FunnyWolf

FunnyWolf/Viper

Security

Adversary simulation and Red teaming platform with AI

5.1k stars
668 forks
slow
GitHub +11 / week

5.1k

Stars

668

Forks

7

Open issues

1

Contributors

v3.1.11 31 Mar 2026

AI Analysis

VIPER is a red team and adversary simulation platform designed for security professionals conducting authorized penetration testing and cybersecurity assessments. It integrates tools for multi-stage attack simulation across the MITRE ATT&CK framework, featuring an LLM-powered agent for automated decision-making, post-exploitation modules, and workflow orchestration. This platform serves experienced red teamers and penetration testers—not general-purpose security software, and not suitable for...

Security Security Tool Discovery value: 5/10
Documentation 7/10
Activity 7/10
Community 8/10
Code quality 5/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 7/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

llm-agent red-teaming adversary-simulation mitre-attack post-exploitation
Popular Niche/specialized use case Production ready
Deep Analysis · Based on README and public signals
2w ago

Free red team platform with LLM integration takes aim at Cobalt Strike's dominance

Viper is a self-hosted adversary simulation and red team operations platform built for offensive security professionals and penetration testers. It provides a web-based UI, 100+ post-exploitation modules mapped to MITRE ATT&CK, multi-OS implant support (Windows/Linux/macOS), built-in defense evasion, and an integrated LLM agent for automation. Its primary value proposition is being a free, feature-rich alternative to commercial C2 frameworks costing thousands per user annually. The Chinese-origin project has a bilingual README and appears to target both Chinese and international security teams.

Origin

Created in May 2020, Viper appears to have evolved from a Metasploit wrapper into a full-featured C2 and red team platform. The addition of LLM agent capabilities reflects a 2024-2025 feature expansion trend. The project has maintained continuous development for over six years.

Growth

Viper accumulated 5,116 stars over roughly six years, with a modest but steady rate (~18 stars/week recently). Growth likely tracks rising demand for free commercial-grade red team tooling, especially in cost-sensitive Asian security markets. Docker Hub pull counts (referenced in README badge) may be a better adoption indicator than stars, but the exact number is not visible in available metadata.

In production

Docker Hub pull count badge exists in the README but the actual number is not available in provided metadata. Discord community exists (discord.gg link present). Star count of 5,116 with 668 forks suggests meaningful engagement. Adoption in production red team engagements is not independently verified from available data, though forks/stars ratio (~13%) is consistent with practitioner use rather than casual browsing.

Code analysis
Architecture

Appears to be a web-based platform likely composed of a frontend UI and a backend service, deployable via Docker (Docker Hub images referenced). Likely wraps or extends Metasploit functionality based on category context and module count. Python is mentioned for custom module development, suggesting a Python-based backend or plugin layer. The language field is listed as unknown in metadata, which may indicate a polyglot codebase.

Tests

not documented in README

Maintenance

Last push was 2026-05-31, approximately 26 days before the evaluation date — indicating active, recent maintenance. Commit activity badge is present in README, suggesting the maintainer tracks and surfaces this metric deliberately. Issue closure tracking is also displayed, suggesting responsive maintenance practices.

Honest verdict

ADOPT IF: you are a red team practitioner or security researcher needing a free, feature-rich C2 platform with a visual interface, MITRE ATT&CK coverage, and multi-OS support — especially if budget constraints rule out Cobalt Strike. AVOID IF: you require enterprise-grade OpSec guarantees, vendor support, legal indemnification, or are operating in environments where tooling provenance and licensing must be auditable; also avoid if your team operates entirely in English and requires a mature Western contributor ecosystem. MONITOR IF: you are evaluating whether the LLM agent capabilities mature into a meaningfully differentiated automation feature over the next 6-12 months.

Independent dimensions

Mainstream potential

4/10

Technical importance

7/10

Adoption evidence

4/10

Risks
  • License is listed as unknown in metadata — this creates legal uncertainty for commercial or government red team engagements where tooling licensing must be documented.
  • Chinese-origin project with bilingual documentation may face adoption friction in Western enterprise security teams due to supply chain trust concerns, regardless of actual code quality.
  • LLM agent integration quality and reliability cannot be verified from README alone; AI-assisted attack automation in a C2 context carries operational security risks if outputs are unpredictable.
  • Single maintainer or small team risk is plausible given the repository structure; no evidence of a broad contributor base is visible in available metadata, making bus-factor a concern for long-term reliance.
  • Defense evasion and anti-detection capabilities age rapidly as EDR vendors update signatures; without continuous investment in evasion research, the platform may fall behind commercial alternatives in high-security target environments.
Prediction

Viper is likely to maintain steady growth in the Asian security practitioner market and among cost-constrained red teams globally. LLM integration may drive a growth spike if it demonstrably automates meaningful attack phases. Unlikely to displace Cobalt Strike in high-stakes Western enterprise engagements in the near term.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

No language breakdown available.

Information

Last updated
1mo ago
Created
74mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Similar repos

CyberStrikeus

CyberStrikeus/CyberStrike

CyberStrike is an open-source AI-powered offensive security agent that...

1.2k TypeScript Security
Unclecheng-li

Unclecheng-li/VulnClaw

VulnClaw is an AI-driven penetration testing CLI tool that automates the full...

2k Python Security
qualifire-dev

qualifire-dev/rogue

Rogue is an AI agent evaluation and red-teaming platform designed to...

1.1k Python AI & ML
elder-plinius

elder-plinius/T3MP3ST

T3MP3ST is an autonomous multi-agent offensive security framework that...

4.2k TypeScript Security
0x4m4

0x4m4/hexstrike-ai

HexStrike AI MCP Agents is a specialized MCP (Model Context Protocol) server...

10.2k Python Security
vs. alternatives
Cobalt Strike

The dominant commercial C2 framework at $12,600/user/year. Far wider enterprise adoption and a mature ecosystem. Viper explicitly benchmarks against it in its README comparison table, positioning on price and cross-platform support. Cobalt Strike retains advantages in evasion maturity, operator community, and enterprise legitimacy.

BishopFox/Sliver

Another open-source C2 framework (11,404 stars, written in Go). Sliver is widely regarded in the Western security community and has strong multi-platform support. Viper differentiates with a richer UI, automation workflows, and LLM integration; Sliver differentiates with a more active Western contributor base and arguably better OpSec properties.

NightHawk / BruteRatel

Commercial, Windows-focused C2 tools targeting mature red teams. Both exceed $3,000-$10,000/user/year. Viper offers Linux/macOS implant coverage these tools lack, at zero cost, but likely cannot match their evasion sophistication against enterprise EDR in high-stakes engagements.

Metasploit Framework

The foundational open-source exploitation framework. Viper likely builds on or integrates with Metasploit but adds a polished UI, C2 orchestration, and automation that raw Metasploit lacks. They are more complementary than competing at the same layer.

GH05TCREW/pentestagent

An LLM-driven pentest agent (2,680 stars). More narrowly focused on AI-assisted automation than a full C2 platform. Viper's LLM integration appears to be one feature among many rather than its core identity, making these tools potentially complementary.