System architecture

Hermes Pentest Lab

An authorized-testing framework: the Hermes agent orchestrates specialized subagents that drive native Kali tooling against declared targets, with every action bounded by an always-on governance and OPSEC layer, and findings held as DRAFT until an operator signs off.

AUTHORIZE ORCHESTRATE RECON ANALYZE EXPLOIT ⚑ REVIEW REPORT 01 · OPERATOR & AUTHORIZATION Operator Signed rules of engagement Authorized scope 02 · ORCHESTRATION Scope gateruns first Hermes agentsupervisor · delegate · interpret Findings KB14 entries · 5 classes 03 · SUBAGENTS · delegated in parallel Scope OSINT Recon Web Network Report 04 · TOOL EXECUTION · native Kali host (not Docker) WEB ffuf · nuclei sqlmap · gobuster wpscan · whatweb NETWORK / AD nmap · metasploit nxc · impacket responder · hydra bloodhound · hashcat OSINT theHarvester holehe · sherlock shodan · crt.sh NATIVE GUI Burp Suite Wireshark Firefox · FoxyProxy 05 · TARGETS · Docker (lab & sandbox only) OWASP Juice Shop DVWA Neo4j · BloodHound sandbox-linuxisolated · no internet 06 · EVIDENCE & REPORTING STORE Case directory LUKS · append-only · audit.jsonl RENDER Report builder Jinja2 → WeasyPrint / Pandoc OUTPUT PDF · DOCX · MD GOVERNANCE & OPSEC enforced at every phase GOVERNANCE Authorization gate Approval gatesexploit · spray · responder 13-item refusal list Findings stay DRAFTuntil operator approves Cross-validate CVSS ≥ 9.0 audit.jsonl — every action Data-destruction cert OPSEC WireGuard VPN tunnel LUKS-encrypted evidence Session canarytools · VPN · disk pre-flight TEARDOWN Wipe evidence · sign cert Applies across L1–L6: no active request leaves the tunnel or the declared scope.
Amber orchestration & governance gates Teal OPSEC & isolated states Dashed knowledge & cross-cutting feeds
Fig. — Hermes pentest lab · system architecture