Crucible

Adversary Emulation

ADVERSARY EMULATION ENGINE

Most adversary emulation runs. None of them assert.

Crucible is a security testing engine with an opinion: without ground-truth assertions, you don't have a test, you have a demo. Every scenario carries an expected outcome — what should happen, what shouldn't, and why. Run it through Synapse plus Chimera for the integrated path, or point it at your own stack and measure what your defender actually catches against the same scenarios.

120+ Attack Scenarios

18 Max Steps / Scenario

DAG Execution Engine

MITRE ATT&CK Mapped

View on GitHub ↗ Documentation ↗ Atlas Crew Security →

SCENARIO ENGINE

Composable attack chains. Verifiable outcomes.

Each scenario is a directed graph of attack steps — recon, exploit, escalate, exfil — with branching, retries, and dependency-aware execution. Steps run in parallel where they can; assertions evaluate at every transition. The result isn't "the test ran." The result is did the defender stop it, did it stop only what it should have, and where in the kill chain did the policy actually fire.

Crucible scenario engine — DAG-based attack execution with assertions

— Scenario engine view: DAG execution with live assertion state

EXECUTION PIPELINE

Discover. Attack. Analyze. Report.

Every Crucible run follows the same four-stage pipeline. Discovery maps the target's actual surface area. Attack runs the scenario DAG. Analysis evaluates assertions against ground truth. Reporting produces evidence — pass/fail per assertion, mapped to MITRE technique, mapped to compliance control, exportable as PDF, JSON, or piped into your SIEM.

01 Discover Enumerate target endpoints, fingerprint frameworks, map authentication, profile defenders in the path.

02 Attack Execute the scenario DAG. Parallel where possible, sequential where required, retries on transient failures.

03 Analyze Evaluate assertions: actual vs expected. Map outcomes to MITRE techniques and compliance controls.

04 Report Verdict reports — executive summary, technical detail, remediation roadmap. PDF, JSON, SIEM-ready.

CAPABILITIES

Built for measurement, not theater.

Engine DAG Scenario Execution

Composable attack graphs with parallel, sequential, and conditional steps. Custom scenarios author in YAML, built-in playbooks ship with the engine. Every step maps to MITRE ATT&CK technique IDs.

Compliance Control Mapping

Map results to NIST 800-53, CIS Controls, PCI DSS, HIPAA. Generate audit-ready evidence automatically. Track which controls actually fired during real attack execution — not paper compliance.

Adaptive AI-Driven Pathfinding

Optional adaptive mode generates attack paths based on discovered vulnerabilities. The engine probes, observes responses, and synthesizes the next step. Finds combinations static scanners miss.

Reports Verdict Output

Executive summaries for non-technical stakeholders, technical deep-dives with full request/response capture, remediation roadmaps tied to source. Export PDF, JSON, NDJSON, or pipe to SIEM.

EXAMPLE RUN

14 scenarios. 11 pass. 3 controls fail.

A typical run against the integrated stack — Synapse defending, Chimera as target, Crucible asserting. The output below shows pass/fail per scenario, mapped to NIST and HIPAA controls, with remediation guidance attached to each failure. This is what compliance evidence looks like when it's earned through actual attack execution rather than questionnaire response.

crucible — run summary #0047

═══ CRUCIBLE RUN #0047 ═══════════════════════════════ Target: synapse://edge.local + chimera://healthcare Scenarios: 14 executed · 11 passed · 3 failed · 0 errored Duration: 4m 12s ✓ NIST AC-2 Account Management ............ PASS ✗ NIST AC-6 Least Privilege ............... FAIL expected: block · actual: allow remediation: rule edge.role.assignment ✓ NIST SC-7 Boundary Protection ........... PASS ✓ NIST SI-4 System Monitoring ............. PASS ✗ HIPAA §164.312(a) Access Control ........... FAIL expected: block · actual: allow (200 OK) remediation: rule edge.api.auth.mfa ✓ HIPAA §164.312(b) Audit Controls ........... PASS → Full report: crucible-report-0047.pdf (47 pages) → SIEM events: 14 emitted to https://siem.local/ingest

Crucible is the assertion engine of Atlas Crew Security.

On its own, Crucible runs adversary emulation against any target you point it at. Inside the platform, it runs against Chimera's standardized vulnerable surfaces, with traffic flowing through Synapse as the inline defender. That's the whole point — the assertions only mean something when there's a defender in the path. Bring your own WAF if you want to measure your existing stack against the same scenarios.

See the platform →

GET STARTED

Run scenarios in one command.

Install the CLI from npm and run scenarios against your own targets, or use npx @atlascrew/bridge up for the full integrated stack with Synapse and Chimera wired in.

~/lab — crucible

$ npm install -g @atlascrew/crucible-cli ↳ installed @atlascrew/crucible-cli v0.2.0 $ crucible scenarios list ↳ 120 scenarios available — kafka-takeover, idor-chain, role-assignment-bypass, llm-prompt-injection, ... $ crucible run kafka-takeover --target https://api.local ↳ executing 14 steps ............................... complete ↳ assertions: 11 passed · 3 failed · 0 errored ↳ verdict: FAIL — see crucible-report-0047.pdf $ _

View source ↗ Full documentation ↗ npm ↗