AIDA-RED: Defensive Security Testing Framework
AIDA-RED (Automated Intrusion & Destruction Architecture) - The Red Team counterpart to AIDA.
English | 日本語 | 简体中文 | 繁體中文 | Русский | فارسی | العربية
"If it breaks, it wasn't ready."
Overview
AIDA-RED is a defensive security testing framework that integrates with claude-code-aida. While AIDA focuses on building applications with TDD, AIDA-RED focuses on breaking them to find vulnerabilities before attackers do.
Key Innovation: AIDA-RED uses Podman/Docker containers running Kali Linux security tools, orchestrated by Claude Code. Claude doesn't write attack code - it calls battle-tested open source security tools and analyzes their output.
Philosophy
- Zero Trust: Assume every input is an attack vector
- Zero Mock: Attack the running container, not isolated functions
- Real Tools: Use proven security scanners (nuclei, nikto, nmap), not custom exploits
- Actionable Reports: Every finding includes reproduction steps and remediation advice
Architecture
┌─────────────────────────────────────────────────────────────────┐
│ Claude Code │
│ (Orchestrator & Analyst) │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ /aida:red- │ │ /aida:red- │ │ /aida:red- │ │
│ │ init │ │ assault │ │ report │ │
│ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │
└─────────┼────────────────┼────────────────┼─────────────────────┘
│ │ │
▼ ▼ ▼
┌─────────────────────────────────────────────────────────────────┐
│ Podman / Docker │
│ ┌────────────────────────────────────────────────────────────┐ │
│ │ aida-red-scanner (Kali Linux) │ │
│ │ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │ │
│ │ │ nuclei │ │ nikto │ │ nmap │ │ ffuf │ ... │ │
│ │ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │ │
│ └────────────────────────────────────────────────────────────┘ │
│ │ │
│ aida-red-net (Podman Network) │
│ │ │
│ ┌────────────────────────────────────────────────────────────┐ │
│ │ Target Application │ │
│ │ (Your AIDA-generated project) │ │
│ └────────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
Security Tools
AIDA-RED comes with industry-standard security tools pre-installed:
| Tool | Purpose | Use Case |
|---|---|---|
| nuclei | Template-based vulnerability scanner | CVE detection, misconfigurations |
| nikto | Web server scanner | Server misconfigurations, outdated software |
| nmap | Network scanner | Port discovery, service detection |
| ffuf | Web fuzzer | Directory brute-forcing, parameter fuzzing |
| sslscan | SSL/TLS analyzer | Certificate issues, weak ciphers |
| sqlmap | SQL injection detector | Database vulnerabilities (full image) |
| stress-ng | Stress tester | Resource exhaustion testing |
Installation
Prerequisites
- Podman (recommended) or Docker
- Claude Code with AIDA plugin installed
# Install Podman (Ubuntu/Debian)
sudo apt install podman
# Or Docker
sudo apt install docker.io
Install AIDA-RED
AIDA-RED is included in the AIDA plugin. No separate installation needed.
# Verify installation
/aida:red-status
Build Scanner Image
# Initialize and build the Kali scanner container
/aida:red-init
# Or use lightweight version (faster build, fewer tools)
/aida:red-init --lite
Image Sizes:
- Full: ~2GB (includes sqlmap, ZAP CLI)
- Lite: ~624MB (nuclei, nikto, nmap, ffuf, sslscan)
Usage
Quick Start
# 1. Build your application with AIDA
/aida "Create a REST API with user authentication"
# 2. Initialize AIDA-RED scanner
/aida:red-init --lite