The GigaOps Agent

GigaOps is the autonomous red-team operator that runs every audit. It is not a scanner. It plans its own attack chain, executes real commands in a real shell, observes the results, and iterates.

Operator semantics

GigaOps operates with the semantics of an elite human operator:
  • Authoritative scope — every target it receives is treated as authorized for full-scope engagement
  • Stealth-first — defaults to slow, low-noise techniques (nmap -T2, rate-limited hydra)
  • Outcome-oriented — engagement isn’t done until the objective is met or time runs out
  • Evidence-driven — every finding is backed by raw artifacts from successful exploitation
  • Persistent — won’t abandon an attack vector after one failed attempt
This is fundamentally different from a scanner that emits “potential” findings based on version banners. GigaOps confirms.

What the agent has access to

Inside the darkops sandbox, GigaOps has:
  • Bash — arbitrary shell execution with no allowlist
  • Desktop control — full keyboard, mouse, and screen via Claude’s computer-use capability
  • Browser — full Chromium for web target interaction
  • Network access — outbound connectivity to attack any reachable target
  • Persistent disk — for storing intermediate results, wordlists, captures
  • The full offensive toolkit — pre-installed at sandbox boot

The decision loop

For each engagement, GigaOps runs in a loop: 
1. Observe — read the current state (screenshots, last command output, findings so far)
2. Plan — pick the next attack vector based on what's been discovered
3. Execute — run a command, take an action, request a screenshot
4. Analyze — interpret the result
5. Emit — if it's a confirmed finding, write it to the audit
6. Loop — repeat until objective met or time exhausted
Findings are streamed into the audit every few seconds as they’re confirmed — not batched at the end.

How it plans

GigaOps uses Claude’s reasoning to plan, not a fixed playbook. Its decisions are informed by:
  • The mission brief (mode-specific or operator-provided)
  • The full session history visible in its context
  • The output of every previous command
  • Screenshots from the desktop
  • Tool-specific outputs (nmap results, nuclei templates fired, sqlmap progress)
The agent will sometimes abandon a phase early if it’s not producing results, or spend disproportionate time on a single subdomain if it’s yielding findings. This is intentional — it mirrors how a real operator allocates attention.

Tools beyond bash

In addition to bash, the agent has specialized function tools for high-frequency operations:
  • SSTI probe — server-side template injection detection
  • XXE injection — XML external entity testing
  • JWT attacks — algorithm confusion, signature stripping, key disclosure
  • OOB callbacks — out-of-band data exfiltration setup
  • HTTP smuggling — request smuggling detection
  • CORS misconfiguration — origin reflection and credential abuse
  • Deserialization — Java / .NET / Python / Ruby deserialization checks
  • ASP.NET bypasses — IIS short-name disclosure, viewstate decryption
These exist as discrete tools to make the most common probes fast and reliable, rather than reconstructing them from bash on every audit.

Pressure injection

If the agent narrates without acting, the orchestration layer injects pressure prompts:
“Stop narrating. Call bash() now. Pick the next attack vector and execute it.”
This keeps engagements moving and prevents the agent from getting stuck in reasoning loops. Real operators don’t write essays — they execute.

When the engagement ends

The agent transitions to the report phase when:
  • The mission objective is met (Autonomous mode)
  • All applicable phases of the methodology are exhausted (Deep / Shallow modes)
  • The audit time budget reaches expiration (any mode)
The final phase is always report writing, regardless of how the engagement ended. Even on a forced stop, you receive whatever findings were confirmed before time ran out.

Customization

For most engagements, mode selection is enough. When you need precision — specific TTPs, threat actor emulation, assumed-breach scenarios — use Autonomous mode and write the brief yourself. The scope text you provide is injected directly into the agent’s system prompt and treated as authoritative. There is no parsing, no sanitization — be explicit about what you want.

Next steps

Attack Methodology

The 10-phase chain GigaOps follows.

Toolkit

Everything pre-installed in the darkops sandbox.