Exegol

Features

Security Tool Image Deployment - Provides stable and development environments bundled with specialized toolsets for security operations.

Tooling Orchestrators - A system for managing the lifecycle of security images and containers with support for custom volumes and networking.

Isolated Security Environments - The product launches operating systems pre-loaded with curated security tools for consistent operation.

AI-Driven Security Automation - Integrates AI assistants with security tools via standardized protocols to automate complex security workflows.

AI Workflow Orchestration - Exposes a server interface that enables AI assistants to execute complex tasks and manage security operations.

Tool-Protocol Standardizations - Provides a consistent tool-protocol standardization for AI agents to discover and invoke security tools.

Offensive Security Operations - A modular environment that provides curated security tools, scripts, and automated workflows for security operations.

Security Workspace Provisioning - Creates pre-configured security environments from specialized images and opens an interactive shell.

Security Tool Orchestrators - Orchestrates the complete lifecycle and configuration of isolated security environments through a unified CLI.

Container Command Executors - Executes security tools and system scripts directly inside active running containers.

Container Image Management - The product handles the discovery, installation, and updating of environment images from a central registry.

Container Lifecycle Management - Provides a unified interface to shut down running security environments and disconnect associated VPN tunnels.

Container Orchestration Management - Manages the lifecycle of containers and images via remote tool calls for orchestrated security operations.

Container Lifecycle Administration - Controls the lifecycle of operational security containers by starting, stopping, and monitoring active instances.

Workspace Managers - A command-line interface for deploying and managing pre-configured security toolkits within isolated Docker containers.

Container Port Mappings - Exposes internal container services to the host interface using TCP, UDP, or SCTP port mappings.

Container Storage Persistence - Creates shared host-container folders that ensure operational data persists after containers are deleted.

AI Client-Server Communication Protocols - Implements a standardized communication protocol allowing AI agents to discover and trigger security tools in isolated environments.

VPN - Automates the establishment of secure VPN tunnels at container startup using certificates and authentication files.

Container Networking Configurations - Configures network isolation levels using host, bridge, or NAT modes to control container interaction.

Engagement Data Tracking - Stores captured credentials and a dynamic history of commands for rapid retrieval during engagements.

Execution Isolation - The product runs security commands inside a segmented container to maintain system safety and isolation.

Linux Capability Management - Implements fine-grained kernel capability management to grant containers specific administrative rights without full host root access.

Container-Based Isolation - Isolates security tools and operating systems within containers to protect the host system from malicious payloads.

Compromised Host Tracking - Stores and retrieves credentials and host information for compromised targets to streamline security operations.

Shared Tool Repositories - Maintains a centralized repository of tools and scripts accessible to both host and containers.

Team Administration - Centralizes the administration of users, teams, subscriptions, and licenses for professional business groups.

Team Hierarchies - Organizes internal teams into hierarchies to partition users and manage resources at a granular level.

Workspace Administration - Manages persistent volumes, network isolation, and graphical desktops for analysts in containerized environments.

Curated Toolkits - Maintains a curated collection of scripts and tools shared across all active security environments.

Resource Distribution - Distributes curated offline resources and scripts through a unified command-line interface.

Setup Automation Scripts - Runs user-defined shell scripts during the first startup of a new container to automate environment bootstrapping.

Professional License Administration - Centralizes the administration of software licenses, subscription tiers, and user access for professional organizations.

Automated Container Updaters - Updates modules and container images to ensure the latest versions of security tools are installed.

Binary Injection - Adds executable files from a host directory to the container path for immediate use.

Bind Mounts - Uses bind mounts to share host directories with containers, ensuring data persistence across ephemeral environments.

Container Command Execution - Executes a single instruction within a container without launching a full interactive shell.

Image Deletion - Allows for the deletion of locally stored container images to reclaim disk space.

Custom Container Images - The product creates local versions of the operational environment to include project-specific tools or configurations.

Container Package Installation - Installs specific packages and configures custom repositories automatically during container deployment.

Security Distribution Images - Delivers pre-configured security toolsets via a registry of images that can be extended with custom scripts.

Cross-OS GUI Hosting - Enables graphical applications running inside containers to be displayed natively on the host system's display environment.

Security Task Toolkits - The product loads pre-configured environments tailored for specific tasks like web analysis or OSINT gathering.

Background Command Execution - Executes single commands or applications as daemons in the background without occupying the user terminal.

Container Directory Mounting - Binds host directories to container paths to provide specific data requirements and persistence.

VPN Tunnels - Automates the establishment of encrypted VPN tunnels at container startup to route offensive security traffic.

Clock Spoofing - The product manipulates the system clock for child processes to synchronize with remote targets.

X11 Server Sharing - Maps host X11 sockets into containers to render GUI applications directly on the host display.

Ephemeral Session Containers - Launches commands in short-lived containers that are automatically destroyed after the task finishes.

Remote Command Execution Tools - Provides utilities for managing persistent sessions and executing commands on external targets via secure protocols.

Reverse Shells - The product creates dynamic reverse-shell commands and provides tools to stabilize the interactive experience.

Tool Catalogs - Lists available security software and target resources by category to identify tools for specific tasks.

License Distribution - Distributes licenses to specific users or delegates management authority to designated teams.

Client-Server Architecture - Employs a client-server architecture where a CLI communicates with a backend server to manage container lifecycles.

VNC Interfaces - Provides VNC-to-HTTP proxying to enable web-based GUI access to isolated container desktops.

Container State Inspection - Displays the status, size, and versioning of available images and active container configurations.

Remote Desktop Environments - A web-based interface for accessing graphical desktop environments and GUI applications running inside isolated containers.

Web Desktop Environments - Provides a complete desktop environment accessible through a web browser via HTTP or VNC proxying.

Exegol is an offensive security platform and containerized tooling orchestrator designed to deploy and manage isolated security operations environments. It functions as a workspace manager that provisions pre-configured security images and toolkits within Docker containers to protect host systems from malicious payloads.

The platform distinguishes itself by integrating AI security workflow orchestration, allowing AI assistants to discover and trigger security tools through a standardized communication protocol. It further provides remote desktop gateway capabilities, enabling GUI access via X11 socket sharing or web-based VNC-to-HTTP proxying.

The system covers a broad range of operational capabilities, including the management of container lifecycles, automated VPN connectivity, and persistent workspace administration through bind-mounts. It also provides infrastructure management for professional teams, encompassing license distribution, subscription tier tracking, and organizational resource administration.

Additional utilities include shell session logging, temporary file server hosting, and tools for tracking compromised assets and engagement data.

Features