Impact-Site-Verification: 41b53a0c-6d04-458b-a457-fe9e29acde1a

Developer Tools/Unknownpenetration testingAIsecurityCLI·

Argus Red

Post-trained model for penetration testing

Visit website3 views
Argus Red

What it does

Argus Red is a CLI tool that uses a post-trained model to perform penetration testing. It offers two modes: Security Scan (read-only, self-serve) and Pen Test (active, gated). The Security Scan runs modules like dependency vulnerability analysis, secret detection, SQL injection/XSS vectors, and more. It produces a markdown report with location, severity, cause, and fix direction for findings grounded in your code. The Pen Test mode attempts exploits against authorized systems, with configurable effort levels and agent permissions. The tool runs locally on your machine and is built on Cosine's own model, post-trained for offensive security.

Who it is for

Argus Red is for security engineers, penetration testers, and developers who need to identify vulnerabilities in their code or running systems. The Security Scan is suitable for developers who want a quick, read-only audit of their codebase. The Pen Test mode is for authorized security assessments of live systems, requiring booking and written consent.

Why it matters

Traditional security scanners often rely on off-the-shelf models that refuse to analyze certain parts of code. Argus Red's post-trained model is designed to perform penetration testing without refusals, providing actionable findings. The tool enforces safety through a Go harness that intercepts tool calls, ensuring read-only mode in scans and limiting network egress in pen tests. This allows for thorough security testing while maintaining control.

Launch signal

Argus Red was launched as a Show HN on Hacker News with the title "Show HN: We post-trained a model that pen tests instead of refusing." The tool is free to install, with the first run providing 2M free tokens via a Cosine sign-up. The Pen Test mode is gated and requires booking via Cal.com.

Brand and naming

The name 'Argus Red' evokes the all-seeing Argus from Greek mythology paired with 'Red' for security alerts, creating a strong, memorable brand for a penetration testing tool. The domain argusred.com is likely available and easy to recall. The tagline and website clearly position it as a post-trained model for automated security scanning, with a focus on actionable, code-grounded findings, though the dual 'Security Scan' and 'Pen Test' modes could cause slight positioning confusion.

Founder

dk189

Related

Emphere Automate software vulnerability patching for container imagesSupabase The open source Firebase alternative for building and scaling appsCloudback Automatic daily backups and restores for GitHub, GitLab, Azure DevOps, and Linear.FlyTrap Level 5 autonomous QA testing agent for mobile apps.

Get more like this in our weekly newsletter.