Crucible

Adversary Emulation

ADVERSARY EMULATION ENGINE

Most adversary emulation runs. None of them assert.

Crucible is a security testing engine with an opinion: every scenario carries a ground-truth assertion — what should happen, what shouldn't, and why. Run it through Synapse plus Chimera for the integrated path, or point it at your own stack and measure what your defender actually catches against the same scenarios.

120+ Attack Scenarios

18 Max Steps / Scenario

DAG Execution Engine

MITRE ATT&CK Mapped

View on GitHub ↗ Documentation ↗ Atlas Crew Security →

An attack you can't verify is just an attack you watched.

SCENARIO ENGINE

Composable attack chains. Verifiable outcomes.

Each scenario is a directed graph of attack steps: recon, exploit, escalate, exfil, with branching, retries, and dependency-aware execution. Steps run in parallel where they can; assertions evaluate at every transition. The result isn't "the test ran." The result is did the defender stop it, did it stop only what it should have, and where in the kill chain did the policy actually fire.

Crucible scenario engine: DAG-based attack execution with assertions

Scenario engine view: DAG execution with live assertion state

EXECUTION PIPELINE

Discover. Attack. Analyze. Report.

Every Crucible run follows the same four-stage pipeline. Because the stages don't change between runs, two assessments a month apart stay directly comparable — a regression shows up as an assertion that used to pass and now doesn't.

01 Discover Enumerate target endpoints, fingerprint frameworks, map authentication, profile defenders in the path.

02 Attack Execute the scenario DAG. Parallel where possible, sequential where required, retries on transient failures.

03 Analyze Evaluate assertions: actual vs expected. Map outcomes to MITRE techniques and compliance controls.

04 Report Verdict reports: executive summary, technical detail, remediation roadmap. PDF, JSON, SIEM-ready.

CAPABILITIES

Built for measurement, not theater.

Engine DAG Scenario Execution

Composable attack graphs with parallel, sequential, and conditional steps. Custom scenarios author in YAML, built-in playbooks ship with the engine. Every step maps to MITRE ATT&CK technique IDs.

Compliance Control Mapping

Map results to NIST 800-53, CIS Controls, PCI DSS, HIPAA. Generate audit-ready evidence automatically. Track which controls actually fired during real attack execution.

Adaptive AI-Driven Pathfinding

Optional adaptive mode generates attack paths based on discovered vulnerabilities. The engine probes, observes responses, and synthesizes the next step. Finds combinations static scanners miss.

Reports Verdict Output

Executive summaries for non-technical leaders, technical deep-dives with full request/response capture, remediation roadmaps tied to source. Export PDF, JSON, NDJSON, or pipe to SIEM.

INSIDE THE ENGINE

From scenario authoring to verdict report.

Scenario library

Step-level detail

Live simulation

Request inspection

Run summary

CLI output

EXAMPLE RUN

14 scenarios. 11 pass. 3 controls fail.

A typical run against the integrated stack: Synapse defending, Chimera as target, Crucible asserting. The output below shows pass/fail per scenario, mapped to NIST and HIPAA controls, with remediation guidance attached to each failure — compliance evidence earned by running the attacks, not by filling out a questionnaire.

crucible - run summary #0047

═══ CRUCIBLE RUN #0047 ═══════════════════════════════ Target: synapse://edge.local + chimera://healthcare Scenarios: 14 executed · 11 passed · 3 failed · 0 errored Duration: 4m 12s ✓ NIST AC-2 Account Management ............ PASS ✗ NIST AC-6 Least Privilege ............... FAIL expected: block · actual: allow remediation: rule edge.role.assignment ✓ NIST SC-7 Boundary Protection ........... PASS ✓ NIST SI-4 System Monitoring ............. PASS ✗ HIPAA §164.312(a) Access Control ........... FAIL expected: block · actual: allow (200 OK) remediation: rule edge.api.auth.mfa ✓ HIPAA §164.312(b) Audit Controls ........... PASS → Full report: crucible-report-0047.pdf (47 pages) → SIEM events: 14 emitted to https://siem.local/ingest

Crucible is the assertion engine of Atlas Crew Security.

On its own, Crucible runs adversary emulation against any target you point it at. Inside the platform, it runs against Chimera's standardized vulnerable surfaces, with traffic flowing through Synapse as the inline defender. That's the whole point: the assertions only mean something when there's a defender in the path. Bring your own WAF if you want to measure your existing stack against the same scenarios.

See the platform →

GET STARTED

Run scenarios in one command.

Install the CLI from npm and run scenarios against your own targets, or use npx @atlascrew/bridge up for the full integrated stack with Synapse and Chimera wired in.

You are responsible for authorization. Crucible runs real attack scenarios against whatever target you point it at. It does not check, prompt for, or enforce permission. Only run it against systems you own or have explicit written authorization to test.

~/lab - crucible

$ npm install -g @atlascrew/crucible-cli ↳ installed @atlascrew/crucible-cli v0.2.0 $ crucible scenarios list ↳ 120 scenarios available: kafka-takeover, idor-chain, role-assignment-bypass, llm-prompt-injection, ... $ crucible run kafka-takeover --target https://api.local ↳ executing 14 steps ............................... complete ↳ assertions: 11 passed · 3 failed · 0 errored ↳ verdict: FAIL; see crucible-report-0047.pdf $ _

View source ↗ Full documentation ↗ npm ↗