The lab beneath the lab.

Name: Apparatus
Author: Nicholas Ferguson

Apparatus is the platform's simulation sandbox, the R&D space where new ideas prototype before they're absorbed as features in flagship products, or shipped as entirely new ones. 11 protocol servers, AI red team autopilot, chaos engineering, deception infrastructure, and supply-chain attack simulation. Capabilities developed here are used by Synapse for traffic generation, by Chimera for protocol fuzzing, by Crucible for adversary scenarios, and by Bridge for fault injection.

58+ Features

11 Protocol Servers

3 Interfaces

AGPL License

View on GitHub ↗ Documentation ↗ Atlas Crew Security →

THE LAB

A controlled environment for the messy parts of security.

Real attack surfaces are noisy. Defenders need to see that noise — malformed protocol behavior, unexpected failure modes — not lab-clean toy requests. Apparatus generates the noise on demand: 11 protocol servers running simultaneously with full request reflection, AI-powered honeypots, fault injection, and red team automation. Pair it with the rest of the platform and the trio sees the kind of traffic it would face in production.

Apparatus dashboard: 11 protocol servers running with real-time observability

Apparatus dashboard: protocol servers, observability, and live traffic

AI red team autopilot

Scenario library

CAPABILITIES

Built for realistic adversarial conditions.

Protocols Multi-Protocol Simulation

Each protocol runs simultaneously with full request reflection: HTTP/1.1, HTTP/2, gRPC, WebSocket, Redis, SMTP, MQTT, ICAP, Syslog, TCP/UDP. Test how your defender handles non-HTTP attack surfaces, not just web traffic.

AI Red Team Autopilot

Autonomous AI agent that explores targets, selects attack tools, and reports findings. Session-based with configurable iteration limits. Useful for unattended overnight runs against new build artifacts.

Chaos Fault Injection

CPU and memory chaos, network partition simulation, latency injection, packet loss, supply-chain attack patterns, container escape testing. Shake the system and see what falls out.

Deception AI-Powered Honeypots

Honeypots with fake consoles and shell terminals that produce believable, AI-generated responses. Tarpits that waste attacker time. Useful for measuring whether your defender's response to suspected attackers slows them down or just blocks them.

CLI

Drive the lab from the terminal.

Apparatus has three interfaces: a React dashboard with real-time SSE, an 18-widget terminal UI, and a CLI with 12 command categories. The CLI is the path of least resistance for CI integration, scripted overnight runs, and reproducible scenarios.

apparatus - autopilot session

$ apparatus protocols up --all ↳ http/1.1, http/2, grpc, ws, redis, smtp, mqtt, icap ... 11 ready $ apparatus autopilot start --target http://chimera:8080 --max-iter 20 ● Session aps_0012 started: AI agent exploring target → probing /api/v1/healthcare ......... IDOR detected on patient records → escalating: JWT none-algorithm bypass on /auth/token → deception engine active: 3 honeypot interactions logged ✓ Session complete: 7 findings (3 critical), aps_0012.json $ apparatus chaos network --partition --duration 30s ↳ partitioning synapse ⇄ chimera for 30s ... ✓ Partition restored: observed 47 dropped requests upstream $ _

Apparatus is the substrate all four products lean on.

Unlike the flagship trio, Apparatus doesn't have a single role in the closed loop. It's used by Synapse for high-volume traffic generation against rule sets, by Chimera for protocol fuzzing across vertical APIs, by Crucible for realistic adversary scenarios, and by Bridge for fault injection across the integrated stack. Standalone for general security research; integrated for the platform.

See the platform →