / kali · debian
curl -fsSL https://raw.githubusercontent.com/parsazolfaghar/grin/main/scripts/install.sh | bash
STAR ON GITHUB GET IT
★ 6/6 ON THE GAUNTLETKALI + BLACKARCHFAIL-CLOSEDZERO BABYSITTING
[ SCROLL ]
[ LIVE ] one goal → flag captured
grin capturing a flag autonomously
[ 01 / WHAT IT IS ]

A full red-team operator in one command.

Point it at an authorized target, give it a goal, walk away. It footholds, escalates, pivots, and captures proof on its own — the last mile is deterministic code, not a hopeful prompt. Every action runs through a fail-closed spine, so it can't leave the scope you set.

[ 02 / CAPABILITIES ]

Why it actually lands.

D-01

Deterministic closers

When the model would stall, code finishes the job through the spine — the win isn't left to luck.

cred-sweep / web-rce / sudo-gtfo / suid-hijack / lfi-crack / ssh-loot
D-02

The Grin Brain

Cross-engagement memory — applies the proven play every time, learns from every win and wall.

D-03

Dual arsenal

Self-provisioning Kali + BlackArch. A laptop with Docker is a full rig.

D-04

Fail-closed spine

resolve → authorize → gate → execute → audit. Out-of-scope is refused.

D-05

Broad coverage

nuclei brings thousands of CVE/misconfig checks — each an evidence-backed finding.

D-06

One-button updates

One click updates the code, the in-container helpers, and the brain — all three layers.

code · helpers · brain — one button
[ 03 / FULL FEATURE SET ]

Everything it does.

The actual machinery. Runs on macOS, Windows, and Linux.

DESKTOP APP
macOS · Windows · Linux
BRAIN
Cloud or Local
ARSENAL
Docker, anywhere

Fail-closed spine

  • One execution path: resolve → authorize → gate → execute → audit
  • Scope + exclude enforcement — out-of-scope is refused
  • Action classes: passive / active-scan / exploit / post-exploit
  • ROE time-window enforcement
  • Append-only audit log of every allow & refuse
  • Self-host destruction guard

Autonomy & control

  • Modes: autonomous / action-gated / phase-gated
  • Per-action approve / deny gating
  • Capture checkpoints on each new flag
  • Cooperative Stop mid-run
  • Pause & resume gated engagements
  • Frictionless-within-authorization defaults

Multi-agent core

  • Orchestrator — plans objectives, chases leads, replans
  • Executor — per-objective observe→act loop
  • Analyst — reads findings, proposes follow-ups
  • Medic — rescues stalls, records lessons
  • Reporter — writes the deliverable

Grin Brain (learning)

  • Persistent cross-engagement memory
  • Detects the live situation, injects the proven play
  • Playbooks (do) + pitfalls (avoid), reinforced by outcome
  • Ships seeded; learns from every win & wall
  • Syncs new plays on update

Deterministic closers

  • cred-sweep — default / weak SSH creds
  • web-rce — command-injection / SSTI RCE
  • sudo-gtfo — sudo-NOPASSWD GTFOBins privesc
  • suid-hijack — SUID PATH-hijack privesc
  • lfi-crack — traversal → offline crack → SSH
  • ssh-loot — SSH-key lateral movement

Recon & exploitation

  • nmap service / port discovery
  • gobuster / ffuf content + parameter fuzzing
  • nuclei — thousands of CVE / misconfig templates
  • web-scan — reflected-XSS discovery
  • sqlmap — SQLi test & dump
  • subfinder / httpx — external attack surface
  • grin-shell — drives interactive tools (msf / ssh)
  • john + rockyou — offline cracking

Arsenal & environments

  • Self-provisioning Kali + BlackArch containers
  • Complementary tool split across both distros
  • Auto-install missing tools (ask / auto / never)
  • Envs: local / ssh / docker / arsenal / auto
  • A laptop with Docker = a full rig

Brains & models

  • Any OpenAI-compatible cloud (DeepSeek / Groq / OpenRouter)
  • Local Ollama — no cloud at all
  • Per-role model routing (planner / recon / exploit)
  • Cloud→cloud fallback tiers (survive an outage)
  • BYO key — never proxied, never seen

Strength & stealth

  • Strength: recon / normal / aggressive / max
  • Aggressive = full ATT&CK catalog sweep
  • Stealth: off / quiet / paranoid
  • Egress proxy / Tor, slow timing, UA rotation
  • MAC / hostname spoof where it bites

Output & evidence

  • Reports: Markdown / SARIF / HTML
  • Loot capture (credentials, keys, flags) in full
  • Evidence-gated findings — a tool actually ran
  • ATT&CK coverage mapping
  • Deterministic "discoveries" view
  • CI mode — fail a build on findings ≥ severity

App & workflow

  • Natural-language Engage bar (target + goal → scoped run)
  • MODE / STRENGTH / STEALTH / TOOLS toggles
  • Live findings / loot / audit / discoveries
  • Approve / deny actions + tool installs
  • Export Report button (no terminal)
  • Playbooks: recon / external-asm / internal / bug-bounty / ctf

Platform & ops

  • macOS · Windows · Linux
  • One-button complete update (code + helpers + brain)
  • grin doctor preflight
  • grin --version + CHANGELOG
  • Full CLI: engage / ci / report / loot / arsenal / brain …
  • Built-in graded lab + benchmark
[ 04 / INSTALL ]

One line. Then your key.

>> RUN ON KALI / DEBIAN
curl -fsSL https://raw.githubusercontent.com/parsazolfaghar/grin/main/scripts/install.sh | bash

Installs the CLI + desktop app, the Kali/BlackArch arsenal, and the seeded brain. Needs git and docker.

[ 05 / RULES & TERMS — READ THIS ]

What you do with this is on you.

GRIN is real offensive tooling. The guardrails keep it inside the scope you authorize — they don't make unauthorized use lawful. By installing or running it, you accept the following.

  1. 01

    Authorized targets only

    Use GRIN exclusively against systems you own or hold prior, explicit, written authorization to test. Attacking anything else is illegal (CFAA & equivalents worldwide) and entirely your responsibility.

  2. 02

    Bring your own API key

    We provide no API, no model, no credentials. GRIN never routes your traffic through us — your key, your endpoint, your data. We have zero visibility into your targets or activity.

  3. 03

    No warranty, no liability

    The software is provided AS IS. The author is not liable for any damage, loss, or claim arising from it — including actions you or anyone else take with it. You assume all risk.

  4. 04

    All rights reserved — no reuse

    Source-available for viewing only. You may run an unmodified copy for your own authorized testing. You may not copy, modify, redistribute, sell, or build derivatives, in whole or part. See LICENSE.

  5. 05

    The guardrails are a feature, not a leash

    The fail-closed spine, scope enforcement, and audit trail exist to keep your authorized engagement clean and defensible. Don't try to defeat them.

[ 06 / SHIP IT ]

Point it. Authorize it.
Walk away.

One command installs the whole thing. If it's your kind of tool, star it.

curl -fsSL https://raw.githubusercontent.com/parsazolfaghar/grin/main/scripts/install.sh | bash
STAR ON GITHUB Star