GEMMA-by-GOOGLE

XenoCoreGiger31/GEMMA-by-GOOGLE
★ 7 stars Python Security Updated today
A fully local, autonomous AI penetration-testing agent powered by Gemma 4-12B and a Flask MCP tool server. Runs recon, attack loops, and report generation on its own — no cloud, no API keys. For authorized security testing only.
View on GitHub → 🔍 Audit Wallet Slippage →

Quick Install

Copy the config for your editor. Some servers may need additional setup — check the README.

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "gemma-by-google": {
      "command": "uvx",
      "args": [
        "gemma-by-google"
      ]
    }
  }
}

Or install with pip: pip install gemma-by-google

README Excerpt

<img width="1021" height="720" alt="HALO banner" src="https://github.com/user-attachments/assets/90e5df6a-487a-45f7-b42b-35b1948a3519" /> <img width="1200" height="783" alt="HALO cover" src="https://github.com/user-attachments/assets/fe9aafc5-294b-43f5-b20f-4ff1305bf0d8" /> <div align="center"> **A fully local, autonomous AI penetration-testing agent — Gemma 4-12B driving a 29-tool arsenal through recon, attack, and reporting, exposed as a standard Model Context Protocol (MCP) server. No cloud,

Tools (20)

read_filerun_cloudfoxrun_commandrun_curlrun_enum4linuxrun_exploitrun_ffufrun_gobusterrun_httpxrun_hydrarun_johnrun_katanarun_masscanrun_medusarun_ncrackrun_netstatrun_niktorun_nmaprun_nucleirun_phoneinfoga

Topics

autonomous-ai-agentscybersecurityethical-hackingexploitationgemmakali-linuxllmspenetration-testingpythonreconredteamsecurity-researchvulnerability-scanner