Advanced AI-powered cybersecurity platform combining offensive and defensive security capabilities with intelligent, multi-provider AI integration.
Features β’ Installation β’ Quick Start β’ CLI Reference β’ Web Interface β’ Advanced Features
G3r4ki is a comprehensive cybersecurity operations platform that combines:
- AI-Powered Security Operations: Multi-provider AI integration (OpenAI GPT-4o, Anthropic Claude, DeepSeek) with local AI support
- Interactive CLI: Command-line interface for security scanning, reconnaissance, and vulnerability assessment
- Web Dashboard: Real-time visualization and control through Flask-based web interface
- Autonomous Agents: Agent-based security operations for automated penetration testing and reconnaissance
- Offensive Security Framework: Comprehensive modules for red team operations, exploit execution, and C2 infrastructure
- Dual Operating Mode: Works with real security tools OR provides simulated responses for demonstration/training
The platform operates in both online (cloud AI) and offline (local models) modes, making it suitable for diverse environments including air-gapped networks. It features:
- Multi-AI Provider Proxy: Automatic provider selection and failover
- Agent-Based Architecture: Self-planning autonomous security agents
- Modular Offensive Framework: Mission-driven module selection (stealth, loud, persistence, data extraction)
- Real-time Communication: WebSocket support for live updates
- PostgreSQL Persistence: Database tracking for operations, agents, activities, and findings
- Network Scanning: Nmap-powered port scanning and service detection
- Reconnaissance: WHOIS, DNS enumeration, subdomain discovery
- Vulnerability Assessment: Nikto web scanning, SSL/TLS analysis
- AI Query Interface: Natural language security assistance
- Simulated Mode: Realistic mock data when tools aren't installed
- Cloud Providers: OpenAI (GPT-4o), Anthropic (Claude 3.5 Sonnet), DeepSeek
- Local Models: llama.cpp, vLLM (GPU-accelerated), GPT4All
- Multi-Provider Queries: Simultaneous queries across all providers
- Automatic Fallback: Smart provider selection based on availability
- AI Assistant: Interactive chat with provider selection
- Penetration Testing Tools: Reverse shell generator, exploit templates
- Agent Management: Create, monitor, and control security agents
- Mission Planning: Predefined mission profiles for operations
- Analytics Dashboard: Real-time metrics and statistics
- Logs Viewer: Comprehensive activity logging with filtering
- Tool Management: Install and manage security tools
13 module categories with 100+ templates:
- Credential Harvesting
- Session Management
- Post-Exploitation
- Persistence Mechanisms
- Evasion Techniques
- Remote Execution
- Data Exfiltration
- RAT Deployment
- Surveillance
- Command & Control
- Exploit Execution
- Lateral Movement
- Shell Generation
- Incident simulation framework
- Response playbook execution
- Performance evaluation
- Automated report generation
- Timeline reconstruction
Required:
- Python 3.8 or higher
- PostgreSQL database (automatically available in Replit environment)
- Linux or macOS operating system
Optional (for full functionality):
- Security tools:
nmap,nikto,sslscan,whois,dig - GPU with CUDA (for vLLM acceleration)
- Internet access (for cloud AI providers)
# Clone the repository
git clone <repository-url>
cd g3r4ki
# Install Python dependencies
pip install -r requirements.txtCreate a .env file with your configuration:
cp .env.example .envEdit .env and add your API keys:
OPENAI_API_KEY=sk-your-openai-key-here
ANTHROPIC_API_KEY=sk-ant-your-anthropic-key-here
DEEPSEEK_API_KEY=your-deepseek-key-here
DATABASE_URL=postgresql://user:password@localhost/g3r4kiThe database will be automatically initialized on first run. If using PostgreSQL:
createdb g3r4kiFor real scanning (not simulated), install security tools:
Ubuntu/Debian:
sudo apt update
sudo apt install -y nmap nikto whois dnsutilsmacOS:
brew install nmap nikto bindNote: If tools aren't installed, G3r4ki automatically provides realistic simulated responses for demonstration purposes.
Launch the interactive command-line interface:
python g3r4ki.py interactiveExample Session:
g3r4ki> scan example.com
Nmap scan of example.com (SIMULATED)
Generated: 2025-10-13 12:51:12
============================================================
Host: example.com
Open Ports:
22/tcp: ssh (OpenSSH 8.9)
80/tcp: http (nginx 1.18.0)
443/tcp: https (nginx 1.18.0)
Note: This is simulated data. Install nmap for real scanning.
g3r4ki> query "What ports are commonly used for web services?"
Response:
------------------------------------------------------------
Web services commonly use:
- Port 80: HTTP (unencrypted web traffic)
- Port 443: HTTPS (encrypted web traffic)
- Port 8080: Alternative HTTP port
- Port 8443: Alternative HTTPS port
------------------------------------------------------------
Launch the web dashboard:
python run_web_direct.pyAccess the interface at: http://localhost:5000
The web interface provides:
- Real-time AI chat interface
- Visual penetration testing tools
- Agent deployment and monitoring
- Mission planning and execution
- Analytics and reporting
Performs network port scanning using Nmap.
Usage:
g3r4ki> scan 192.168.1.1
g3r4ki> scan example.comSimulated Output (when nmap not installed):
Host: example.com
Open Ports:
22/tcp: ssh (OpenSSH 8.9)
80/tcp: http (nginx 1.18.0)
443/tcp: https (nginx 1.18.0)
Real Output (with nmap installed): Actual nmap scan results with service detection and version information.
Performs reconnaissance using WHOIS, DNS enumeration, and port scanning.
Usage:
g3r4ki> recon example.comSimulated Output:
Reconnaissance Results for example.com
Generated: 2025-10-13 12:51:12
============================================================
WHOIS Information:
Domain: example.com
Registrar: Example Registrar Inc.
Created: 1995-08-14
Expires: 2025-08-13
Name Servers: ns1.example.com, ns2.example.com
DNS Records:
A: 93.184.216.34
AAAA: 2606:2800:220:1:248:1893:25c8:1946
MX: mail.example.com (priority: 10)
NS: ns1.example.com, ns2.example.com
Performs vulnerability scanning using Nikto and SSL/TLS analysis.
Usage:
g3r4ki> vuln https://example.comSimulated Output:
Vulnerability Scan Results for https://example.com
Generated: 2025-10-13 12:51:12
============================================================
Web Vulnerabilities (Nikto):
β No missing security headers detected
! Server version disclosure: nginx/1.18.0
β HTTPS properly configured
SSL/TLS Analysis (SSLScan):
Protocol Support:
β TLSv1.3: Enabled (secure)
β TLSv1.2: Enabled (secure)
β TLSv1.1: Disabled (good)
β TLSv1.0: Disabled (good)
Certificate Information:
Subject: CN=example.com
Issuer: Let's Encrypt Authority X3
Valid: 2024-01-15 to 2025-04-15
β Certificate is valid
Query the AI assistant for security advice and analysis.
Usage:
g3r4ki> query "How do I detect SQL injection vulnerabilities?"
g3r4ki> query "Explain the OWASP Top 10"Output: AI-generated response from your configured provider (OpenAI/Anthropic/DeepSeek).
Display available commands and usage information.
Exit the G3r4ki CLI.
- Multi-provider AI chat interface
- Select between OpenAI, Anthropic, DeepSeek, or local models
- System prompt customization
- Query all providers simultaneously
- Reverse Shell Generator: Generate shells for multiple languages (Python, Bash, PowerShell, PHP, Ruby, Perl)
- Shell Variants: Basic, encoded, obfuscated options
- Exploit Templates: Quick access to common exploit patterns
- Payload Generation: Custom payload creation
- Create Agents: Deploy autonomous security agents
- Agent Types: Pentest, reconnaissance, security assessment
- Monitor Status: Real-time agent activity tracking
- Control: Start, stop, configure agents
- Mission Profiles:
- Stealth: Low-noise reconnaissance and enumeration
- Loud: Aggressive scanning and exploitation
- Persistence: Establish long-term access
- Data Extraction: Exfiltrate sensitive information
- Planning: Define objectives and scope
- Execution: Automated mission execution
- Reporting: Detailed mission reports
- Agent activity metrics
- Operations statistics
- Tool installation status
- Activity timeline
- Performance indicators
- Filter by operation, agent, type, status
- Real-time log streaming
- Search functionality
- Auto-refresh options
- Export capabilities
- Categories: Recon, Remote Access, Defensive, Automation, Offensive, Data Analysis, Threat Intel, Red Team
- Tool Status: Check installed tools
- Installation: One-click tool installation
- 27+ Security Tools across 9 categories
- Get API key from: https://platform.openai.com/api-keys
- Add to
.env:OPENAI_API_KEY=sk-...
- Get API key from: https://console.anthropic.com/
- Add to
.env:ANTHROPIC_API_KEY=sk-ant-...
- Get API key from: https://platform.deepseek.com/
- Add to
.env:DEEPSEEK_API_KEY=...
llama.cpp:
# Install llama.cpp
git clone https://github.com/ggerganov/llama.cpp
cd llama.cpp && make
# Download a model
wget https://huggingface.co/model.gguf
# Configure in config.yaml
llm:
local_models:
llama_cpp:
enabled: true
model_path: /path/to/model.ggufvLLM (GPU Required):
pip install vllm
# Configure GPU settings in config.yamlPostgreSQL connection string in .env:
DATABASE_URL=postgresql://username:password@localhost:5432/g3r4kiIn Replit environment, DATABASE_URL is automatically configured.
When security tools are not installed, G3r4ki provides:
- β Realistic simulated responses
- β Educational examples
- β Training scenarios
- β Demonstration capabilities
- β No external dependencies required
Use Cases:
- Learning cybersecurity concepts
- Training environments
- Demonstrations
- Development and testing
When security tools are installed, G3r4ki uses:
- β Actual nmap network scanning
- β Real DNS/WHOIS queries
- β Live vulnerability assessment
- β Production-ready results
- β Comprehensive security analysis
Use Cases:
- Professional penetration testing
- Security assessments
- Real-world operations
- Production security audits
Note: All simulated outputs are clearly labeled to avoid confusion.
Create self-planning agents for automated operations:
# Via Web Interface: Agent Operations tab
# Or programmatically:
from src.agents.manager import AgentManager
manager = AgentManager()
agent = manager.create_agent(
agent_type="pentest",
name="Web App Tester",
description="Automated web application security assessment"
)
agent.set_target("https://target.com")
agent.set_objective("Find OWASP Top 10 vulnerabilities")
result = manager.run_agent(agent.agent_id)Access 100+ offensive modules across 13 categories:
Example - Credential Harvesting:
from src.offensive.module_loader import ModuleLoader
loader = ModuleLoader()
modules = loader.get_modules_by_category("credential_harvesting")
module = loader.load_module("mimikatz_dumper")
module.execute(target="192.168.1.100")Simulate security incidents and test response:
from src.incident_response.simulator import IncidentSimulator
simulator = IncidentSimulator(config)
simulation = simulator.run_simulation(
incident_type="ransomware",
severity="critical"
)
report = simulator.generate_report(simulation)Control G3r4ki with voice commands:
python g3r4ki.py voiceUses Whisper.cpp for speech-to-text and Piper for text-to-speech.
Solution: This is normal behavior. G3r4ki provides simulated responses when tools aren't installed. To use real tools:
sudo apt install nmap nikto whois dnsutilsSolution: Check your API keys in .env:
# Verify keys are set
cat .env | grep API_KEY
# Test connectivity
python -c "import openai; print('OpenAI OK')"Solution: Ensure PostgreSQL is running and DATABASE_URL is correct:
# Check PostgreSQL status
sudo systemctl status postgresql
# Test connection
psql $DATABASE_URL -c "SELECT 1;"Solution: Check if port 5000 is available:
# Check port
lsof -i :5000
# Try alternative port
python run_web_direct.py --port 5001Solution: Reinstall dependencies:
pip install -r requirements.txt --upgradeQ: Do I need all three AI providers?
A: No. You can use any combination. The platform works with one or more providers configured.
Q: Can I use G3r4ki offline?
A: Yes. Configure local AI models (llama.cpp, GPT4All, vLLM) for complete offline operation.
Q: Is simulated mode accurate?
A: Simulated responses are realistic examples for educational purposes but should not be used for actual security assessments.
Q: How do I add custom offensive modules?
A: Place your module in src/offensive/modules/<category>/ following the module template structure.
Q: Can I deploy agents to remote systems?
A: Yes. Configure SSH credentials in the agent configuration for remote deployment.
G3r4ki is designed for:
- β Authorized security testing
- β Educational purposes
- β Research and development
- β Security training
Unauthorized use is illegal and unethical.
- Always obtain written authorization before testing any systems
- Scope your testing to authorized targets only
- Document all activities for compliance and reporting
- Follow responsible disclosure for any vulnerabilities found
- Comply with local laws and regulations (CFAA, Computer Misuse Act, etc.)
G3r4ki stores operational data locally in PostgreSQL. When using cloud AI providers, prompts are sent to third-party services. Review provider privacy policies:
Contributions are welcome! Areas for improvement:
- Additional offensive modules
- New AI provider integrations
- Enhanced visualization features
- Documentation improvements
- Bug fixes and optimizations
For educational and authorized security testing purposes only.
Unauthorized access to computer systems is illegal. The authors assume no liability for misuse of this software.
Built with β€οΈ by RafalW3bCraft
Empowering cybersecurity professionals with AI-driven security operations