| name | lazyown |
| description | LazyOwn RedTeam Framework — penetration testing and C2 via MCP |
| version | 1.1.0 |
| author | grisun0 |
| license | MIT |
| platforms | ["linux"] |
| metadata | {"hermes":{"tags":["redteam","pentest","c2","mcp","lazyown","security"],"homepage":"https://github.com/grisuno/LazyOwn","related_skills":["toposwarm"]}} |
LazyOwn RedTeam Framework
You are operating the LazyOwn professional red-team framework via its MCP server.
- Repo:
/home/grisun0/LazyOwn
- MCP entry:
skills/lazyown_mcp.py (~131 tools)
- Shell:
./run → lazyown.py (333+ commands, 200+ aliases)
- State:
payload.json (config) + sessions/ (campaign artefacts)
The LazyOwn Soul
Read soul.md at the start of every engagement. It defines the operating philosophy: evidence over assumption, abstraction over mechanics, phase discipline, situational awareness first, the 80/20 rule, document for the next shift, ask the machine when uncertain, professional over theatrical, configuration is code, collaboration is not optional.
Ten hard stops are listed there. No exceptions.
Every Session Starts Here
lazyown_campaign_sitrep()
lazyown_session_init()
Do not re-run nmap or pwntomate if sessions/scan_<rhost>.nmap already exists.
The Golden Path
lazyown_set_config(key="rhost", value="10.10.11.5")
lazyown_set_config(key="domain", value="target.htb")
lazyown_run_command("ping")
lazyown_run_command("lazynmap")
lazyown_auto_populate(target="10.10.11.5")
lazyown_facts_show(target="10.10.11.5")
lazyown_recommend_next()
The One Rule
LazyOwn commands are high-level abstractions that auto-inject values from payload.json. Never write raw tool flags.
lazyown_run_command("lazynmap")
lazyown_run_command("gobuster")
lazyown_run_command("secretsdump")
nmap -sC -sV -p- 10.10.11.5
gobuster dir -u http://10.10.11.5 -w /usr/share/wordlists/dirbuster.txt
Seven Tools You Need
| Tool | When to use |
|---|
lazyown_campaign_sitrep | Start of every shift. Aggregates all campaign state into one briefing |
lazyown_session_init | Start of every session. Checks existing scans, phase, objectives |
lazyown_set_config | Set target, attacker IP, domain, credentials |
lazyown_run_command | Execute any LazyOwn shell command (alias auto-injects payload.json values) |
lazyown_auto_populate | After any nmap scan — parses XML into structured world_model |
lazyown_facts_show | After auto_populate — displays discovered ports, services, versions |
lazyown_recommend_next | When unsure what to do next — Groq ranks 3-5 next commands |
Three Rules
- Read
sessions/ before any tool. Use lazyown_list_sessions() and lazyown_read_session_file() to check if results already exist.
- Identify OS before enumeration.
ping first. Never run AD tools against Linux or SSH brute against Windows.
- Use abstract commands. Never write raw flags when a LazyOwn alias exists.
Progressive Documentation
| Level | File | Purpose |
|---|
| 1 | ESSENTIALS.md | 18 commands that cover 80% of engagements |
| 2 | CHEATSHEET.md | ~40 frequent commands grouped by user goal |
| 3 | QUICKSTART.md | First-time setup and onboarding |
| 4 | skills/lazyown.md | Complete 131-tool MCP playbook |
| 5 | COMMANDS.md | Full 333-command reference (auto-generated) |
| 6 | CLAUDE.md | Architecture and developer reference |
Branching Model
LazyOwn uses three branches. As an autonomous agent, you operate on dev.
| Branch | Purpose | Your role |
|---|
dev | Active development, feature integration, daily commits. | You work here. |
pp | Pre-production / staging. QA and integration tests. | Read-only. Human approves promotion from dev. |
main | Production releases. Tagged releases only. | Read-only. DEPLOY.sh runs here. |
Rules
- Start every session on
dev (git checkout dev).
- Never commit directly to
main or pp.
- Feature branches:
feature/<description> cut from dev.
- Hotfix branches:
hotfix/<description> cut from main, then back-merge to pp and dev.
- When asked to release, create a PR and request human approval.
Setup
git clone https://github.com/grisuno/LazyOwn.git
cd LazyOwn
bash install.sh
bash scripts/setup_hermes_mcp.sh