CMatrix is an advanced, AI-powered security orchestration platform utilizing a multi-agent architecture to automate security assessments, vulnerability scanning, and threat intelligence. Powered by LangGraph and FastAPI with a Next.js frontend, CMatrix acts as an autonomous security operations center.
- π€ Agentic AI Architecture: Powered by LangGraph for sophisticated tool orchestration and reasoning.
- π Network & Web Scanning: In-depth port scanning, topology discovery, and web vulnerability analysis.
- π§ Vector Memory: Qdrant-powered long-term contextual memory across scanning sessions.
- π‘οΈ Human-in-the-Loop: Approval gates for safe execution of dangerous operations and terminal commands.
- π Stateful Workflows: Checkpoint-based workflow resumption and Celery background task processing.
- π¨ Modern Interface: A stunning Next.js frontend with real-time SSE streaming for live updates.
- π LLM Agnostic: Seamlessly integrate with Gemini, OpenAI, Claude, or local Ollama models.
- π³ Docker Ready: Fully containerized setup for rapid and reliable deployment.
| Category | Technology Stack |
|---|---|
| AI Agents & Orchestration |         |
| Frontend & UI |  |
| Backend & API |  |
| Knowledge Base & Memory |     |
| Infrastructure & Queue |    |
CMatrix supports both local development workflows and a fully containerized Docker approach.
Ensure you have the following installed:
- Docker and Docker Compose
- Git
- Python 3.12+ and Node.js for local native development.
git clone https://github.com/nishan-paul-2022/cmatrix-agentic-red-team.git
cd cmatrix-agentic-red-teamSet up your environment variables by copying the example files:
cp .env.example .envEssential settings for the backend API and database. Edit .env to define:
SECRET_KEY: Security key for standard app operation.DATABASE_URL: Postgres connection string (defaults mapped to Docker setup).
API keys for AI models (e.g., Google Gemini, OpenAI, Anthropic) are configured directly via the UI Settings > LLM Profiles once the app is running. Alternatively, provide configuration explicitly via a app-backend/llm_config.json configuration file.
Choose the deployment method that fits your needs:
This runs the entire system (Frontend, Backend API, Celery Worker, PostgreSQL, Redis, Qdrant) in isolated containers.
# Bring up all services
docker-compose up -d
# Check live logs
docker-compose logs -fDon't forget to run initial database migrations!
docker-compose exec app-backend alembic upgrade headAllows you to run infrastructure (DBs/Redis) in Docker, while running the Frontend and Backend natively for absolute speed in development.
Pre-requisite mapping: Map local host to Docker containers to mock networking:
echo "127.0.0.1 cmatrix-postgres cmatrix-redis cmatrix-qdrant" | sudo tee -a /etc/hostsTerminal 1 β Core Infrastructure:
docker-compose up -d postgres redis qdrantTerminal 2 β Backend API & Worker:
cd app-backend
python -m venv venv && source venv/bin/activate
pip install -r requirements.txt
alembic upgrade head
uvicorn app.main:app --reload --host 0.0.0.0 --port 3012
# Note: You will also need to start Celery in another pane `celery -A app.worker worker`Terminal 3 β Frontend UI:
cd app-frontend
npm install
npm run devAccess Points:
- Frontend Interface: http://localhost:3011
- Backend API & Swagger: http://localhost:3012/docs
- Qdrant Vector Dashboard: http://localhost:6333/dashboard
CMatrix architecture treats AI agents as modular functions. Adding new tools involves drafting robust agent tools under app-backend/app/tools and plugging them directly into the ReAct LangGraph logic.
Testing:
- Backend: Run
pytestinside theapp-backendapplication scope. - Frontend: Use standard
npm testscripts withinapp-frontend.
Code merges trigger Github Actions ensuring full functional and integration tests across container images.
A curated list of state-of-the-art autonomous AI security agents and frameworks that share a similar vision of agentic red teaming and automated VAPT.
-
PentAGI
- π Website: pentagi.com
- π GitHub: vxcontrol/pentagi
- π₯ Demo: Watch on YouTube
A self-hosted, multi-agent AI system designed for autonomous end-to-end penetration testing using sandboxed tools.
-
Shannon
- π Website: keygraph.io
- π GitHub: KeygraphHQ/shannon
- π₯ Demo: Watch on YouTube
An AI-powered "proof-by-exploitation" security agent that validates vulnerabilities through real-world attack simulations.
- HexStrike AI
- π Website: hexstrike.com
- π GitHub: 0x4m4/hexstrike-ai
- π₯ Demo: Watch on YouTube
A Model Context Protocol (MCP) server that empowers LLMs with 150+ professional security tools for autonomous offensive workflows.
-
Claude Code
- π Website: claude.ai/code
Anthropic's official agentic CLI for terminal-based coding, shell execution, and autonomous repository management.
-
OpenClaw
- π Website: openclaw.ai
- π GitHub: openclaw/openclaw
A viral, open-source autonomous AI assistant designed to run locally with direct OS and tool access.
Built with β€οΈ by KAI