Open Source • v2.0

33 Security Tools.
3 AI Brains.
One Platform.

CyberSentinel AI is an agentic cybersecurity platform that runs 33 real security tools locally via Docker — powered by multi-model AI with RAG-grounded knowledge and 4-layer hallucination protection.

View on GitHub Quick Start →
33
Security Tools
3
AI Models
250K+
CVEs in Knowledge Base
6
Tool Categories
508
Cached AI Queries
localhost:3000 — CyberSentinel AI v2.0
CyberSentinel AI Dashboard
🛡️ ARSENAL

33 Real Tools. 6 Categories.

Not wrappers. Not simulations. Every tool runs in Docker containers on your machine — fully local, fully private.

🔍
12 SCANNERS

Vulnerability & Network Scanners

Comprehensive scanning from network discovery to web application vulnerability detection and exploitation testing.

Nmap Nikto Nuclei SQLMap ZAP Gobuster Subfinder SSLyze WhatWeb Amass Masscan Feroxbuster
🌐
5 THREAT INTEL APIs

Threat Intelligence

Real-time threat data from industry-leading intelligence sources — IoCs, domain reputation, CVE data, and malware analysis.

Shodan VirusTotal AbuseIPDB AlienVault OTX GreyNoise
📊
3 SIEM INTEGRATIONS

SIEM & Log Analysis

Centralized log ingestion and correlation for security event monitoring, threat hunting, and incident investigation.

Wazuh Elastic SIEM Graylog
🤖
4 AI DETECTION MODELS

AI-Powered Detection

Multi-model AI ensemble — each model specializes in different detection patterns and cross-validates results for accuracy.

Qwen 2.5 OpenMolt Claude API Ollama Local
⚙️
4 RULE GENERATORS

Detection Rule Creation

Auto-generate detection rules in multiple formats from observed threats — deploy directly to your SIEM or firewall.

YARA Sigma Snort Suricata
📋
5 FRAMEWORKS

Security Frameworks

Map findings to industry frameworks for compliance reporting, attack path analysis, and remediation guidance.

MITRE ATT&CK NIST CSF OWASP Top 10 CIS Controls CVSS Scoring
⚡ ARCHITECTURE

How CyberSentinel Thinks

From your question to a verified, actionable answer — here's the pipeline that makes CyberSentinel agentic, not just automated.

1
INPUT

User Question → Intelligent Router

Your natural language query hits the router agent. It classifies intent (scan, hunt, analyze, explain), identifies which tools and knowledge bases are relevant, and builds an execution plan.

2
KNOWLEDGE

RAG Retrieval — 250K+ CVE Knowledge Base

Before any tool runs, the system retrieves relevant context from its grounded knowledge base — 250K+ CVEs, MITRE techniques, vendor advisories, and cached intelligence. This grounds every response in verified data.

3
AI REASONING

3 AI Brains — Multi-Model Ensemble

The query routes through up to 3 specialized AI models (Qwen, OpenMolt, Claude). Each contributes different strengths — pattern recognition, contextual analysis, and structured reasoning. Results are cross-validated.

4
EXECUTION

Tool Execution — Docker Sandboxed

Selected tools run inside isolated Docker containers on your local machine. Nmap scans, Nuclei checks, Shodan lookups — all real, all local, all private. No data leaves your network.

5
PROTECTION

4-Layer Hallucination Guard → Final Report

Every AI response passes through 4 validation layers before reaching you. Source verification, tool output cross-check, confidence scoring, and contradiction detection. No hallucinated CVEs. No fabricated results.

🛡️ TRUST

4-Layer Hallucination Protection

Most AI cybersecurity tools hallucinate CVEs and fabricate results. CyberSentinel doesn't — here's why.

1

Source Grounding

Every claim is traced back to the RAG knowledge base or a real tool output. No unsourced statements pass through.

2

Tool Cross-Validation

AI findings are cross-checked against actual tool results. If Nmap didn't find it, the AI can't claim it exists.

3

Confidence Scoring

Every response includes a confidence score. Low-confidence results are flagged and require human review.

4

Contradiction Detection

Multi-model outputs are compared. If two models disagree, the system investigates rather than guessing.

✨ FEATURES

What Makes It Different

Built for security professionals who need real tools, real data, and real answers — not chatbot wrappers.

🐳

100% Local via Docker

Everything runs on your machine. No cloud dependencies. No data exfiltration risk. Air-gapped friendly.

🧠

Agentic, Not Scripted

The AI decides which tools to run, in what order, and how to interpret results. It adapts based on what it finds.

🔓

Open Source

Full source code on GitHub. Inspect it, fork it, contribute to it. No black boxes, no vendor lock-in.

📊

508 Cached Queries

Pre-cached intelligence for common security questions. Instant answers without API calls for routine lookups.

Multi-Format Reports

Export findings as SARIF, JSON, PDF, or Markdown. Integrate with your existing ticketing and reporting workflows.

🔄

MITRE ATT&CK Mapping

Every finding is automatically mapped to MITRE ATT&CK techniques and tactics for standardized threat analysis.

🚀 QUICK START

Up and Running in 3 Commands

Clone, build, launch. CyberSentinel is designed to be operational in under 5 minutes.

terminal 
# Clone the repository
git clone https://github.com/solventcyber/CyberSentinel-AI.git
cd CyberSentinel-AI

# Build and start all containers
docker-compose up -d --build

# Open the dashboard
open http://localhost:3000

# ✅ 33 tools ready. 3 AI models loaded. 250K+ CVEs indexed.

Ready to Deploy CyberSentinel?

Join the open-source security community. Star the repo, clone it, break it, improve it.

⭐ Star on GitHub Talk to Our Team →