[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-threatsimgpt-AI--ThreatSimGPT":3,"tool-threatsimgpt-AI--ThreatSimGPT":62},[4,18,26,36,46,54],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":17},4358,"openclaw","openclaw\u002Fopenclaw","OpenClaw 是一款专为个人打造的本地化 AI 助手，旨在让你在自己的设备上拥有完全可控的智能伙伴。它打破了传统 AI 助手局限于特定网页或应用的束缚，能够直接接入你日常使用的各类通讯渠道，包括微信、WhatsApp、Telegram、Discord、iMessage 等数十种平台。无论你在哪个聊天软件中发送消息，OpenClaw 都能即时响应，甚至支持在 macOS、iOS 和 Android 设备上进行语音交互，并提供实时的画布渲染功能供你操控。\n\n这款工具主要解决了用户对数据隐私、响应速度以及“始终在线”体验的需求。通过将 AI 部署在本地，用户无需依赖云端服务即可享受快速、私密的智能辅助，真正实现了“你的数据，你做主”。其独特的技术亮点在于强大的网关架构，将控制平面与核心助手分离，确保跨平台通信的流畅性与扩展性。\n\nOpenClaw 非常适合希望构建个性化工作流的技术爱好者、开发者，以及注重隐私保护且不愿被单一生态绑定的普通用户。只要具备基础的终端操作能力（支持 macOS、Linux 及 Windows WSL2），即可通过简单的命令行引导完成部署。如果你渴望拥有一个懂你",349277,3,"2026-04-06T06:32:30",[13,14,15,16],"Agent","开发框架","图像","数据工具","ready",{"id":19,"name":20,"github_repo":21,"description_zh":22,"stars":23,"difficulty_score":10,"last_commit_at":24,"category_tags":25,"status":17},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面，旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点，将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师，还是想要深入探索模型潜力的开发者与研究人员，都能从中获益。其核心亮点在于极高的功能丰富度：不仅支持文生图、图生图、局部重绘（Inpainting）和外绘（Outpainting）等基础模式，还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外，它内置了 GFPGAN 和 CodeFormer 等人脸修复工具，支持多种神经网络放大算法，并允许用户通过插件系统无限扩展能力。即使是显存有限的设备，stable-diffusion-webui 也提供了相应的优化选项，让高质量的 AI 艺术创作变得触手可及。",162132,"2026-04-05T11:01:52",[14,15,13],{"id":27,"name":28,"github_repo":29,"description_zh":30,"stars":31,"difficulty_score":32,"last_commit_at":33,"category_tags":34,"status":17},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手（如 Claude Code、Codex、Cursor 等）打造的高性能优化系统。它不仅仅是一组配置文件，而是一个经过长期实战打磨的完整框架，旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能，everything-claude-code 能显著提升 AI 在复杂任务中的表现，帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略，使得模型响应更快、成本更低，同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库，还是需要 AI 协助进行安全审计与自动化测试，everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目，它融合了多语言支持与丰富的实战钩子（hooks），让 AI 真正成长为懂上",159267,2,"2026-04-17T11:29:14",[14,13,35],"语言模型",{"id":37,"name":38,"github_repo":39,"description_zh":40,"stars":41,"difficulty_score":42,"last_commit_at":43,"category_tags":44,"status":17},8272,"opencode","anomalyco\u002Fopencode","OpenCode 是一款开源的 AI 编程助手（Coding Agent），旨在像一位智能搭档一样融入您的开发流程。它不仅仅是一个代码补全插件，而是一个能够理解项目上下文、自主规划任务并执行复杂编码操作的智能体。无论是生成全新功能、重构现有代码，还是排查难以定位的 Bug，OpenCode 都能通过自然语言交互高效完成，显著减少开发者在重复性劳动和上下文切换上的时间消耗。\n\n这款工具专为软件开发者、工程师及技术研究人员设计，特别适合希望利用大模型能力来提升编码效率、加速原型开发或处理遗留代码维护的专业人群。其核心亮点在于完全开源的架构，这意味着用户可以审查代码逻辑、自定义行为策略，甚至私有化部署以保障数据安全，彻底打破了传统闭源 AI 助手的“黑盒”限制。\n\n在技术体验上，OpenCode 提供了灵活的终端界面（Terminal UI）和正在测试中的桌面应用程序，支持 macOS、Windows 及 Linux 全平台。它兼容多种包管理工具，安装便捷，并能无缝集成到现有的开发环境中。无论您是追求极致控制权的资深极客，还是渴望提升产出的独立开发者，OpenCode 都提供了一个透明、可信",144296,1,"2026-04-16T14:50:03",[13,45],"插件",{"id":47,"name":48,"github_repo":49,"description_zh":50,"stars":51,"difficulty_score":32,"last_commit_at":52,"category_tags":53,"status":17},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎，专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式，采用直观的节点式流程图界面，让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景，也能自由组合模型、调整参数并实时预览效果，轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性，不仅支持 Windows、macOS 和 Linux 全平台，还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构，并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者，还是追求极致创作自由度的设计师与资深 AI 绘画爱好者，ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能，使其成为当前最灵活、生态最丰富的开源扩散模型工具之一，帮助用户将创意高效转化为现实。",108322,"2026-04-10T11:39:34",[14,15,13],{"id":55,"name":56,"github_repo":57,"description_zh":58,"stars":59,"difficulty_score":32,"last_commit_at":60,"category_tags":61,"status":17},6121,"gemini-cli","google-gemini\u002Fgemini-cli","gemini-cli 是一款由谷歌推出的开源 AI 命令行工具，它将强大的 Gemini 大模型能力直接集成到用户的终端环境中。对于习惯在命令行工作的开发者而言，它提供了一条从输入提示词到获取模型响应的最短路径，无需切换窗口即可享受智能辅助。\n\n这款工具主要解决了开发过程中频繁上下文切换的痛点，让用户能在熟悉的终端界面内直接完成代码理解、生成、调试以及自动化运维任务。无论是查询大型代码库、根据草图生成应用，还是执行复杂的 Git 操作，gemini-cli 都能通过自然语言指令高效处理。\n\n它特别适合广大软件工程师、DevOps 人员及技术研究人员使用。其核心亮点包括支持高达 100 万 token 的超长上下文窗口，具备出色的逻辑推理能力；内置 Google 搜索、文件操作及 Shell 命令执行等实用工具；更独特的是，它支持 MCP（模型上下文协议），允许用户灵活扩展自定义集成，连接如图像生成等外部能力。此外，个人谷歌账号即可享受免费的额度支持，且项目基于 Apache 2.0 协议完全开源，是提升终端工作效率的理想助手。",100752,"2026-04-10T01:20:03",[45,13,15,14],{"id":63,"github_repo":64,"name":65,"description_en":66,"description_zh":67,"ai_summary_zh":67,"readme_en":68,"readme_zh":69,"quickstart_zh":70,"use_case_zh":71,"hero_image_url":72,"owner_login":73,"owner_name":65,"owner_avatar_url":74,"owner_bio":66,"owner_company":66,"owner_location":66,"owner_email":66,"owner_twitter":66,"owner_website":66,"owner_url":75,"languages":76,"stars":96,"forks":97,"last_commit_at":98,"license":99,"difficulty_score":32,"env_os":100,"env_gpu":101,"env_ram":102,"env_deps":103,"category_tags":117,"github_topics":66,"view_count":32,"oss_zip_url":66,"oss_zip_packed_at":66,"status":17,"created_at":118,"updated_at":119,"faqs":120,"releases":121},8576,"threatsimgpt-AI\u002FThreatSimGPT","ThreatSimGPT",null,"ThreatSimGPT 是一款专为企业打造的人工智能威胁模拟平台，旨在利用大语言模型（LLM）生成高度逼真且具备上下文感知的网络安全威胁场景。它主要解决了传统安全培训中剧本僵化、缺乏真实感以及红队演练成本高昂的痛点，帮助组织更高效地进行员工安全意识训练、攻防演习及合规性测试。\n\n该平台特别适合企业安全团队、红队专家、合规审计人员以及负责构建安全自动化流程的开发者使用。其核心亮点在于灵活的模型支持架构：不仅兼容 OpenAI GPT-4、Anthropic Claude 等主流云端模型，更创新性地支持通过 Ollama 运行本地离线模型，确保在无需联网或敏感数据不出域的环境下也能安全运行。此外，ThreatSimGPT 采用直观的 YAML 模板定义威胁场景，便于版本控制与协作；内置对 PhishTank、MITRE ATT&CK 等权威威胁情报库的集成，能自动生成符合最新攻击手法的模拟内容。配合成熟的 REST API 和命令行工具，它能轻松融入现有的企业安全生态（如 Microsoft 365、Slack 等），为构建可扩展、可审计的现代化防御体系提供强力支撑。","# ThreatSimGPT: Enterprise AI-Powered Threat Simulation Platform\n\n[![Python 3.11+](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fpython-3.11+-blue.svg)](https:\u002F\u002Fwww.python.org\u002Fdownloads\u002F)\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-yellow.svg)](https:\u002F\u002Fopensource.org\u002Flicenses\u002FMIT)\n[![Production Ready](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fstatus-production%20ready-brightgreen.svg)](https:\u002F\u002Fgithub.com\u002FThreatSimGPT\u002FThreatSimGPT)\n[![Code Quality](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fmaintainability-A+-brightgreen.svg)](https:\u002F\u002Fgithub.com\u002FThreatSimGPT\u002FThreatSimGPT)\n[![Security: Bandit](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fsecurity-bandit-green.svg)](https:\u002F\u002Fgithub.com\u002FPyCQA\u002Fbandit)\n\n**ThreatSimGPT** is an enterprise-grade cybersecurity threat simulation platform that leverages Large Language Models (LLMs) to generate realistic, context-aware threat scenarios for security training, red team exercises, and compliance testing.\n\n## Overview\n\n- **Multi-LLM Support**: ✅ Integrates with OpenAI GPT-4, Anthropic Claude, OpenRouter, and **Ollama (Local\u002FOffline)**\n- **Local LLM Support**: 🆕 Run completely offline with Ollama - no API keys or internet required!\n- **YAML-Based Configuration**: ✅ Define threat scenarios using intuitive YAML schemas  \n- **Production-Ready Core**: ✅ Scalable simulation engine with proper data models\n- **CLI Interface**: ✅ Command-line tool for scenario management and execution\n- **REST API**: ✅ FastAPI-based REST endpoints for enterprise integration\n- **Safety Framework**: 🚧 Built-in content filtering and compliance (planned)\n- **Analytics & Reporting**: 🚧 Comprehensive logging & metrics (planned)\n\n### Key Features\n\n- **Multi-LLM Support**: OpenAI GPT-4, Anthropic Claude, OpenRouter, Ollama, and local models\n- **YAML-Based Templates**: Define threat scenarios using intuitive, version-controlled templates\n- **Production-Grade Architecture**: Scalable, maintainable codebase with zero code duplication\n- **CLI & REST API**: Flexible interfaces for automation and integration\n- **Enterprise Deployment**: Docker, Kubernetes, and cloud-native deployment options\n- **Comprehensive Logging**: Audit trails and analytics for compliance\n- **Safety Framework**: Built-in content filtering and ethical guidelines\n- **Dataset Integration**: PhishTank, Enron Email Corpus, MITRE ATT&CK framework\n\n---\n\n## Architecture\n\n### System Components\n\n```\nThreatSimGPT Platform\n├── Core Simulation Engine\n│   ├── Template Manager (YAML-based scenario definitions)\n│   ├── Simulation Orchestrator (Execution and workflow management)\n│   └── Output Manager (Content generation and storage)\n│\n├── LLM Integration Layer\n│   ├── Multi-Provider Support (OpenAI, Anthropic, OpenRouter, Ollama)\n│   ├── Connection Pooling (+40% performance improvement)\n│   ├── Rate Limiting & Retry Logic\n│   └── Fallback & Error Handling\n│\n├── Dataset Integration\n│   ├── PhishTank (Phishing intelligence)\n│   ├── Enron Email Corpus (Email communication patterns)\n│   ├── MITRE ATT&CK (Threat intelligence framework)\n│   └── Extensible processor architecture\n│\n├── Integration Layer\n│   ├── Microsoft 365 (Email deployment)\n│   ├── Proofpoint (Security platform integration)\n│   ├── KnowBe4 (Training platform)\n│   ├── Slack (Collaboration platform)\n│   └── Extensible base class for custom integrations\n│\n├── API & CLI Interfaces\n│   ├── FastAPI REST API (Enterprise integration)\n│   ├── Command-Line Interface (Direct usage)\n│   └── Python SDK (Programmatic access)\n│\n└── Safety & Compliance\n    ├── Content Filtering\n    ├── Audit Logging\n    ├── GDPR Compliance\n    └── Ethical Use Guidelines\n```\n\n### Technology Stack\n\n- **Language**: Python 3.11+\n- **API Framework**: FastAPI\n- **LLM Integration**: aiohttp, httpx (with connection pooling)\n- **Data Validation**: Pydantic\n- **Configuration**: YAML\n- **Async I\u002FO**: asyncio, aiohttp\n- **Testing**: pytest, pytest-asyncio\n- **Code Quality**: black, isort, flake8, mypy\n- **Deployment**: Docker, Kubernetes\n\n---\n\n## Quick Start\n\n### Prerequisites\n\n- **Python 3.11 or higher**\n- **Git** (for cloning the repository)\n- **LLM API Key** (OpenRouter, OpenAI, or Anthropic)\n- **Virtual Environment** (recommended)\n\n### Installation\n\n#### 1. Clone the Repository\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT.git\ncd ThreatSimGPT\n```\n\n#### 2. Create Virtual Environment\n\n**Windows (PowerShell):**\n```bash\npython -m venv .venv\n.\\.venv\\Scripts\\Activate.ps1\n```\n\n**macOS\u002FLinux:**\n```bash\npython -m venv .venv\nsource .venv\u002Fbin\u002Factivate\n```\n\n#### 3. Install Dependencies\n\n```bash\n# Production dependencies\npip install -r requirements.txt\n\n# Development dependencies (optional)\npip install -r requirements-dev.txt\n```\n\n#### 4. Configure API Keys\n\n```bash\n# Set your API key as environment variable\nexport OPENROUTER_API_KEY=\"your-api-key-here\"\n\n# Edit config.yaml with your settings\nnano config.yaml\n```\n\n**Example Configuration:**\n```yaml\nllm:\n  provider: openrouter\n  openrouter:\n    api_key: \"your-api-key-here\"\n    model: \"qwen\u002Fqwen-2.5-72b-instruct\"\n    \nsimulation:\n  output_dir: \".\u002Fgenerated_content\"\n  auto_save: true\n  \nlogging:\n  level: INFO\n  file: \".\u002Flogs\u002Fthreatsimgpt.log\"\n```\n\n#### 5. Verify Installation\n\n```bash\n# Check CLI availability\nthreatsimgpt --help\n\n# Validate installation\nthreatsimgpt templates validate-all\n\n# Test with dry run (no API calls)\nthreatsimgpt simulate -s templates\u002Fexecutive_phishing.yaml --dry-run\n```\n\n---\n\n## Usage Guide\n\n### Command-Line Interface\n\n#### Template Management\n\n```bash\n# List all available templates\nthreatsimgpt templates list\n\n# Show template details with validation\nthreatsimgpt templates show executive_phishing --validate\n\n# Validate all templates\nthreatsimgpt templates validate-all\n\n# Check template ecosystem health\nthreatsimgpt templates health\n```\n\n#### Running Simulations\n\n```bash\n# Run a simulation\nthreatsimgpt simulate -s templates\u002Fexecutive_phishing.yaml\n\n# Dry run (no API calls)\nthreatsimgpt simulate -s templates\u002Fexecutive_phishing.yaml --dry-run\n\n# Specify output directory\nthreatsimgpt simulate -s templates\u002Ffinance_bec.yaml -o .\u002Foutput\u002Fcampaign_001\n\n# Run with specific LLM provider\nthreatsimgpt simulate -s templates\u002Fit_helpdesk.yaml --provider openai\n```\n\n#### Configuration Management\n\n```bash\n# Show current configuration\nthreatsimgpt config show\n\n# Set configuration value\nthreatsimgpt config set llm.provider openrouter\n\n# Validate configuration\nthreatsimgpt config validate\n```\n\n#### Dataset Management\n\n```bash\n# List available datasets\nthreatsimgpt datasets list\n\n# Download and process dataset\nthreatsimgpt datasets download phishtank\n\n# Show dataset statistics\nthreatsimgpt datasets stats enron\n\n# Update all datasets\nthreatsimgpt datasets update-all\n```\n\n### REST API\n\n#### Start API Server\n\n```bash\n# Start FastAPI server\nthreatsimgpt api start\n\n# Specify host and port\nthreatsimgpt api start --host 0.0.0.0 --port 8000\n\n# Start with auto-reload (development)\nthreatsimgpt api start --reload\n```\n\n#### API Endpoints\n\n**Generate Threat Content:**\n```bash\ncurl -X POST \"http:\u002F\u002Flocalhost:8000\u002Fllm\u002Fgenerate\" \\\n  -H \"Content-Type: application\u002Fjson\" \\\n  -d '{\n    \"prompt\": \"Create a phishing email targeting HR department\",\n    \"scenario_type\": \"phishing\",\n    \"max_tokens\": 500,\n    \"temperature\": 0.7\n  }'\n```\n\n**Create Scenario:**\n```bash\ncurl -X POST \"http:\u002F\u002Flocalhost:8000\u002Fscenarios\" \\\n  -H \"Content-Type: application\u002Fjson\" \\\n  -d '{\n    \"name\": \"Q4 Security Awareness Campaign\",\n    \"threat_type\": \"phishing\",\n    \"target_role\": \"employee\",\n    \"severity\": \"medium\"\n  }'\n```\n\n**List Templates:**\n```bash\ncurl \"http:\u002F\u002Flocalhost:8000\u002Ftemplates\"\n```\n\n**API Documentation:**\n- Swagger UI: `http:\u002F\u002Flocalhost:8000\u002Fdocs`\n- ReDoc: `http:\u002F\u002Flocalhost:8000\u002Fredoc`\n\n### Python SDK\n\n```python\nfrom threatsimgpt import ThreatSimGPTClient\n\n# Initialize client\nclient = ThreatSimGPTClient(api_key=\"your-api-key\", provider=\"openrouter\")\n\n# Load and run simulation\nsimulation = client.load_template(\"templates\u002Fexecutive_phishing.yaml\")\nresult = simulation.run()\n\n# Access generated content\nprint(result.content)\nprint(result.metadata)\n\n# Save to file\nresult.save(\"output\u002Fcampaign_001.json\")\n```\n\n---\n\n## Configuration\n\n### Configuration File Structure\n\n**`config.yaml`** (YAML format):\n\n```yaml\n# LLM Provider Configuration\nllm:\n  provider: openrouter  # Options: openrouter, openai, anthropic, ollama\n  \n  openrouter:\n    api_key: ${OPENROUTER_API_KEY}\n    model: \"qwen\u002Fqwen-2.5-72b-instruct\"\n    base_url: \"https:\u002F\u002Fopenrouter.ai\u002Fapi\u002Fv1\"\n    timeout: 120\n    \n  openai:\n    api_key: ${OPENAI_API_KEY}\n    model: \"gpt-4\"\n    \n  anthropic:\n    api_key: ${ANTHROPIC_API_KEY}\n    model: \"claude-3-opus-20240229\"\n    \n  ollama:\n    base_url: \"http:\u002F\u002Flocalhost:11434\"\n    model: \"llama3.1:70b\"\n\n# Simulation Configuration\nsimulation:\n  output_dir: \".\u002Fgenerated_content\"\n  auto_save: true\n  index_enabled: true\n  max_concurrent: 5\n\n# Dataset Configuration\ndatasets:\n  storage_path: \".\u002Fdata\"\n  auto_update: false\n  phishtank:\n    enabled: true\n    update_interval_days: 7\n  enron:\n    enabled: true\n  mitre_attack:\n    enabled: true\n\n# Deployment Integration\ndeployment:\n  enabled: false\n  microsoft365:\n    enabled: false\n    tenant_id: ${M365_TENANT_ID}\n    client_id: ${M365_CLIENT_ID}\n    client_secret: ${M365_CLIENT_SECRET}\n\n# Logging Configuration\nlogging:\n  level: INFO  # DEBUG, INFO, WARNING, ERROR, CRITICAL\n  file: \".\u002Flogs\u002Fthreatsimgpt.log\"\n  format: \"%(asctime)s - %(name)s - %(levelname)s - %(message)s\"\n  rotation: \"10 MB\"\n  retention: 30  # days\n\n# Safety Configuration\nsafety:\n  content_filtering: true\n  audit_logging: true\n  rate_limiting:\n    enabled: true\n    requests_per_minute: 60\n```\n\n### Environment Variables\n\n```bash\n# LLM Provider Keys\nexport OPENROUTER_API_KEY=\"your-key-here\"\nexport OPENAI_API_KEY=\"your-key-here\"\nexport ANTHROPIC_API_KEY=\"your-key-here\"\n\n# Deployment Integration\nexport M365_TENANT_ID=\"your-tenant-id\"\nexport M365_CLIENT_ID=\"your-client-id\"\nexport M365_CLIENT_SECRET=\"your-client-secret\"\n\n# Application Settings\nexport THREATSIMGPT_ENV=\"production\"\nexport THREATSIMGPT_LOG_LEVEL=\"INFO\"\n```\n\n---\n\n## Template System\n\n### Template Structure\n\nTemplates define threat scenarios using YAML format:\n\n```yaml\n# Template metadata\ntemplate_id: executive_phishing_v1\nname: \"Executive Phishing Campaign\"\nversion: \"1.0.0\"\nauthor: \"Security Team\"\ndescription: \"Sophisticated phishing targeting C-level executives\"\n\n# Threat classification\nthreat_type: phishing\nseverity: high\ncomplexity: advanced\ntarget_role: executive\n\n# Scenario configuration\nscenario:\n  subject_line: \"Urgent: Q4 Financial Review Required\"\n  sender_persona: \"CFO Office\"\n  urgency_level: high\n  social_engineering_tactics:\n    - authority\n    - urgency\n    - fear\n  \n  context:\n    company_size: \"enterprise\"\n    industry: \"technology\"\n    quarter: \"Q4\"\n    \n  content_requirements:\n    tone: \"professional\"\n    length: \"medium\"\n    technical_details: true\n    personalization: high\n\n# LLM generation parameters\ngeneration:\n  max_tokens: 800\n  temperature: 0.7\n  top_p: 0.9\n  \n# Variables for dynamic content\nvariables:\n  ceo_name: \"Michael Stevens\"\n  company_name: \"TechCorp International\"\n  deadline: \"End of week\"\n  fiscal_year: \"FY2025\"\n\n# Safety controls\nsafety:\n  content_filtering: true\n  pii_masking: true\n  disclaimer_required: true\n```\n\n### Creating Custom Templates\n\n1. **Copy Example Template:**\n```bash\ncp templates\u002Fsample_phishing_template.yaml templates\u002Fmy_custom_template.yaml\n```\n\n2. **Edit Template:**\n```yaml\ntemplate_id: my_custom_scenario\nname: \"My Custom Threat Scenario\"\nthreat_type: social_engineering\n# ... customize fields\n```\n\n3. **Validate Template:**\n```bash\nthreatsimgpt templates show my_custom_template --validate\n```\n\n4. **Run Simulation:**\n```bash\nthreatsimgpt simulate -s templates\u002Fmy_custom_template.yaml\n```\n\n---\n\n## Deployment\n\n### Docker Deployment\n\n#### Build Image\n\n```bash\n# Build production image\ndocker build -t threatsimgpt:latest .\n\n# Build with specific tag\ndocker build -t threatsimgpt:v1.0.0 .\n```\n\n#### Run Container\n\n```bash\n# Run with environment variables\ndocker run -d \\\n  --name threatsimgpt \\\n  -p 8000:8000 \\\n  -e OPENROUTER_API_KEY=\"your-key\" \\\n  -v $(pwd)\u002Fgenerated_content:\u002Fapp\u002Fgenerated_content \\\n  -v $(pwd)\u002Flogs:\u002Fapp\u002Flogs \\\n  threatsimgpt:latest\n\n# Run with config file\ndocker run -d \\\n  --name threatsimgpt \\\n  -p 8000:8000 \\\n  -v $(pwd)\u002Fconfig.yaml:\u002Fapp\u002Fconfig.yaml \\\n  -v $(pwd)\u002Fgenerated_content:\u002Fapp\u002Fgenerated_content \\\n  threatsimgpt:latest\n```\n\n### Docker Compose\n\n**`docker-compose.yml`:**\n\n```yaml\nversion: '3.8'\n\nservices:\n  threatsimgpt-api:\n    image: threatsimgpt:latest\n    container_name: threatsimgpt-api\n    ports:\n      - \"8000:8000\"\n    environment:\n      - OPENROUTER_API_KEY=${OPENROUTER_API_KEY}\n      - THREATSIMGPT_ENV=production\n    volumes:\n      - .\u002Fconfig.yaml:\u002Fapp\u002Fconfig.yaml:ro\n      - .\u002Fgenerated_content:\u002Fapp\u002Fgenerated_content\n      - .\u002Flogs:\u002Fapp\u002Flogs\n      - .\u002Fdata:\u002Fapp\u002Fdata\n    restart: unless-stopped\n    \n  threatsimgpt-worker:\n    image: threatsimgpt:latest\n    container_name: threatsimgpt-worker\n    environment:\n      - OPENROUTER_API_KEY=${OPENROUTER_API_KEY}\n    volumes:\n      - .\u002Fconfig.yaml:\u002Fapp\u002Fconfig.yaml:ro\n      - .\u002Fgenerated_content:\u002Fapp\u002Fgenerated_content\n      - .\u002Fdata:\u002Fapp\u002Fdata\n    command: [\"python\", \"-m\", \"threatsimgpt.worker\"]\n    restart: unless-stopped\n```\n\n**Deploy:**\n\n```bash\n# Start services\ndocker-compose up -d\n\n# View logs\ndocker-compose logs -f\n\n# Scale API instances\ndocker-compose up -d --scale threatsimgpt-api=3\n\n# Stop services\ndocker-compose down\n```\n\n### Kubernetes Deployment\n\n#### Basic Deployment\n\n**`k8s\u002Fdeployment.yaml`:**\n\n```yaml\napiVersion: apps\u002Fv1\nkind: Deployment\nmetadata:\n  name: threatsimgpt\n  labels:\n    app: threatsimgpt\nspec:\n  replicas: 3\n  selector:\n    matchLabels:\n      app: threatsimgpt\n  template:\n    metadata:\n      labels:\n        app: threatsimgpt\n    spec:\n      containers:\n      - name: threatsimgpt\n        image: threatsimgpt:latest\n        ports:\n        - containerPort: 8000\n        env:\n        - name: OPENROUTER_API_KEY\n          valueFrom:\n            secretKeyRef:\n              name: threatsimgpt-secrets\n              key: openrouter-api-key\n        volumeMounts:\n        - name: config\n          mountPath: \u002Fapp\u002Fconfig.yaml\n          subPath: config.yaml\n        - name: storage\n          mountPath: \u002Fapp\u002Fgenerated_content\n      volumes:\n      - name: config\n        configMap:\n          name: threatsimgpt-config\n      - name: storage\n        persistentVolumeClaim:\n          claimName: threatsimgpt-pvc\n---\napiVersion: v1\nkind: Service\nmetadata:\n  name: threatsimgpt\nspec:\n  type: LoadBalancer\n  ports:\n  - port: 80\n    targetPort: 8000\n  selector:\n    app: threatsimgpt\n```\n\n**Deploy:**\n\n```bash\n# Create namespace\nkubectl create namespace threatsimgpt\n\n# Create secrets\nkubectl create secret generic threatsimgpt-secrets \\\n  --from-literal=openrouter-api-key=\"your-key\" \\\n  -n threatsimgpt\n\n# Create config map\nkubectl create configmap threatsimgpt-config \\\n  --from-file=config.yaml \\\n  -n threatsimgpt\n\n# Apply deployment\nkubectl apply -f k8s\u002F -n threatsimgpt\n\n# Check status\nkubectl get pods -n threatsimgpt\nkubectl get svc -n threatsimgpt\n\n# View logs\nkubectl logs -f deployment\u002Fthreatsimgpt -n threatsimgpt\n```\n\n---\n\n## Security & Compliance\n\n### Security Best Practices\n\n1. **API Key Management:**\n   - Store keys in environment variables or secrets management systems\n   - Never commit keys to version control\n   - Rotate keys regularly\n   - Use separate keys for development and production\n\n2. **Network Security:**\n   - Deploy behind a firewall or VPN\n   - Use HTTPS\u002FTLS for API endpoints\n   - Implement IP whitelisting for sensitive deployments\n   - Enable rate limiting\n\n3. **Access Control:**\n   - Implement role-based access control (RBAC)\n   - Use strong authentication mechanisms\n   - Log all access attempts\n   - Regular access reviews\n\n4. **Data Protection:**\n   - Enable audit logging\n   - Implement data retention policies\n   - Encrypt sensitive data at rest and in transit\n   - Regular security audits\n\n### Compliance Features\n\n- **GDPR Compliance**: Data protection and privacy controls\n- **Audit Logging**: Comprehensive activity tracking\n- **Content Filtering**: Prevents harmful content generation\n- **Ethical Guidelines**: Clear usage policies and restrictions\n\n### Responsible Use Policy\n\n**Authorized Use Cases:**\n- Security training and awareness programs\n- Red team exercises and penetration testing (with authorization)\n- Security control validation and testing\n- Compliance and audit documentation\n- Educational and research purposes\n\n**Prohibited Use Cases:**\n- Actual malicious activities or attacks\n- Unauthorized system access or testing\n- Harassment, threats, or harmful content\n- Bypassing security controls or systems\n- Any illegal activities\n\n---\n\n## Performance & Scalability\n\n### Performance Metrics\n\n- **Connection Pooling**: +40% performance improvement over per-request sessions\n- **Memory Efficiency**: -30% memory usage with shared session pools\n- **Download Speed**: +25% with optimized async I\u002FO\n- **API Response Time**: \u003C 200ms (excluding LLM generation)\n- **Concurrent Requests**: Supports 100+ concurrent simulations\n\n### Scalability\n\n- **Horizontal Scaling**: Deploy multiple API instances behind load balancer\n- **Async Architecture**: Non-blocking I\u002FO for high throughput\n- **Resource Optimization**: Efficient memory and connection management\n- **Caching**: Template and dataset caching for repeated operations\n\n### Monitoring\n\n```bash\n# Enable metrics endpoint\nthreatsimgpt api start --metrics\n\n# Prometheus metrics available at \u002Fmetrics\ncurl http:\u002F\u002Flocalhost:8000\u002Fmetrics\n\n# Health check endpoint\ncurl http:\u002F\u002Flocalhost:8000\u002Fhealth\n```\n\n---\n\n## Documentation\n\n### Available Documentation\n\n- **[API Documentation](docs\u002Fapi\u002F)** - REST API reference and OpenAPI spec\n- **[User Guide](docs\u002Fguides\u002FUSER_GUIDE.md)** - Complete usage guide\n- **[Developer Guide](docs\u002Fguides\u002FDEVELOPER_GUIDE.md)** - Contributing and development\n- **[Configuration Reference](docs\u002Freference\u002F)** - Configuration schemas\n- **[Security Guide](docs\u002Fguides\u002FSECURITY_GUIDE.md)** - Security best practices\n- **[Template Manual](TEMPLATE_MANUAL.md)** - Template creation guide\n- **[Dataset Integration](DATASET_INTEGRATION.md)** - Dataset processor guide\n\n### Quick Links\n\n- **API Docs**: [http:\u002F\u002Flocalhost:8000\u002Fdocs](http:\u002F\u002Flocalhost:8000\u002Fdocs) (when running)\n- **GitHub Repository**: [https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT](https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT)\n- **Issue Tracker**: [https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT\u002Fissues](https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT\u002Fissues)\n\n---\n\n## Contributing\n\nWe welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.\n\n### Development Setup\n\n```bash\n# Clone repository\ngit clone https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT.git\ncd ThreatSimGPT\n\n# Create virtual environment\npython -m venv .venv\nsource .venv\u002Fbin\u002Factivate  # or .venv\\Scripts\\activate on Windows\n\n# Install development dependencies\npip install -r requirements-dev.txt\n\n# Install pre-commit hooks\npre-commit install\n\n# Run tests\npytest\n\n# Run code quality checks\nblack src\u002F tests\u002F\nisort src\u002F tests\u002F\nflake8 src\u002F tests\u002F\nmypy src\u002F\n```\n\n### Contribution Workflow\n\n1. Fork the repository\n2. Create a feature branch: `git checkout -b feature\u002Famazing-feature`\n3. Make your changes and add tests\n4. Ensure all tests pass: `pytest`\n5. Run code quality checks\n6. Commit changes: `git commit -m 'Add amazing feature'`\n7. Push to branch: `git push origin feature\u002Famazing-feature`\n8. Open a Pull Request\n\n---\n\n## Troubleshooting\n\n### Common Issues\n\n#### Installation Issues\n\n**Problem**: `threatsimgpt: command not found`\n\n**Solution**: Activate virtual environment\n```bash\n# Windows\n.\\.venv\\Scripts\\Activate.ps1\n\n# macOS\u002FLinux\nsource .venv\u002Fbin\u002Factivate\n```\n\n**Problem**: `ModuleNotFoundError`\n\n**Solution**: Install requirements in virtual environment\n```bash\npip install -r requirements.txt\n```\n\n#### Configuration Issues\n\n**Problem**: `Configuration file not found`\n\n**Solution**: Create config.yaml from example\n```bash\ncp config.yaml.example config.yaml\n```\n\n**Problem**: `API authentication failed`\n\n**Solution**: Verify API key is set\n```bash\n# Check environment variable\necho $OPENROUTER_API_KEY\n\n# Or set in config.yaml\nthreatsimgpt config set llm.openrouter.api_key \"your-key\"\n```\n\n#### Runtime Issues\n\n**Problem**: Template validation errors\n\n**Solution**: Validate and fix templates\n```bash\nthreatsimgpt templates show my_template --validate\nthreatsimgpt templates fix my_template\n```\n\n**Problem**: Simulation fails with timeout\n\n**Solution**: Increase timeout in config\n```yaml\nllm:\n  openrouter:\n    timeout: 180  # Increase to 180 seconds\n```\n\n### Getting Help\n\n- **Check Logs**: `logs\u002Fthreatsimgpt.log`\n- **Validate Configuration**: `threatsimgpt config validate`\n- **Test Connection**: `threatsimgpt llm test`\n- **GitHub Issues**: [Report a bug](https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT\u002Fissues)\n- **Email Support**: threatsimgpt@hotmail.com\n\n---\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n### Third-Party Licenses\n\nThreatSimGPT uses the following open-source libraries:\n- FastAPI (MIT License)\n- Pydantic (MIT License)\n- aiohttp (Apache 2.0)\n- PyYAML (MIT License)\n\nFull license information available in `LICENSE` file.\n\n---\n\n## Acknowledgments\n\n- **MITRE ATT&CK Framework** for threat intelligence taxonomy\n- **OpenAI, Anthropic, Meta** for LLM capabilities\n- **PhishTank** for phishing intelligence data\n- **Carnegie Mellon University** for Enron Email Corpus\n- **Open Source Community** for tools and libraries\n\n---\n\n## Support & Contact\n\n- **Documentation**: [https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT](https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT)\n- **Issues**: [GitHub Issues](https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT\u002Fissues)\n- **Discussions**: [GitHub Discussions](https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT\u002Fdiscussions)\n- **Email**: threatsimgpt@hotmail.com\n- **Twitter**: [@Thundastormgod](https:\u002F\u002Ftwitter.com\u002FThundastormgod)\n\n---\n\n## Project Status\n\n- **Current Version**: 1.0.0\n- **Status**: Production Ready\n- **Last Updated**: November 23, 2025\n- **Active Maintenance**: Yes\n- **Open to Contributions**: Yes\n\n### Roadmap\n\n**Version 1.1.0** (Q1 2026):\n- Advanced analytics and reporting dashboard\n- Enhanced dataset integration (additional threat intelligence sources)\n- Machine learning-based content optimization\n- Multi-language support\n\n**Version 1.2.0** (Q2 2026):\n- Collaborative scenario builder\n- Advanced deployment integrations\n- Real-time threat intelligence feeds\n- Enterprise SSO integration\n\n---\n\n**Important Disclaimer**\n\nThreatSimGPT is a simulation tool designed exclusively for:\n- **Authorized security testing and training**\n- **Educational purposes**\n- **Research and development**\n\nUsers are solely responsible for ensuring compliance with all applicable laws, regulations, and organizational policies in their jurisdiction. Unauthorized use, malicious activities, or misuse of this tool is strictly prohibited and may result in legal consequences.\n\n**USE AT YOUR OWN RISK. THE AUTHORS AND CONTRIBUTORS ARE NOT LIABLE FOR ANY MISUSE OR DAMAGES.**\n\n---\n\n**Built for the cybersecurity community**\n\n","# ThreatSimGPT：企业级人工智能驱动的威胁模拟平台\n\n[![Python 3.11+](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fpython-3.11+-blue.svg)](https:\u002F\u002Fwww.python.org\u002Fdownloads\u002F)\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-yellow.svg)](https:\u002F\u002Fopensource.org\u002Flicenses\u002FMIT)\n[![生产就绪](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fstatus-production%20ready-brightgreen.svg)](https:\u002F\u002Fgithub.com\u002FThreatSimGPT\u002FThreatSimGPT)\n[![代码质量](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fmaintainability-A+-brightgreen.svg)](https:\u002F\u002Fgithub.com\u002FThreatSimGPT\u002FThreatSimGPT)\n[![安全：Bandit](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fsecurity-bandit-green.svg)](https:\u002F\u002Fgithub.com\u002FPyCQA\u002Fbandit)\n\n**ThreatSimGPT** 是一款企业级网络安全威胁模拟平台，利用大型语言模型（LLMs）生成逼真、上下文感知的威胁场景，用于安全培训、红队演练和合规性测试。\n\n## 概述\n\n- **多LLM支持**: ✅ 集成 OpenAI GPT-4、Anthropic Claude、OpenRouter 和 **Ollama（本地\u002F离线）**\n- **本地LLM支持**: 🆕 使用 Ollama 完全离线运行 - 无需 API 密钥或互联网！\n- **基于 YAML 的配置**: ✅ 使用直观的 YAML 模式定义威胁场景  \n- **生产就绪的核心**: ✅ 可扩展的模拟引擎，配备完善的数据模型\n- **CLI 界面**: ✅ 用于场景管理和执行的命令行工具\n- **REST API**: ✅ 基于 FastAPI 的 REST 端点，便于企业集成\n- **安全框架**: 🚧 内置内容过滤和合规性检查（计划中）\n- **分析与报告**: 🚧 全面的日志记录与指标（计划中）\n\n### 核心功能\n\n- **多LLM支持**: OpenAI GPT-4、Anthropic Claude、OpenRouter、Ollama 以及本地模型\n- **基于 YAML 的模板**: 使用直观且版本控制的模板定义威胁场景\n- **生产级架构**: 可扩展、易维护的代码库，无代码重复\n- **CLI 与 REST API**: 灵活的接口，便于自动化和集成\n- **企业部署**: Docker、Kubernetes 和云原生部署选项\n- **全面的日志记录**: 审计轨迹和分析数据，满足合规要求\n- **安全框架**: 内置内容过滤和伦理准则\n- **数据集集成**: PhishTank、Enron Email Corpus、MITRE ATT&CK 框架\n\n---\n\n## 架构\n\n### 系统组件\n\n```\nThreatSimGPT 平台\n├── 核心模拟引擎\n│   ├── 模板管理器（基于 YAML 的场景定义）\n│   ├── 模拟编排器（执行与工作流管理）\n│   └── 输出管理器（内容生成与存储）\n│\n├── LLM 集成层\n│   ├── 多提供商支持（OpenAI、Anthropic、OpenRouter、Ollama）\n│   ├── 连接池（性能提升 40%以上）\n│   ├── 速率限制与重试逻辑\n│   └── 备用与错误处理\n│\n├── 数据集集成\n│   ├── PhishTank（网络钓鱼情报）\n│   ├── Enron Email Corpus（电子邮件通信模式）\n│   ├── MITRE ATT&CK（威胁情报框架）\n│   └── 可扩展的处理器架构\n│\n├── 集成层\n│   ├── Microsoft 365（电子邮件投放）\n│   ├── Proofpoint（安全平台集成）\n│   ├── KnowBe4（培训平台）\n│   ├── Slack（协作平台）\n│   └── 用于自定义集成的可扩展基类\n│\n├── API 与 CLI 接口\n│   ├── FastAPI REST API（企业集成）\n│   ├── 命令行界面（直接使用）\n│   └── Python SDK（程序化访问）\n│\n└── 安全与合规\n    ├── 内容过滤\n    ├── 审计日志\n    ├── GDPR 合规\n    └── 伦理使用指南\n```\n\n### 技术栈\n\n- **语言**: Python 3.11+\n- **API 框架**: FastAPI\n- **LLM 集成**: aiohttp、httpx（带连接池）\n- **数据验证**: Pydantic\n- **配置**: YAML\n- **异步 I\u002FO**: asyncio、aiohttp\n- **测试**: pytest、pytest-asyncio\n- **代码质量**: black、isort、flake8、mypy\n- **部署**: Docker、Kubernetes\n\n---\n\n## 快速入门\n\n### 前提条件\n\n- **Python 3.11 或更高版本**\n- **Git**（用于克隆仓库）\n- **LLM API 密钥**（OpenRouter、OpenAI 或 Anthropic）\n- **虚拟环境**（推荐）\n\n### 安装\n\n#### 1. 克隆仓库\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT.git\ncd ThreatSimGPT\n```\n\n#### 2. 创建虚拟环境\n\n**Windows (PowerShell):**\n```bash\npython -m venv .venv\n.\\.venv\\Scripts\\Activate.ps1\n```\n\n**macOS\u002FLinux:**\n```bash\npython -m venv .venv\nsource .venv\u002Fbin\u002Factivate\n```\n\n#### 3. 安装依赖项\n\n```bash\n# 生产依赖\npip install -r requirements.txt\n\n# 开发依赖（可选）\npip install -r requirements-dev.txt\n```\n\n#### 4. 配置 API 密钥\n\n```bash\n# 将您的 API 密钥设置为环境变量\nexport OPENROUTER_API_KEY=\"your-api-key-here\"\n\n# 编辑 config.yaml 文件以进行设置\nnano config.yaml\n```\n\n**配置示例:**\n```yaml\nllm:\n  provider: openrouter\n  openrouter:\n    api_key: \"your-api-key-here\"\n    model: \"qwen\u002Fqwen-2.5-72b-instruct\"\n    \nsimulation:\n  output_dir: \".\u002Fgenerated_content\"\n  auto_save: true\n  \nlogging:\n  level: INFO\n  file: \".\u002Flogs\u002Fthreatsimgpt.log\"\n```\n\n#### 5. 验证安装\n\n```bash\n# 检查 CLI 是否可用\nthreatsimgpt --help\n\n# 验证安装\nthreatsimgpt templates validate-all\n\n# 测试干运行（不调用 API）\nthreatsimgpt simulate -s templates\u002Fexecutive_phishing.yaml --dry-run\n```\n\n---\n\n## 使用指南\n\n### 命令行界面\n\n#### 模板管理\n\n```bash\n# 列出所有可用模板\nthreatsimgpt templates list\n\n# 显示模板详细信息并验证\nthreatsimgpt templates show executive_phishing --validate\n\n# 验证所有模板\nthreatsimgpt templates validate-all\n\n# 检查模板生态系统的健康状况\nthreatsimgpt templates health\n```\n\n#### 运行模拟\n\n```bash\n# 运行一次模拟\nthreatsimgpt simulate -s templates\u002Fexecutive_phishing.yaml\n\n# 干运行（不调用 API）\nthreatsimgpt simulate -s templates\u002Fexecutive_phishing.yaml --dry-run\n\n# 指定输出目录\nthreatsimgpt simulate -s templates\u002Ffinance_bec.yaml -o .\u002Foutput\u002Fcampaign_001\n\n# 使用特定的 LLM 提供商运行\nthreatsimgpt simulate -s templates\u002Fit_helpdesk.yaml --provider openai\n```\n\n#### 配置管理\n\n```bash\n# 显示当前配置\nthreatsimgpt config show\n\n# 设置配置值\nthreatsimgpt config set llm.provider openrouter\n\n# 验证配置\nthreatsimgpt config validate\n```\n\n#### 数据集管理\n\n```bash\n# 列出可用数据集\nthreatsimgpt datasets list\n\n# 下载并处理数据集\nthreatsimgpt datasets download phishtank\n\n# 显示数据集统计信息\nthreatsimgpt datasets stats enron\n\n# 更新所有数据集\nthreatsimgpt datasets update-all\n```\n\n### REST API\n\n#### 启动 API 服务器\n\n```bash\n# 启动 FastAPI 服务器\nthreatsimgpt api start\n\n# 指定主机和端口\nthreatsimgpt api start --host 0.0.0.0 --port 8000\n\n# 从自动重载开始（开发）\nthreatsimgpt api start --reload\n```\n\n#### API 端点\n\n**生成威胁内容：**\n```bash\ncurl -X POST \"http:\u002F\u002Flocalhost:8000\u002Fllm\u002Fgenerate\" \\\n  -H \"Content-Type: application\u002Fjson\" \\\n  -d '{\n    \"prompt\": \"创建一封针对人力资源部门的网络钓鱼邮件\",\n    \"scenario_type\": \"phishing\",\n    \"max_tokens\": 500,\n    \"temperature\": 0.7\n  }'\n```\n\n**创建场景：**\n```bash\ncurl -X POST \"http:\u002F\u002Flocalhost:8000\u002Fscenarios\" \\\n  -H \"Content-Type: application\u002Fjson\" \\\n  -d '{\n    \"name\": \"第四季度安全意识宣传活动\",\n    \"threat_type\": \"phishing\",\n    \"target_role\": \"员工\",\n    \"severity\": \"medium\"\n  }'\n```\n\n**列出模板：**\n```bash\ncurl \"http:\u002F\u002Flocalhost:8000\u002Ftemplates\"\n```\n\n**API 文档：**\n- Swagger UI：`http:\u002F\u002Flocalhost:8000\u002Fdocs`\n- ReDoc：`http:\u002F\u002Flocalhost:8000\u002Fredoc`\n\n### Python SDK\n\n```python\nfrom threatsimgpt import ThreatSimGPTClient\n\n# 初始化客户端\nclient = ThreatSimGPTClient(api_key=\"your-api-key\", provider=\"openrouter\")\n\n# 加载并运行模拟\nsimulation = client.load_template(\"templates\u002Fexecutive_phishing.yaml\")\nresult = simulation.run()\n\n# 访问生成的内容\nprint(result.content)\nprint(result.metadata)\n\n# 保存到文件\nresult.save(\"output\u002Fcampaign_001.json\")\n```\n\n---\n\n## 配置\n\n### 配置文件结构\n\n**`config.yaml`**（YAML 格式）：\n\n```yaml\n# LLM 提供商配置\nllm:\n  provider: openrouter  # 选项：openrouter、openai、anthropic、ollama\n  \n  openrouter:\n    api_key: ${OPENROUTER_API_KEY}\n    model: \"qwen\u002Fqwen-2.5-72b-instruct\"\n    base_url: \"https:\u002F\u002Fopenrouter.ai\u002Fapi\u002Fv1\"\n    timeout: 120\n    \n  openai:\n    api_key: ${OPENAI_API_KEY}\n    model: \"gpt-4\"\n    \n  anthropic:\n    api_key: ${ANTHROPIC_API_KEY}\n    model: \"claude-3-opus-20240229\"\n    \n  ollama:\n    base_url: \"http:\u002F\u002Flocalhost:11434\"\n    model: \"llama3.1:70b\"\n\n# 模拟配置\nsimulation:\n  output_dir: \".\u002Fgenerated_content\"\n  auto_save: true\n  index_enabled: true\n  max_concurrent: 5\n\n# 数据集配置\ndatasets:\n  storage_path: \".\u002Fdata\"\n  auto_update: false\n  phishtank:\n    enabled: true\n    update_interval_days: 7\n  enron:\n    enabled: true\n  mitre_attack:\n    enabled: true\n\n# 部署集成\ndeployment:\n  enabled: false\n  microsoft365:\n    enabled: false\n    tenant_id: ${M365_TENANT_ID}\n    client_id: ${M365_CLIENT_ID}\n    client_secret: ${M365_CLIENT_SECRET}\n\n# 日志配置\nlogging:\n  level: INFO  # DEBUG、INFO、WARNING、ERROR、CRITICAL\n  file: \".\u002Flogs\u002Fthreatsimgpt.log\"\n  format: \"%(asctime)s - %(name)s - %(levelname)s - %(message)s\"\n  rotation: \"10 MB\"\n  retention: 30  # 天\n\n# 安全配置\nsafety:\n  content_filtering: true\n  audit_logging: true\n  rate_limiting:\n    enabled: true\n    requests_per_minute: 60\n```\n\n### 环境变量\n\n```bash\n# LLM 提供商密钥\nexport OPENROUTER_API_KEY=\"your-key-here\"\nexport OPENAI_API_KEY=\"your-key-here\"\nexport ANTHROPIC_API_KEY=\"your-key-here\"\n\n# 部署集成\nexport M365_TENANT_ID=\"your-tenant-id\"\nexport M365_CLIENT_ID=\"your-client-id\"\nexport M365_CLIENT_SECRET=\"your-client-secret\"\n\n# 应用程序设置\nexport THREATSIMGPT_ENV=\"production\"\nexport THREATSIMGPT_LOG_LEVEL=\"INFO\"\n```\n\n---\n\n## 模板系统\n\n### 模板结构\n\n模板使用 YAML 格式定义威胁场景：\n\n```yaml\n# 模板元数据\ntemplate_id: executive_phishing_v1\nname: \"高管网络钓鱼活动\"\nversion: \"1.0.0\"\nauthor: \"安全团队\"\ndescription: \"针对高层管理人员的复杂网络钓鱼攻击\"\n\n# 威胁分类\nthreat_type: phishing\nseverity: high\ncomplexity: advanced\ntarget_role: executive\n\n# 场景配置\nscenario:\n  subject_line: \"紧急：需提交第四季度财务报告\"\n  sender_persona: \"首席财务官办公室\"\n  urgency_level: high\n  社会工程学策略：\n    - 权威性\n    - 紧迫感\n    - 恐惧心理\n  \n  上下文：\n    公司规模：企业级\n    行业：科技行业\n    季度：第四季度\n    \n  内容要求：\n    语气：专业\n    长度：中等\n    技术细节：包含\n    个性化程度：高\n\n# LLM 生成参数\ngeneration:\n  max_tokens: 800\n  temperature: 0.7\n  top_p: 0.9\n  \n# 动态内容变量\nvariables：\n  ceo_name: \"Michael Stevens\"\n  company_name: \"TechCorp International\"\n  截止日期：本周末\n  财政年度：2025财年\n\n# 安全控制\nsafety:\n  content_filtering: true\n  匿名化处理敏感信息：true\n  必须添加免责声明：true\n```\n\n### 创建自定义模板\n\n1. **复制示例模板：**\n```bash\ncp templates\u002Fsample_phishing_template.yaml templates\u002Fmy_custom_template.yaml\n```\n\n2. **编辑模板：**\n```yaml\ntemplate_id: my_custom_scenario\nname: \"我的自定义威胁场景\"\nthreat_type: social_engineering\n# ... 自定义字段\n```\n\n3. **验证模板：**\n```bash\nthreatsimgpt templates show my_custom_template --validate\n```\n\n4. **运行模拟：**\n```bash\nthreatsimgpt simulate -s templates\u002Fmy_custom_template.yaml\n```\n\n---\n\n## 部署\n\n### Docker 部署\n\n#### 构建镜像\n\n```bash\n# 构建生产镜像\ndocker build -t threatsimgpt:latest .\n\n# 使用特定标签构建\ndocker build -t threatsimgpt:v1.0.0 .\n```\n\n#### 运行容器\n\n```bash\n# 使用环境变量运行\ndocker run -d \\\n  --name threatsimgpt \\\n  -p 8000:8000 \\\n  -e OPENROUTER_API_KEY=\"your-key\" \\\n  -v $(pwd)\u002Fgenerated_content:\u002Fapp\u002Fgenerated_content \\\n  -v $(pwd)\u002Flogs:\u002Fapp\u002Flogs \\\n  threatsimgpt:latest\n\n# 使用配置文件运行\ndocker run -d \\\n  --name threatsimgpt \\\n  -p 8000:8000 \\\n  -v $(pwd)\u002Fconfig.yaml:\u002Fapp\u002Fconfig.yaml \\\n  -v $(pwd)\u002Fgenerated_content:\u002Fapp\u002Fgenerated_content \\\n  threatsimgpt:latest\n```\n\n### Docker Compose\n\n**`docker-compose.yml`：**\n\n```yaml\nversion: '3.8'\n\nservices:\n  threatsimgpt-api:\n    image: threatsimgpt:latest\n    container_name: threatsimgpt-api\n    ports:\n      - \"8000:8000\"\n    environment:\n      - OPENROUTER_API_KEY=${OPENROUTER_API_KEY}\n      - THREATSIMGPT_ENV=production\n    volumes:\n      - .\u002Fconfig.yaml:\u002Fapp\u002Fconfig.yaml:ro\n      - .\u002Fgenerated_content:\u002Fapp\u002Fgenerated_content\n      - .\u002Flogs:\u002Fapp\u002Flogs\n      - .\u002Fdata:\u002Fapp\u002Fdata\n    restart: unless-stopped\n    \n  threatsimgpt-worker:\n    image: threatsimgpt:latest\n    container_name: threatsimgpt-worker\n    environment:\n      - OPENROUTER_API_KEY=${OPENROUTER_API_KEY}\n    volumes:\n      - .\u002Fconfig.yaml:\u002Fapp\u002Fconfig.yaml:ro\n      - .\u002Fgenerated_content:\u002Fapp\u002Fgenerated_content\n      - .\u002Fdata:\u002Fapp\u002Fdata\n    command: [\"python\", \"-m\", \"threatsimgpt.worker\"]\n    restart: unless-stopped\n```\n\n**部署：**\n\n```bash\n# 启动服务\ndocker-compose up -d\n\n# 查看日志\ndocker-compose logs -f\n\n# 扩展 API 实例\ndocker-compose up -d --scale threatsimgpt-api=3\n\n# 停止服务\ndocker-compose down\n```\n\n### Kubernetes 部署\n\n#### 基本部署\n\n**`k8s\u002Fdeployment.yaml`:**\n\n```yaml\napiVersion: apps\u002Fv1\nkind: Deployment\nmetadata:\n  name: threatsimgpt\n  labels:\n    app: threatsimgpt\nspec:\n  replicas: 3\n  selector:\n    matchLabels:\n      app: threatsimgpt\n  template:\n    metadata:\n      labels:\n        app: threatsimgpt\n    spec:\n      containers:\n      - name: threatsimgpt\n        image: threatsimgpt:latest\n        ports:\n        - containerPort: 8000\n        env:\n        - name: OPENROUTER_API_KEY\n          valueFrom:\n            secretKeyRef:\n              name: threatsimgpt-secrets\n              key: openrouter-api-key\n        volumeMounts:\n        - name: config\n          mountPath: \u002Fapp\u002Fconfig.yaml\n          subPath: config.yaml\n        - name: storage\n          mountPath: \u002Fapp\u002Fgenerated_content\n      volumes:\n      - name: config\n        configMap:\n          name: threatsimgpt-config\n      - name: storage\n        persistentVolumeClaim:\n          claimName: threatsimgpt-pvc\n---\napiVersion: v1\nkind: Service\nmetadata:\n  name: threatsimgpt\nspec:\n  type: LoadBalancer\n  ports:\n  - port: 80\n    targetPort: 8000\n  selector:\n    app: threatsimgpt\n```\n\n**部署：**\n\n```bash\n# 创建命名空间\nkubectl create namespace threatsimgpt\n\n# 创建 Secret\nkubectl create secret generic threatsimgpt-secrets \\\n  --from-literal=openrouter-api-key=\"your-key\" \\\n  -n threatsimgpt\n\n# 创建 ConfigMap\nkubectl create configmap threatsimgpt-config \\\n  --from-file=config.yaml \\\n  -n threatsimgpt\n\n# 应用部署\nkubectl apply -f k8s\u002F -n threatsimgpt\n\n# 检查状态\nkubectl get pods -n threatsimgpt\nkubectl get svc -n threatsimgpt\n\n# 查看日志\nkubectl logs -f deployment\u002Fthreatsimgpt -n threatsimgpt\n```\n\n---\n\n## 安全与合规\n\n### 安全最佳实践\n\n1. **API 密钥管理：**\n   - 将密钥存储在环境变量或密钥管理系统中\n   - 绝不将密钥提交到版本控制系统\n   - 定期轮换密钥\n   - 为开发和生产环境使用不同的密钥\n\n2. **网络安全：**\n   - 部署在防火墙或 VPN 后面\n   - 对 API 端点使用 HTTPS\u002FTLS\n   - 对敏感部署实施 IP 白名单\n   - 启用速率限制\n\n3. **访问控制：**\n   - 实施基于角色的访问控制 (RBAC)\n   - 使用强身份验证机制\n   - 记录所有访问尝试\n   - 定期进行访问审查\n\n4. **数据保护：**\n   - 启用审计日志记录\n   - 实施数据保留策略\n   - 对静态和传输中的敏感数据进行加密\n   - 定期进行安全审计\n\n### 合规功能\n\n- **GDPR 合规**：数据保护和隐私控制\n- **审计日志记录**：全面的活动跟踪\n- **内容过滤**：防止生成有害内容\n- **伦理准则**：明确的使用政策和限制\n\n### 负责任使用政策\n\n**授权使用场景：**\n- 安全培训和意识提升项目\n- 红队演练和渗透测试（经授权）\n- 安全控制验证和测试\n- 合规和审计文档\n- 教育和研究目的\n\n**禁止使用场景：**\n- 实际的恶意活动或攻击\n- 未经授权的系统访问或测试\n- 骚扰、威胁或有害内容\n- 绕过安全控制或系统\n- 任何非法活动\n\n---\n\n## 性能与可扩展性\n\n### 性能指标\n\n- **连接池**：相比每次请求建立会话，性能提升 40%\n- **内存效率**：使用共享会话池后，内存占用减少 30%\n- **下载速度**：通过优化异步 I\u002FO 提升 25%\n- **API 响应时间**：低于 200 毫秒（不包括 LLM 生成）\n- **并发请求**：支持 100 多个并发模拟\n\n### 可扩展性\n\n- **水平扩展**：在负载均衡器后部署多个 API 实例\n- **异步架构**：非阻塞 I\u002FO 实现高吞吐量\n- **资源优化**：高效的内存和连接管理\n- **缓存**：针对重复操作的模板和数据集缓存\n\n### 监控\n\n```bash\n# 启用指标端点\nthreatsimgpt api start --metrics\n\n# Prometheus 指标可在 \u002Fmetrics 获取\ncurl http:\u002F\u002Flocalhost:8000\u002Fmetrics\n\n# 健康检查端点\ncurl http:\u002F\u002Flocalhost:8000\u002Fhealth\n```\n\n---\n\n## 文档\n\n### 可用文档\n\n- **[API 文档](docs\u002Fapi\u002F)** - REST API 参考和 OpenAPI 规范\n- **[用户指南](docs\u002Fguides\u002FUSER_GUIDE.md)** - 完整的使用指南\n- **[开发者指南](docs\u002Fguides\u002FDEVELOPER_GUIDE.md)** - 贡献和开发说明\n- **[配置参考](docs\u002Freference\u002F)** - 配置模式\n- **[安全指南](docs\u002Fguides\u002FSECURITY_GUIDE.md)** - 安全最佳实践\n- **[模板手册](TEMPLATE_MANUAL.md)** - 模板创建指南\n- **[数据集集成](DATASET_INTEGRATION.md)** - 数据集处理器指南\n\n### 快速链接\n\n- **API 文档**：[http:\u002F\u002Flocalhost:8000\u002Fdocs](http:\u002F\u002Flocalhost:8000\u002Fdocs)（运行时）\n- **GitHub 仓库**：[https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT](https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT)\n- **问题追踪器**：[https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT\u002Fissues](https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT\u002Fissues)\n\n---\n\n## 贡献\n\n我们欢迎贡献！请参阅我们的 [贡献指南](CONTRIBUTING.md) 以获取详细信息。\n\n### 开发设置\n\n```bash\n# 克隆仓库\ngit clone https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT.git\ncd ThreatSimGPT\n\n# 创建虚拟环境\npython -m venv .venv\nsource .venv\u002Fbin\u002Factivate  # 或 Windows 上的 .venv\\Scripts\\activate\n\n# 安装开发依赖\npip install -r requirements-dev.txt\n\n# 安装 pre-commit 钩子\npre-commit install\n\n# 运行测试\npytest\n\n# 运行代码质量检查\nblack src\u002F tests\u002F\nisort src\u002F tests\u002F\nflake8 src\u002F tests\u002F\nmypy src\u002F\n```\n\n### 贡献流程\n\n1. 分支仓库\n2. 创建特性分支：`git checkout -b feature\u002Famazing-feature`\n3. 进行更改并添加测试\n4. 确保所有测试通过：`pytest`\n5. 运行代码质量检查\n6. 提交更改：`git commit -m 'Add amazing feature'`\n7. 推送到分支：`git push origin feature\u002Famazing-feature`\n8. 打开拉取请求\n\n---\n\n## 故障排除\n\n### 常见问题\n\n#### 安装问题\n\n**问题**：`threatsimgpt: command not found`\n\n**解决方案**：激活虚拟环境\n```bash\n# Windows\n.\\.venv\\Scripts\\Activate.ps1\n\n# macOS\u002FLinux\nsource .venv\u002Fbin\u002Factivate\n```\n\n**问题**：`ModuleNotFoundError`\n\n**解决方案**：在虚拟环境中安装依赖\n```bash\npip install -r requirements.txt\n```\n\n#### 配置问题\n\n**问题**：`配置文件未找到`\n\n**解决方案**：根据示例创建 `config.yaml`\n```bash\ncp config.yaml.example config.yaml\n```\n\n**问题**：`API 认证失败`\n\n**解决方案**：确认已设置 API 密钥\n```bash\n# 检查环境变量\necho $OPENROUTER_API_KEY\n\n# 或在 config.yaml 中设置\nthreatsimgpt config set llm.openrouter.api_key \"your-key\"\n```\n\n#### 运行时问题\n\n**问题**: 模板验证错误\n\n**解决方案**: 验证并修复模板\n```bash\nthreatsimgpt templates show my_template --validate\nthreatsimgpt templates fix my_template\n```\n\n**问题**: 模拟因超时失败\n\n**解决方案**: 在配置中增加超时时间\n```yaml\nllm:\n  openrouter:\n    timeout: 180  # 增加到180秒\n```\n\n### 获取帮助\n\n- **查看日志**: `logs\u002Fthreatsimgpt.log`\n- **验证配置**: `threatsimgpt config validate`\n- **测试连接**: `threatsimgpt llm test`\n- **GitHub 问题**: [报告 bug](https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT\u002Fissues)\n- **电子邮件支持**: threatsimgpt@hotmail.com\n\n---\n\n## 许可证\n\n本项目采用 MIT 许可证授权 - 详情请参阅 [LICENSE](LICENSE) 文件。\n\n### 第三方许可证\n\nThreatSimGPT 使用了以下开源库：\n- FastAPI (MIT 许可证)\n- Pydantic (MIT 许可证)\n- aiohttp (Apache 2.0)\n- PyYAML (MIT 许可证)\n\n完整的许可证信息可在 `LICENSE` 文件中找到。\n\n---\n\n## 致谢\n\n- **MITRE ATT&CK 框架** 提供的威胁情报分类体系\n- **OpenAI、Anthropic、Meta** 提供的大语言模型能力\n- **PhishTank** 提供的钓鱼情报数据\n- **卡内基梅隆大学** 提供的 Enron 电子邮件语料库\n- **开源社区** 提供的工具和库\n\n---\n\n## 支持与联系\n\n- **文档**: [https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT](https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT)\n- **问题**: [GitHub 问题](https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT\u002Fissues)\n- **讨论**: [GitHub 讨论](https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT\u002Fdiscussions)\n- **电子邮件**: threatsimgpt@hotmail.com\n- **Twitter**: [@Thundastormgod](https:\u002F\u002Ftwitter.com\u002FThundastormgod)\n\n---\n\n## 项目状态\n\n- **当前版本**: 1.0.0\n- **状态**: 已投入生产\n- **最后更新**: 2025年11月23日\n- **活跃维护**: 是\n- **接受贡献**: 是\n\n### 路线图\n\n**版本 1.1.0** (2026年第一季度):\n- 高级分析与报告仪表盘\n- 更强的数据集集成（新增威胁情报来源）\n- 基于机器学习的内容优化\n- 多语言支持\n\n**版本 1.2.0** (2026年第二季度):\n- 协作式场景构建器\n- 高级部署集成\n- 实时威胁情报推送\n- 企业单点登录集成\n\n---\n\n**重要免责声明**\n\nThreatSimGPT 是一款专为以下用途设计的模拟工具：\n- **授权的安全测试与培训**\n- **教育目的**\n- **研究与开发**\n\n用户有责任确保其使用行为符合所在司法管辖区的所有适用法律、法规及组织政策。未经授权的使用、恶意活动或滥用本工具均被严格禁止，并可能导致法律责任。\n\n**请自行承担使用风险。作者及贡献者对任何误用或损害不承担任何责任。**\n\n---\n\n**为网络安全社区打造**","# ThreatSimGPT 快速上手指南\n\nThreatSimGPT 是一款企业级 AI 威胁模拟平台，利用大语言模型（LLM）生成逼真的网络威胁场景，适用于安全培训、红队演练和合规测试。支持 OpenAI、Anthropic、OpenRouter 以及本地离线运行的 Ollama。\n\n## 环境准备\n\n在开始之前，请确保您的系统满足以下要求：\n\n*   **操作系统**：Windows (PowerShell), macOS, 或 Linux\n*   **Python 版本**：3.11 或更高版本\n*   **工具依赖**：Git\n*   **API 密钥**：\n    *   云端模式：需准备 OpenRouter、OpenAI 或 Anthropic 的 API Key。\n    *   本地模式：需安装并运行 [Ollama](https:\u002F\u002Follama.com)，无需 API Key 即可离线使用。\n*   **网络建议**：国内用户若使用云端模型，建议配置代理或使用支持国内访问的模型提供商（如通过 OpenRouter 接入部分国产模型）。\n\n## 安装步骤\n\n### 1. 克隆仓库\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI\u002FThreatSimGPT.git\ncd ThreatSimGPT\n```\n\n### 2. 创建虚拟环境\n**Windows (PowerShell):**\n```bash\npython -m venv .venv\n.\\.venv\\Scripts\\Activate.ps1\n```\n\n**macOS\u002FLinux:**\n```bash\npython -m venv .venv\nsource .venv\u002Fbin\u002Factivate\n```\n\n### 3. 安装依赖\n```bash\n# 安装生产环境依赖\npip install -r requirements.txt\n\n# (可选) 安装开发环境依赖\npip install -r requirements-dev.txt\n```\n> **提示**：国内用户如遇下载缓慢，可添加清华或阿里镜像源：\n> `pip install -r requirements.txt -i https:\u002F\u002Fpypi.tuna.tsinghua.edu.cn\u002Fsimple`\n\n### 4. 配置 API 密钥与参数\n设置环境变量并编辑配置文件 `config.yaml`。\n\n**设置环境变量 (以 OpenRouter 为例):**\n```bash\nexport OPENROUTER_API_KEY=\"your-api-key-here\"\n```\n\n**编辑配置文件:**\n```bash\nnano config.yaml\n```\n\n**配置示例 (`config.yaml`):**\n```yaml\nllm:\n  provider: openrouter  # 可选：openrouter, openai, anthropic, ollama\n  openrouter:\n    api_key: ${OPENROUTER_API_KEY}\n    model: \"qwen\u002Fqwen-2.5-72b-instruct\" # 推荐使用兼容模型\n    \nsimulation:\n  output_dir: \".\u002Fgenerated_content\"\n  auto_save: true\n  \nlogging:\n  level: INFO\n  file: \".\u002Flogs\u002Fthreatsimgpt.log\"\n```\n> **本地离线模式提示**：若使用 Ollama，将 `provider` 设为 `ollama`，并确保本地已拉取对应模型（如 `llama3.1:70b`），无需填写 API Key。\n\n### 5. 验证安装\n```bash\n# 查看 CLI 帮助\nthreatsimgpt --help\n\n# 验证所有模板\nthreatsimgpt templates validate-all\n\n# 干跑测试（不消耗 Token\u002F不调用 API）\nthreatsimgpt simulate -s templates\u002Fexecutive_phishing.yaml --dry-run\n```\n\n## 基本使用\n\n### 运行威胁模拟\n使用内置模板生成钓鱼邮件场景：\n\n```bash\n# 执行模拟\nthreatsimgpt simulate -s templates\u002Fexecutive_phishing.yaml\n\n# 指定输出目录\nthreatsimgpt simulate -s templates\u002Ffinance_bec.yaml -o .\u002Foutput\u002Fcampaign_001\n\n# 指定特定 LLM 提供商运行\nthreatsimgpt simulate -s templates\u002Fit_helpdesk.yaml --provider openai\n```\n\n### 管理模板\n```bash\n# 列出所有可用模板\nthreatsimgpt templates list\n\n# 查看模板详情并验证\nthreatsimgpt templates show executive_phishing --validate\n```\n\n### 启动 REST API 服务\n如需集成到其他系统，可启动 FastAPI 服务：\n\n```bash\n# 启动服务\nthreatsimgpt api start\n\n# 指定主机和端口\nthreatsimgpt api start --host 0.0.0.0 --port 8000\n```\n启动后，访问 `http:\u002F\u002Flocalhost:8000\u002Fdocs` 查看 Swagger API 文档。\n\n### 自定义场景 (Python SDK)\n通过代码直接调用生成内容：\n\n```python\nfrom threatsimgpt import ThreatSimGPTClient\n\n# 初始化客户端\nclient = ThreatSimGPTClient(api_key=\"your-api-key\", provider=\"openrouter\")\n\n# 加载并运行模板\nsimulation = client.load_template(\"templates\u002Fexecutive_phishing.yaml\")\nresult = simulation.run()\n\n# 输出生成内容\nprint(result.content)\n\n# 保存结果\nresult.save(\"output\u002Fcampaign_001.json\")\n```","某大型金融机构的安全运营团队正筹备年度全员钓鱼邮件演练，需要生成高度逼真且符合最新攻击趋势的测试场景。\n\n### 没有 ThreatSimGPT 时\n- **场景构建耗时费力**：安全分析师需手动编写数百封差异化的钓鱼邮件模板，难以模拟复杂的社交工程话术，往往导致演练内容单一、容易被员工识破。\n- **情报更新滞后**：人工整合 MITRE ATT&CK 框架或 PhishTank 最新威胁情报效率低下，生成的攻击脚本无法反映当下真实的黑客手法，训练效果大打折扣。\n- **合规与安全风险高**：缺乏内置的内容过滤机制，手动创作的模拟攻击可能无意中包含敏感词汇或过度激进的内容，引发内部合规审计风险。\n- **环境依赖复杂**：若要在隔离的内网环境中进行演练，传统基于云端的 AI 工具无法使用，团队不得不搭建复杂的代理或放弃使用智能化手段。\n\n### 使用 ThreatSimGPT 后\n- **自动化生成高保真场景**：利用集成的 GPT-4 或本地 Ollama 模型，ThreatSimGPT 能基于 YAML 模板瞬间生成数千封语境自然、风格多变的钓鱼邮件，大幅提升演练的真实感。\n- **实时融合威胁情报**：工具自动调用内置的 PhishTank 和 MITRE ATT&CK 数据集，确保生成的攻击向量紧跟最新黑产趋势，让员工在训练中接触到最前沿的威胁。\n- **内置安全合规护栏**：依托其自带的内容过滤与伦理指南框架，ThreatSimGPT 在生成阶段即自动拦截违规内容，确保所有演练材料符合 GDPR 及企业内部审计要求。\n- **无缝支持离线部署**：通过 Ollama 集成，团队可直接在完全隔离的内网服务器运行 ThreatSimGPT，无需联网或 API 密钥，既保障了数据主权又实现了高效本地化演练。\n\nThreatSimGPT 将原本数周的演练准备周期缩短至小时级，同时以企业级的安全性和真实性重新定义了网络安全培训的标准。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fthreatsimgpt-AI_ThreatSimGPT_0c73f976.png","threatsimgpt-AI","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002Fthreatsimgpt-AI_3a268ac4.jpg","https:\u002F\u002Fgithub.com\u002Fthreatsimgpt-AI",[77,81,85,89,93],{"name":78,"color":79,"percentage":80},"Python","#3572A5",99.7,{"name":82,"color":83,"percentage":84},"Shell","#89e051",0.2,{"name":86,"color":87,"percentage":88},"Dockerfile","#384d54",0.1,{"name":90,"color":91,"percentage":92},"Makefile","#427819",0,{"name":94,"color":95,"percentage":92},"Mako","#7e858d",543,339,"2026-04-15T20:01:50","MIT","Linux, macOS, Windows","非必需。若使用本地 Ollama 运行大模型，需根据所选模型大小配置相应 GPU（未指定具体型号\u002F显存\u002FCUDA 版本）；云端 API 模式无需 GPU。","未说明",{"notes":104,"python":105,"dependencies":106},"支持多种 LLM 提供商（OpenAI, Anthropic, OpenRouter）及本地离线模式（Ollama）。本地运行需自行安装并配置 Ollama 服务。部署支持 Docker 和 Kubernetes。需配置相应的 API Key 或使用本地模型。","3.11+",[107,108,109,110,111,112,113,114,115,116],"FastAPI","Pydantic","aiohttp","httpx","asyncio","pytest","black","isort","flake8","mypy",[35,13],"2026-03-27T02:49:30.150509","2026-04-18T02:20:32.069595",[],[]]