@@ -110,7 +110,7 @@ Claude: [calls lazyown_set_config -> lazyown_auto_loop]
110110| `LAZYOWN_C2_USER` | `payload.json c2_user` | C2 username |
111111| `LAZYOWN_C2_PASS` | `payload.json c2_pass` | C2 password |
112112
113- ## MCP Tool Groups (78 tools)
113+ ## MCP Tool Groups (81 tools)
114114
115115| Group | Tools | Description |
116116|-------|-------|-------------|
@@ -120,6 +120,7 @@ Claude: [calls lazyown_set_config -> lazyown_auto_loop]
120120| C2 / Implant Control | 10 | c2_command, c2_status, get_beacons, run_api, c2_profile, c2_vuln_analysis, c2_redop, c2_search_agent, c2_script, c2_adversary |
121121| Session Awareness | 4 | session_status, session_state, list_sessions, read_session_file |
122122| Autonomous Loop | 3 | auto_loop, policy_status, recommend_next |
123+ | **ACI — Autonomous Campaign Intelligence** | **3** | **aci_plan, aci_status, aci_replan** |
123124| Reactive Intelligence | 2 | reactive_suggest, bridge_suggest |
124125| Objectives & Planning | 4 | inject_objective, next_objective, soul, read_prompt |
125126| Knowledge Bases | 9 | parquet_query/annotate, facts_show, cve_search, searchsploit, rag_index/query, threat_model |
@@ -435,6 +436,87 @@ Multi-agent queen+drone architecture with shared memory:
435436- **HiveMemory**: ChromaDB semantic + SQLite episodic + Parquet long-term storage
436437- **EpisodeReflectionEngine**: post-campaign lesson extraction stored as `sessions/campaign_lessons.jsonl`
437438
439+ ### Autonomous Campaign Intelligence (ACI) — `skills/aci_planner.py`
440+
441+ **The first C2 framework that plans, executes, and learns autonomously.**
442+
443+ ACI bridges the gap between a natural-language engagement goal and a fully
444+ autonomous execution loop. No competitor (Cobalt Strike, Sliver, Havoc,
445+ Metasploit) does this end-to-end:
446+
447+ ```
448+ Operator: "Compromise the domain controller at corp.internal
449+ starting from a phishing foothold on 10.10.11.5"
450+ ↓
451+ ACI Planner ──► MITRE ATT&CK decomposition (LLM-backed, static fallback)
452+ recon → exploit → exec → privesc → cred → lateral → report
453+ ↓
454+ ObjectiveStore ─► 20+ concrete objectives injected into sessions/objectives.jsonl
455+ ↓
456+ auto_loop / autonomous_daemon ─► executes each objective autonomously
457+ ↓
458+ ACIEngine monitors ─► detects stalled phases (blocked_count ≥ 3)
459+ ↓
460+ ACIReplan ──► LLM generates alternative techniques for blocked phases
461+ ↓
462+ ACIReflector ──► appends lessons to sessions/campaign_lessons.jsonl
463+ feeds back into the next engagement
464+ ```
465+
466+ **Three MCP tools:**
467+
468+ | Tool | What it does |
469+ |------|-------------|
470+ | `lazyown_aci_plan` | Decompose a goal → ATT&CK plan → inject objectives |
471+ | `lazyown_aci_status` | Live phase breakdown, completion %, replan recommendation |
472+ | `lazyown_aci_replan` | Force adaptive replan when stalled; auto-generates lessons |
473+
474+ **Quick-start:**
475+
476+ ```python
477+ # 1. Submit the engagement goal
478+ lazyown_aci_plan(
479+ goal="Compromise the DC at corp.internal",
480+ target="10.10.11.5",
481+ scope=["10.10.11.0/24"],
482+ domain="corp.internal",
483+ os_hint="windows",
484+ )
485+
486+ # 2. Start autonomous execution
487+ lazyown_auto_loop(target="10.10.11.5", max_steps=20)
488+
489+ # 3. Monitor progress
490+ lazyown_aci_status()
491+
492+ # 4. When blocked (blocked_count >= 3)
493+ lazyown_aci_replan(reason="Kerberoasting blocked by AV, try AS-REP roasting")
494+ ```
495+
496+ **What makes ACI unique vs. other tools:**
497+
498+ - Cobalt Strike / Sliver / Havoc are C2 frameworks — the operator plans every step
499+ - Metasploit has automation but no intelligence
500+ - CALDERA emulates fixed ATT&CK procedures but can't adapt to novel environments
501+ - **ACI plans, executes, replans, and learns — continuously, across engagements**
502+
503+ **Persistence:**
504+
505+ | File | Contents |
506+ |------|----------|
507+ | `sessions/aci_plan.json` | Active plan: phases, objectives, completion state |
508+ | `sessions/aci_history.jsonl` | Archived completed/abandoned plans |
509+ | `sessions/campaign_lessons.jsonl` | Lessons extracted by ACIReflector |
510+
511+ **CLI usage (standalone):**
512+
513+ ```bash
514+ python3 skills/aci_planner.py plan "Compromise DC" --target 10.10.11.5 --os windows
515+ python3 skills/aci_planner.py status
516+ python3 skills/aci_planner.py replan "technique blocked"
517+ python3 skills/aci_planner.py reflect
518+ ```
519+
438520### Autonomous Daemon — `skills/autonomous_daemon.py`
439521
440522Four asyncio roles in a single process — no Claude required between steps:
@@ -449,6 +531,9 @@ Role 4 — DroneCoordinator : hive drone spawning on recon/cred/service findin
449531
450532Enable SWAN in the daemon: `export AUTO_USE_SWAN=1` before starting.
451533
534+ ACI feeds into the daemon: objectives injected by `lazyown_aci_plan` are picked
535+ up automatically by Role 1 (ObjectiveLoop) — no additional configuration needed.
536+
452537### Graph-Based Reasoning — `modules/world_model.py`
453538
454539NetworkGraph tracks all discovered relationships (hosts, services, credentials, trust paths) and computes normalized degree centrality to surface pivot candidates. The top-3 candidates are injected into every `to_context_string()` call, ensuring the autonomous loop always knows the highest-value lateral movement targets.
@@ -12620,6 +12705,13 @@ No description available.
1262012705# Changelog
1262112706
1262212707
12708+ ### Otros
12709+
12710+ ### Otros
12711+
12712+ * * feature(feat): new wizard and some refactor in LazyAddons \n\n Version: release/0.2.111 \n\n with love \n\n LazyOwn on HackTheBox: https://app.hackthebox.com/teams/overview/6429 \n\n LazyOwn/ https://grisuno.github.io/LazyOwn/ \n\n \n\n Fecha: mar 12 may 2026 10:26:27 -04 \n\n Hora: 1778595987
12713+
12714+
1262312715### Nuevas características
1262412716
1262512717### Otros
0 commit comments