[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81084":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":17,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":40,"readmeContent":41,"aiSummary":42,"trendingCount":16,"starSnapshotCount":16,"syncStatus":17,"lastSyncTime":43,"discoverSource":44},81084,"PHANTOM","OmYarewar\u002FPHANTOM","OmYarewar","👻 AI-Powered Pentesting Command Center — Autonomous security testing with real-time streaming, self-improving AI, unlimited tool iterations, and beautiful dark UI","",null,"JavaScript",55,8,1,10,0,2,13,6,49.16,"MIT License",false,"main",true,[26,27,28,29,30,31,32,33,34,35,36,37,38,39],"ai","ai-agent","autonomous-agent","command-center","cybersecurity","dark-ui","hacking","llm","nodejs","openai","pentesting","red-team","security-tools","websocket","2026-06-12 04:01:31","\u003Cdiv align=\"center\">\n\n# 👻 PHANTOM\n\n### AI-Powered Pentesting Command Center\n\n\n[![CI](https:\u002F\u002Fgithub.com\u002FOmYarewar\u002FPHANTOM\u002Factions\u002Fworkflows\u002Fci.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002FOmYarewar\u002FPHANTOM\u002Factions\u002Fworkflows\u002Fci.yml)\n[![Node.js](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FNode.js-18+-339933?style=for-the-badge&logo=node.js&logoColor=white)](https:\u002F\u002Fnodejs.org)\n[![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-blue?style=for-the-badge)](LICENSE)\n[![Platform](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPlatform-Linux-FCC624?style=for-the-badge&logo=linux&logoColor=black)](https:\u002F\u002Fwww.linux.org\u002F)\n[![PRs Welcome](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPRs-Welcome-brightgreen?style=for-the-badge)](https:\u002F\u002Fgithub.com\u002Fpulls)\n\n**An autonomous AI assistant for penetration testing, security research, and general-purpose tasks.**  \nReal-time tool execution • Unlimited autonomous operations • Self-improving AI • Beautiful dark UI\n\n\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FStatus-Active-22c55e?style=flat-square\" \u002F>\n\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSecurity-Offensive-ef4444?style=flat-square\" \u002F>\n\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAI-Autonomous-6366f1?style=flat-square\" \u002F>\n\n---\n\n\u003C\u002Fdiv>\n\n## 🤔 Why PHANTOM?\n\n- **Zero-Config Tool Execution:** Tools automatically install system dependencies and parse outputs cleanly, so the AI never gets stuck missing a library.\n- **Unbounded Agent Loops:** Unlike standard chat UIs, PHANTOM allows the LLM to call tools recursively until the goal is achieved without needing constant human prompting.\n- **Persistent Context:** The integrated SQLite memory store gives your agent long-term recall across sessions, preventing repetitive scanning or reconnaissance.\n\n## ✨ Features\n\n| Feature | Description |\n|---------|-------------|\n| 🤖 **Any LLM Backend** | OpenAI, OpenRouter, Ollama, LM Studio, DeepSeek, Claude — any OpenAI-compatible API |\n| ⚡ **Real-Time Streaming** | Live tool execution output, typing animations, and AI thinking display |\n| 🔓 **Unlimited Operations** | No tool call limits — PHANTOM runs autonomously until the task is done |\n| 🧠 **Self-Improving** | Creates its own tools, saves execution traces, learns from past runs |\n| 🔑 **Secure Sudo** | One-time sudo password with system validation — persisted securely |\n| 📁 **Workspace System** | Configurable workspace directory for scripts, reports, and file operations |\n| 🧩 **MCP Integration** | Model Context Protocol server management for extended capabilities |\n| 📦 **Skills System** | Import, manage, and create reusable skill packages (.zip import supported) |\n| 🌐 **Web Research** | Built-in web search and webpage scraping for real-time information |\n| 🕷️ **Scrapling Integration** | Anti-bot bypass, Cloudflare solving, JS rendering via [Scrapling](https:\u002F\u002Fgithub.com\u002FD4Vinci\u002FScrapling) |\n| 💾 **Persistent Memory** | Remembers targets, credentials, findings across sessions |\n| 🛑 **Emergency Stop** | Instant abort button to halt any running operation |\n| 🎨 **Premium Dark UI** | Glassmorphism, matrix background, smooth animations |\n\n## 🚀 Quick Start\n\n### Prerequisites\n\n- **Node.js** 18+ ([install](https:\u002F\u002Fnodejs.org))\n- **Python** 3.10+ (for Scrapling integration)\n- **npm** (comes with Node.js)\n- Any **OpenAI-compatible API** key\n- **Docker** (Optional, for containerized usage)\n\n### Installation\n\n```bash\n# Clone the repository\ngit clone https:\u002F\u002Fgithub.com\u002FOmYarewar\u002FPHANTOM.git\ncd PHANTOM\n\n# Install dependencies\nnpm install\n\n# Configure your API\ncp .env.example .env\n```\n\n### Configuration\n\nEdit `.env` with your API provider:\n\n```env\n# OpenAI\nAPI_BASE_URL=https:\u002F\u002Fapi.openai.com\u002Fv1\nAPI_KEY=sk-your-key-here\nMODEL_ID=gpt-4o\n\n# OpenRouter (access to 100+ models)\nAPI_BASE_URL=https:\u002F\u002Fopenrouter.ai\u002Fapi\u002Fv1\nAPI_KEY=sk-or-your-key-here\nMODEL_ID=deepseek\u002Fdeepseek-chat\n\n# Ollama (local, free)\nAPI_BASE_URL=http:\u002F\u002Flocalhost:11434\u002Fv1\nAPI_KEY=ollama\nMODEL_ID=llama3\n\n# LM Studio (local)\nAPI_BASE_URL=http:\u002F\u002Flocalhost:1234\u002Fv1\nAPI_KEY=lm-studio\nMODEL_ID=your-model-name\n```\n\n### Run\n\n```bash\nnpm run dev # START\n```\n\nOpen **http:\u002F\u002Flocalhost:5173** in your browser. That's it! 🎉\n\n### Docker\n\nYou can also run PHANTOM using Docker Compose:\n\n```bash\ndocker compose up --build\n```\nOpen **http:\u002F\u002Flocalhost:3000** in your browser.\n\n\n## 🏗️ Architecture\n\n```text\nPHANTOM\u002F\n├── server\u002F                 # Backend (Express + WebSocket)\n│   ├── ai\u002F\n│   │   ├── llm-client.js   # LLM communication & streaming\n│   │   └── system-prompt.js # Dynamic system prompt builder\n│   ├── tools\u002F\n│   │   ├── executor.js      # Tool execution engine (14 tools)\n│   │   └── registry.js      # Tool definitions for function calling\n│   ├── memory\u002F\n│   │   └── store.js         # SQLite persistence layer\n│   ├── routes\u002F\n│   │   └── api.js           # REST API endpoints\n│   ├── config.js            # Configuration management\n│   └── index.js             # Server entry point\n├── frontend\u002F               # Frontend (Vanilla JS + Vite)\n│   ├── css\u002Fstyles.css       # Dark theme design system\n│   ├── js\u002F\n│   │   ├── app.js           # Main controller & WebSocket\n│   │   ├── chat.js          # Chat rendering & animations\n│   │   ├── settings.js      # Settings panel\n│   │   ├── management.js    # MCP & Skills management\n│   │   └── markdown.js      # Markdown renderer\n│   └── index.html           # Main page\n├── workspace\u002F              # AI workspace (scripts, reports, skills)\n├── .env.example            # Configuration template\n├── vite.config.js          # Vite dev server config\n└── package.json\n```\n\n## 🛠️ Available Tools\n\nPHANTOM has **15 built-in tools** that the AI uses autonomously:\n\n| Tool | Purpose |\n|------|---------|\n| `execute_command` | Run shell commands with auto sudo injection |\n| `read_file` | Read file contents |\n| `write_file` | Write\u002Fcreate files |\n| `list_directory` | List directory contents |\n| `install_tool` | Auto-install packages (apt\u002Fpacman\u002Fpip\u002Fnpm\u002Fgo\u002Fcargo) |\n| `web_request` | HTTP requests for recon & API testing |\n| `search_web` | Web search via DuckDuckGo |\n| `scrape_webpage` | Fetch & parse webpage content |\n| `scrapling_fetch` | ⭐ Advanced scraping — anti-bot bypass, Cloudflare, JS rendering ([Scrapling](https:\u002F\u002Fgithub.com\u002FD4Vinci\u002FScrapling)) |\n| `python_execute` | Execute Python code directly |\n| `save_memory` | Store findings to persistent memory |\n| `recall_memory` | Search persistent memory |\n| `edit_source_code` | Self-modify PHANTOM's own code |\n| `save_trace` | Log execution traces for self-optimization |\n\n## 🔒 Security Notes\n\n- **Sudo passwords** are stored in a local SQLite database on your machine only\n- **API keys** are stored locally and never transmitted except to your configured API endpoint\n- The `.env` file and `phantom.db` are excluded from git\n- PHANTOM runs **locally only** — no external telemetry or data collection\n- The `edit_source_code` tool only works within the project directory and creates backups\n\n## 🎨 Screenshots\n\n\u003Cdetails>\n\u003Csummary>Click to expand\u003C\u002Fsummary>\n\n### Main Interface\nThe dark-themed command center with matrix background, real-time streaming, and AI thinking display.\n\n### Settings Panel\nConfigure API provider, model, temperature, workspace, and sudo access.\n\n### Management Panel\nManage MCP servers and skills with tabbed interface and .zip import.\n\n\u003C\u002Fdetails>\n\n## ⚙️ Settings (via Web UI)\n\nAll settings can be configured from the web UI and **persist across restarts**:\n\n- **API Configuration** — Base URL, API key, model, temperature, max tokens\n- **Workspace** — Default directory for all AI file operations\n- **Sudo Password** — System-validated and securely stored\n- **MCP Servers** — Add\u002Fremove Model Context Protocol servers\n- **Skills** — Import .zip skill packages or let AI create them\n\n## 🧠 How It Works\n\n1. **You ask** — Type a request in the chat\n2. **AI thinks** — Reasoning displayed in real-time (for supported models)\n3. **AI acts** — Executes tools autonomously with live output streaming\n4. **AI reports** — Clean, formatted results with typing animation\n5. **AI learns** — Saves traces and memories for future optimization\n\nPHANTOM implements ideas from [Meta-Harness](https:\u002F\u002Farxiv.org\u002Fabs\u002F2603.28052) for automated harness optimization — the AI can review its own execution traces and improve its approach over time.\n\n## 📋 API Endpoints\n\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `\u002Fapi\u002Fsettings` | GET\u002FPUT | Configuration management |\n| `\u002Fapi\u002Fconversations` | GET\u002FPOST | Conversation CRUD |\n| `\u002Fapi\u002Fconversations\u002F:id` | GET\u002FDELETE | Single conversation |\n| `\u002Fapi\u002Ftools` | GET | List available tools |\n| `\u002Fapi\u002Fmemory` | GET | Query persistent memory |\n| `\u002Fapi\u002Fmcp\u002Fservers` | GET\u002FPOST\u002FDELETE | MCP server management |\n| `\u002Fapi\u002Fskills` | GET | List installed skills |\n| `\u002Fapi\u002Fskills\u002Fupload` | POST | Import skill (.zip) |\n| `\u002Fapi\u002Fsudo\u002Fvalidate` | POST | Validate sudo password |\n| `\u002Fapi\u002Fsystem\u002Finfo` | GET | System information |\n| `\u002Fws` | WebSocket | Real-time chat & streaming |\n\n## 🗺️ Roadmap\n\n- [x] MCP server integration\n- [x] Skills system with .zip import\n- [x] Persistent memory (SQLite)\n- [ ] Docker support\n- [ ] Multi-agent orchestration\n- [ ] Web UI for memory visualization\n- [ ] CVE database integration\n\n## 📝 Changelog\n\n**v0.1.0** — Initial release: 15 tools, MCP support, streaming\n\n## 🤝 Contributing\n\n1. Fork the repository\n2. Create your feature branch (`git checkout -b feature\u002Fawesome`)\n3. Commit your changes (`git commit -m 'Add awesome feature'`)\n4. Push to the branch (`git push origin feature\u002Fawesome`)\n5. Open a Pull Request\n\n## 📄 License\n\nThis project is licensed under the MIT License — see the [LICENSE](LICENSE) file for details.\n\n## ⚠️ Disclaimer\n\nPHANTOM is designed for **authorized security testing only**. Always obtain proper authorization before testing any systems. The developers are not responsible for misuse of this tool.\n\n---\n\n\u003Cdiv align=\"center\">\n\n**Built with 🖤 for the security community**\n\n\u003C\u002Fdiv>\n","PHANTOM 是一个基于AI的渗透测试指挥中心，旨在通过实时流处理、自我改进的AI和无限工具迭代来实现自主安全测试。项目采用Node.js开发，核心功能包括零配置工具执行、无限制的自主操作循环以及持久化的上下文记忆，支持多种LLM后端如OpenAI等。它适用于网络安全研究、红队演练及一般性任务自动化场景中，尤其适合需要高度自动化且持续改进的安全测试环境。具备美观的暗色UI界面，增强了用户体验。","2026-06-11 04:03:26","CREATED_QUERY"]