About

TARS was developed in Spring 2024 by Mehmet Yilmaz while he was building a startup called Osgil. This project is a fully open-source effort to automate aspects of cybersecurity penetration testing using AI agents. It demonstrates how far AI has advanced in recent years, showcasing the capability to create AI agents or bots that can use advanced tools to achieve specific goals. Just like in penetration testing, these agents have broader potential, and TARS is a prime example of that.

Long-Term Vision

The long term vision of TARS is to provide intelligent defense solutions by building AI-Agent based tools for automating cybersecurity penetration testing. In short, the plan is:

1. Build agents that can properly use existing cybersecurity tools for vulnerability scanning and threat analysis.
2. Optimize those agents to automate vulnerability identification and patching, instead of just scanning and threat reporting.
3. Build a reactive defensive system that can produce countermeasures against attackers in real-time.
4. (Long Term) Develop tools to prepare for a future where advanced, dynamic, and automated AI-driven attacks can be easily deployed.

Check It Out!

Checkout TARS on Osgil’s GitHub HERE or though Mehmet’s fork on GitHub HERE.

Quick Demos

Current Setup

TARS is ran though Docker because it utilizes Kali Linux OS to run it’s tools. Currently, TARS can utilize the following tools during penetrations testing:

• Nettacker
• RustScan
• Zed Attack Proxy (ZAP)
• Ping
• Nmap
• Basic Web Browsing (though the Brave Search Engine API)

TARS utilizes OpenAI’s GPT-4 for reasoning and logic, while leveraging the CrewAI package to manage its agentic functions. This setup enables TARS to streamline workflows, assess penetration tasks, generate plans, execute commands in Kali Linux, and analyze outputs to determine next steps or reach a final conclusion.