Skip to main content
Every sandbox ships with a full security toolchain already installed, and the agent invokes these tools straight from the terminal. There is nothing to configure: when a task starts, the tools are already there, ready to run exactly as you would on your own workstation.

What it includes

  • ProjectDiscovery suite: Nuclei, Subfinder, DNSx, Httpx, Naabu, Katana, tlsx, asnmap, and the rest of the toolkit
  • Red team stack: Impacket, NetExec, BloodHound, Responder, Hydra, John, Kerbrute, and Chisel
  • Web application tools: SQLMap, Semgrep, ffuf, Gitleaks, and TruffleHog
  • Runtimes and CLIs: Python, Go, Node.js, Docker, and cloud CLIs for AWS, Azure, GCP, and GitHub
  • Connectivity: VPN clients for reaching internal and isolated network targets

How it fits in

These tools are not registered with the model one by one. Instead the agent reaches them through its command and script execution tools, running each binary and chaining its output into the next step. Because the agent has root access, it can also install anything that is missing in the middle of a task. You can bring your own binaries, scripts, and wordlists. Anything you install into your sandbox persists across tasks, and the agent treats your custom tooling the same way it treats the pre-loaded suite. See Sandboxes for more on the environment and how to extend it.