The unified red team operations platform.

All the tools a professional security team uses to find real attack paths (scanning, credential testing, attack-graph mapping, exploitation), running as one integrated system on a single appliance. No toolchain chaos. No lost findings. Built for operators.

Request a Demo
Talk to an Operator
Arsenal platform dashboard

Four pillars. One platform.

01 · Data

Unified data model

One correlated graph. Every tool reads from and writes to it. Findings carry source provenance end-to-end.

02 · Output

Operator-grade output

Synthesized attack chains and MITRE-mapped paths, not raw scan dumps.

03 · Trust

Data stays yours

Engagement data never leaves the appliance. The data sanitization engine obfuscates everything sent to frontier AI. Fail-closed.

04 · Defense

Detection-aware

Purple-team intelligence inline on every path: expected detections, Sigma rules, Sysmon coverage, SIEM patterns.

Where Arsenal goes further.

Three capabilities define the gap between Arsenal and any toolchain you assemble yourself. Each was built because no off-the-shelf tool addresses the operator-grade workflow these engagements need.

01 · Intelligence

Attack path intelligence

Two discovery modes run against the Arsenal Graph, a unified graph layer combining network scan results, share enumeration, lateral-movement reachability, AD relationships, and ADCS certificate vulnerabilities into one offensive surface model. Graph correlation runs 115+ predefined queries (Kerberoasting, AS-REP, RBCD, DCSync, ESC1-ESC13, ACL abuse). LLM synthesis identifies chains that pure graph traversal misses, bridging vulnerabilities, harvested credentials, accessible shares, and AD relationships into operator-grade narratives.

02 · Exploitation

Exploit Lab and Smart Exploit Checker

Exploitation raises two operational questions: which exploits are worth running against a given host, and whether each is safe to execute. Arsenal answers both. The Exploit Lab provides isolated, ephemeral Docker sandboxes per POC, with frontier-model safety analysis classifying the POC and flagging dangerous operations before any run. The Smart Exploit Checker correlates enumeration results against Metasploit, ExploitDB, and the GitHub POC corpus, surfacing OPSEC-filtered exploit candidates directly on each host's detail view.

03 · Privacy

Frontier AI without data exposure

Arsenal's AI runs against current frontier models, but engagement data never leaves the appliance. Before any outbound LLM call, a Microsoft Presidio-based sanitization layer anonymizes hostnames, IPs, domains, usernames, credentials, service banners, and share paths. Entities are replaced with consistent per-engagement pseudonyms. The layer is fail-closed; if sanitization errors, the LLM call is rejected.

Arsenal by the numbers.

47

integrated tools

115+

AD & ADCS queries

7k+

Metasploit modules

10k+

Nuclei templates

13

ADCS escalation paths

0

customer bytes leaked

Ready to deploy Arsenal.

Arsenal ships as a single hardened appliance, ready for your Red Team Ops.

Request a Demo
Download the Brief (PDF)