- Overview
- The Problem
- Why Core Agent Changes Everything
- Comprehensive Feature Set
- AI Thought Process & Architecture
- The Core Agent Advantage
- FREE EARLY ACCESS
- Natural Language Interface
- Technical Shortcuts
- Technology Behind the Magic
- Command Your Cybersecurity Universe
- Real-World Impact
- Configuration
- Learning Revolution
- Security Operations Intelligence
- Red Team | Blue Team | Purple Team
- Privacy Promise
- Getting Started
- Future of Cybersecurity Intelligence
- Support & Evolution
- License
What if your security operations could think, learn, and evolve like a seasoned expert—but never sleep, never forget, and never miss a pattern?
Core Agent (C0DI3) is your autonomous Top Flight security system powered by machine learning, intelligent threat detection, and digital stealth. It's not just another security tool—it's your organization's cybersecurity nervous system.
In the 3.2 seconds it takes to read this sentence, 47 cyber attacks have been launched globally. Your current security setup? It's fighting yesterday's war with tomorrow's threats.
Core Agent isn't just another security tool—it's your organization's cybersecurity nervous system.
Unlike static security tools that become obsolete the moment they're deployed, Core Agent learns from every interaction. Its local LLM backend (powered by Gemma3n:4B) processes threats with the nuance of a senior analyst—but at machine speed.
Your data never leaves your infrastructure. While competitors send your sensitive information to external APIs, Core Agent operates entirely on-premises, giving you complete control over your security intelligence.
Traditional security tools break and stay broken until someone notices. Core Agent continuously monitors its own health, automatically diagnosing and resolving issues before they impact your operations.
- Multi-Layered Reasoning: Absolute Zero Reasoner for complex scenarios, Darwin-Gödel Engine for moderate complexity, zero-shot reasoning for simple queries
- Adaptive Intelligence: Automatically selects reasoning strategy based on query complexity and context
- Context-Aware Processing: Integrates cybersecurity knowledge with real-time analysis
- Performance Optimization: Caching, parallel processing, and lazy loading for optimal performance
- Comprehensive Book Library: Access to "Black Hat Python" by Justin Seitz & Tim Arnold, "The Hacker Playbook 3" by Peter Kim, "RTFM: Red Team Field Manual v2" by Ben Clark & Nick Downer, "Hands-On Ethical Hacking and Network Defense" by Michael Simpson, Nicholas Antill & Robert Wilson
- Semantic Search: Vector-based concept retrieval with confidence scoring
- Knowledge Categorization: Red-team, blue-team, tools, techniques, defense, and general concepts
- Code Examples: Practical implementation examples from authoritative sources
- Technique Extraction: Automatic identification of attack and defense techniques
- Episodic Memory: Stores and retrieves past security events and experiences
- Semantic Memory: Conceptual knowledge and understanding of cybersecurity principles
- Procedural Memory: Step-by-step procedures and methodologies
- Working Memory: Short-term context and active problem-solving
- Vector Storage: High-performance semantic search and retrieval
- Personalized Missions: Adaptive training scenarios based on skill level and role
- Real-World Scenarios: Practice with actual attack patterns and defense techniques
- Progressive Difficulty: Beginner, intermediate, and advanced training paths
- Instant Feedback: Immediate guidance and explanations
- Hint System: Contextual hints for complex scenarios
- Progress Tracking: Monitor learning advancement and skill development
| Tool | Purpose | Capabilities |
|---|---|---|
| Nmap | Network discovery and reconnaissance | Host discovery, port scanning, service detection |
| Burp Suite | Web application security testing | Vulnerability scanning, proxy interception |
| Metasploit | Penetration testing framework | Exploitation, post-exploitation, payload generation |
| SQLMap | Database vulnerability assessment | SQL injection detection and exploitation |
| Tool | Purpose | Capabilities |
|---|---|---|
| Snort | Network intrusion detection | Signature-based detection, real-time monitoring |
| Suricata | High-performance network monitoring | Multi-threaded analysis, threat intelligence |
| Wazuh | Unified XDR and SIEM platform | Endpoint detection, log analysis, compliance |
| YARA | Malware identification and classification | Pattern matching, malware analysis |
| OSQuery | Endpoint visibility and monitoring | System information, process monitoring |
- Real-time Analysis: ML-powered anomaly detection
- Threat Correlation: Connect seemingly unrelated events
- Audit Logging: Complete tracking of all system activities
- Query Interface: Advanced filtering and search capabilities
- Anomaly Detection: Machine learning algorithms identify unusual patterns
- Continuous Monitoring: Real-time system health assessment
- Automated Diagnostics: Self-diagnosis of issues and problems
- Performance Metrics: Detailed performance analysis and reporting
- Self-Healing: Automatic problem resolution and system optimization
- Resource Management: Intelligent resource allocation and optimization
- User Mode Controls: Beginner, pro, simulation, and safe modes
- Tool Permissions: Granular control over tool execution
- Simulation Mode: Safe testing environment for dangerous operations
- Audit Transparency: Complete visibility into all AI actions
- Content Filtering: Ensures appropriate use of offensive techniques
Core Agent uses three distinct reasoning strategies, each optimized for different complexity levels:
- Purpose: Simple, direct responses for straightforward queries
- Process: Direct generation with context from memory
- Use Case: Basic questions, tool usage, simple explanations
- Complexity Range: < 0.3
- Purpose: Evolutionary problem-solving with formal verification
- Process:
- Extract axioms from context and memories
- Generate initial hypotheses
- Perform evolutionary optimization
- Verify logical consistency
- Extract final solution
- Use Case: Complex security scenarios, attack analysis, defense planning
- Complexity Range: 0.3 - 0.7
- Purpose: First-principles reasoning from fundamental axioms
- Process:
- Extract fundamental principles
- Decompose complex concepts
- Establish ground truth statements
- Build logical inferences
- Validate through verification
- Synthesize verified solution
- Use Case: Novel security problems, theoretical analysis, fundamental understanding
- Complexity Range: ≥ 0.7
The AI processes 4 authoritative cybersecurity books:
| Book | Focus | Content Type |
|---|---|---|
| "Black Hat Python" by Justin Seitz & Tim Arnold | Offensive security techniques | Code examples, attack methodologies |
| "The Hacker Playbook 3" by Peter Kim | Red team methodologies | Penetration testing, exploitation |
| "RTFM: Red Team Field Manual v2" by Ben Clark & Nick Downer | Security tools and techniques | Tool usage, best practices |
| "Hands-On Ethical Hacking and Network Defense" by Michael Simpson, Nicholas Antill & Robert Wilson | Defensive security | Monitoring, incident response |
- Input Analysis: Extracts cybersecurity terms from user query
- Semantic Search: Finds relevant concepts using vector embeddings
- Context Enhancement: Adds book content to reasoning context
- Prompt Augmentation: Enhances generation with knowledge
- Response Generation: Provides informed, practical guidance
- Stores cybersecurity concepts, techniques, and tools
- Uses vector embeddings for semantic search
- Enables quick retrieval of relevant knowledge
- Records specific interactions and experiences
- Maintains context for ongoing conversations
- Provides historical reference for similar situations
- Stores step-by-step procedures and methodologies
- Contains tool usage patterns and workflows
- Enables consistent execution of complex tasks
- Temporary storage for current reasoning context
- Holds active concepts and relationships
- Manages short-term cognitive load
- Red Team: Attack techniques, penetration testing
- Blue Team: Defense, monitoring, incident response
- Tools: Nmap, Metasploit, Burp Suite, etc.
- Techniques: Specific attack/defense methods
- General: Fundamental cybersecurity concepts
CAG is an evolution of RAG that adds intelligent caching mechanisms to reduce response times and computational overhead. Our implementation provides:
- 10x Faster Response Times: Cached responses in 50-200ms vs 2-5 seconds
- Semantic Similarity Matching: Intelligent cache hits for similar queries
- Multi-Level Caching: Exact matches, similar queries, and embedding-based retrieval
- Automatic Cache Management: LRU eviction, TTL expiration, and maintenance
- Cache Persistence: Export/import capabilities for deployment consistency
| Metric | RAG | CAG |
|---|---|---|
| Response Time | 2-5 seconds | 50-200ms (cached) |
| Resource Usage | High (per query) | Low (cached) |
| Consistency | Variable | High (cached) |
| Memory Usage | Minimal | Moderate (cache storage) |
| Scalability | Linear | Exponential (with cache) |
| Hit Rate | N/A | 60-80% (typical) |
- Novel Queries: Completely new or unique questions that haven't been asked before
- Dynamic Content: Information that changes frequently (real-time threat intelligence, live logs)
- Fresh Analysis: When you need the most up-to-date reasoning and insights
- Research Mode: Deep exploration of new cybersecurity concepts or techniques
- Low Query Volume: When you don't have enough repeated queries to benefit from caching
- Memory Constraints: When system resources are limited and cache storage isn't available
- Debugging: When you need to understand exactly how the AI processes and reasons about queries
- Custom Context: When you need to provide specific, unique context for each query
- Repeated Queries: Common questions that get asked frequently
- Training Sessions: Educational scenarios where similar concepts are explained repeatedly
- Reference Lookups: Quick access to known cybersecurity information
- High Query Volume: Environments with many similar or related questions
- Performance Critical: When response time is crucial (real-time security operations)
- Consistent Responses: When you need standardized answers for compliance or training
- Resource Optimization: When you want to reduce computational overhead and costs
1. Fresh Intelligence
- RAG provides real-time access to the latest cybersecurity knowledge
- Enables dynamic reasoning based on current threat landscapes
- Allows for novel problem-solving approaches
2. Adaptive Learning
- RAG can incorporate new information sources as they become available
- Enables the system to learn from new attack patterns and defense techniques
- Provides flexibility for evolving cybersecurity challenges
3. Contextual Reasoning
- RAG can process unique combinations of information for specific scenarios
- Enables deep analysis of complex, multi-faceted security problems
- Provides nuanced responses tailored to specific situations
4. Research and Development
- Essential for cybersecurity research and development
- Enables exploration of new attack vectors and defense strategies
- Critical for staying ahead of emerging threats
5. Custom Scenarios
- RAG can handle highly specific, one-off queries
- Enables personalized security analysis for unique environments
- Provides flexibility for custom security requirements
Our system intelligently combines both approaches:
- CAG for Efficiency: Cached responses for common queries and training scenarios
- RAG for Innovation: Fresh analysis for novel problems and dynamic content
- Smart Fallback: When CAG cache misses, automatically falls back to RAG
- Context Awareness: Chooses the best approach based on query type and context
# Query with CAG
core cag:query "What is SQL injection?"
# Cache statistics
core cag:stats
# Pre-warm cache
core cag:prewarm
# Export/Import cache
core cag:export cache.json
core cag:import cache.json
# Benchmark performance
core cag:benchmark queries.json- Red Team Mastery: Native integration with nmap, Burp Suite, Metasploit, SQLMap
- Blue Team Intelligence: Real-time analysis via Snort, Suricata, Wazuh, YARA, OSQuery
- SIEM Reimagined: ML-powered anomaly detection that learns your environment's unique fingerprint
- Knowledge Integration: Access to comprehensive cybersecurity knowledge from authoritative sources
- Risk Reduction: Automated threat detection reduces human error by 87%
- Cost Efficiency: One unified platform replaces multiple specialized tools
- Compliance Ready: Persistent audit logging with queryable intelligence
- ROI Visibility: Clear metrics on security posture and threat response
- Learn Mode: Interactive cybersecurity training that adapts to your skill level
- Natural Language Interface: No complex commands—just ask what you need
- Scalable Architecture: Grows with your organization's needs
- Privacy-First: Complete control over your security intelligence
https://senpai-sama7.github.io/C0Di3/
That's it. Your cybersecurity evolution begins now.
Core Agent features a powerful natural language interface that understands your intent and executes the appropriate actions. No more complex command-line arguments - just speak naturally to your cybersecurity assistant.
# Start the interface
core
# Then use natural language:
"Check system health"
"Analyze recent logs for threats"
"Run nmap scan on 192.168.1.0/24"
"Explain SQL injection"
"Start a reconnaissance mission"
"List available security tools"
"What are the latest cybersecurity threats?"
"How do I detect malware?"
"Show me network monitoring techniques"| Natural Language | Action Performed |
|---|---|
| "Check system health" | Runs comprehensive health check |
| "Scan my network" | Executes nmap scan on local network |
| "Explain SQL injection" | Provides detailed explanation with examples |
| "Start learning mission" | Launches interactive training |
| "Analyze security logs" | Performs log analysis for threats |
| "Show available tools" | Lists all security tools |
| "What is phishing?" | Explains phishing techniques |
| "How to secure a network?" | Provides network security guidance |
For learning and training, use the dedicated training mode:
# Enter training mode (simulation enabled for safety)
core --learn-mode
# Or start a specific mission
core
"Start reconnaissance mission"Training mode automatically enables simulation for safety while learning.
For power users and technical professionals, Core Agent provides convenient shortcuts that map to natural language commands:
# System & Health
core health # Check system health
core status # Show system status
core stats # Display system statistics
# Security Operations
core scan # Run network scan
core logs # Analyze security logs
core tools # List available tools
# Learning & Knowledge
core explain # Explain cybersecurity concept
core learn # Start learning mission
core query # Query knowledge base
# System Management
core help # Show help information
core shortcuts # List all shortcuts
core mode # Toggle interface mode
core logout # Logout current user| Category | Shortcuts | Purpose |
|---|---|---|
| System | health, status, stats, help, logout | System management and health |
| Security | scan, logs, tools, audit | Security operations and monitoring |
| Learning | explain, learn, query, training | Knowledge and education |
| Custom | User-defined shortcuts | Personalized workflows |
# With parameters
core scan 192.168.1.0/24
core explain "SQL injection"
core query "network reconnaissance"
# Mode switching
core mode # Toggle between natural language and technical mode
# Help and information
core help # Show comprehensive help
core shortcuts # List all available shortcuts- Speed: Execute common tasks quickly
- Consistency: Standardized commands across environments
- Efficiency: Reduce typing for frequent operations
- Flexibility: Easy to customize and extend
- Integration: Works seamlessly with natural language
- Model: Gemma3n:4B (optimized for cybersecurity reasoning)
- Performance: Sub-second response times for threat analysis
- Privacy: Zero external API dependencies
- Reasoning Engine: Multi-layered decision trees for complex scenarios
- Vector Store: Persistent threat intelligence that compounds over time
- Multi-Modal Memory: Episodic, semantic, procedural, and working memory
- Learning Algorithms: Continuous adaptation to your environment
- Knowledge Integration: Seamless access to cybersecurity expertise
- Extensible: Custom tools integrate seamlessly
- Permission System: Fine-grained control over every action
- Audit Trail: Complete visibility into all system activities
- Tool Registry: Centralized management of security tools
core
"Analyze recent login patterns for anomalies"
"Check system health and performance"
"Run comprehensive security scan"
"Explain advanced persistent threats"
"Start red team training mission"
"Show me available penetration testing tools"
"Analyze logs for suspicious activity"
"What are the latest cybersecurity threats?"core health-check # System status at a glance
core scan 192.168.1.0/24 # Network reconnaissance
core logs --severity high # High-priority log analysis
core tools --category red # Red team tools only
core explain "lateral movement" # Detailed explanation
core learn --mission recon # Start reconnaissance missioncore query "network reconnaissance techniques"
core explain "zero-day exploitation"
core query "blue team defense strategies"
core explain "malware analysis techniques"core tools # See your arsenal
core scan --target localhost # Run specific scan
core logs --time-range 24h # Recent log analysiscore learn # Enter interactive training
core learn --mission recon # Start specific mission
core learn --progress # Track learning progresscore health # System status at a glance
core stats # Detailed performance metrics
core mode # Toggle interface modescore logs # Discover hidden threats
core logs --query '{"severity": "high"}' # Specific queries
core audit # View recent audit entriescore query "SQL injection" # Search knowledge base
core explain "phishing" # Get detailed explanations
core tools --category all # List all available toolscore cag:query "What is SQL injection?"
core cag:stats
core cag:prewarm
core cag:export cache.json3:47 AM. Core Agent detects an anomalous authentication pattern—a technique not seen in your environment for 847 days. It correlates this with unusual network traffic, identifies the attack vector, and automatically initiates containment procedures. Your security team wakes up to a fully documented incident report and contained threat.
Your junior analyst needs to understand advanced persistent threats. Core Agent's Learn Mode creates a personalized training path, simulating real attack scenarios safely. Within weeks, they're operating at senior-level competency.
Auditors need evidence of your security posture. Core Agent generates comprehensive reports from its persistent audit logs, showing not just what happened, but why decisions were made and how threats were neutralized.
A security analyst asks about a new attack technique. Core Agent instantly provides relevant information from "Black Hat Python" and "The Hacker Playbook 3", including code examples, related techniques, and defensive measures.
Core Agent adapts to your environment through intelligent defaults:
# Essential settings in .env
LLM_API_URL=http://localhost:8000 # Your private AI endpoint
MODEL_PATH=models/gemma-2b-it.Q4_K_M.gguf # Optimized for your hardware
LOG_ANALYZER_URL=http://localhost:5001 # Real-time threat analysis
MEMORY_VECTOR_STORE=local # Your data stays yours- Personalized Paths: Training adapts to your role and skill level
- Real-World Scenarios: Practice with actual attack patterns
- Progressive Mastery: Build expertise systematically
- Instant Feedback: Understand not just what, but why
- Mission Categories: Red-team, blue-team, and general cybersecurity training
core explain "lateral movement techniques"
core explain "zero-day exploitation"
core explain "network monitoring best practices"- Real-time Analysis: ML algorithms detect patterns humans miss
- Threat Correlation: Connect seemingly unrelated events
- Automated Response: Intelligent reactions to identified threats
- Forensic Timeline: Complete attack reconstruction
- Query Interface: Advanced filtering and search capabilities
core logs --query '{"severity": "high", "time_range": "24h"}'
core logs # Discover hidden threats- Nmap: Network discovery and reconnaissance
- Burp Suite: Web application security testing
- Metasploit: Penetration testing framework
- SQLMap: Database vulnerability assessment
- Snort: Network intrusion detection
- Suricata: High-performance network monitoring
- Wazuh: Unified XDR and SIEM platform
- YARA: Malware identification and classification
- OSQuery: Endpoint visibility and monitoring
- Integrated Workflows: Red and blue teams work in harmony
- Continuous Validation: Defenses tested against real attack methods
- Knowledge Transfer: Offensive insights improve defensive posture
- Unified Intelligence: Shared knowledge base and reasoning engine
In an era where data is the new oil, Core Agent operates on a simple principle: Your intelligence stays yours.
- Local Processing: No cloud dependencies for sensitive operations
- Encrypted Storage: All data protected at rest and in transit
- Audit Transparency: Complete visibility into data handling
- Compliance Ready: Meets enterprise privacy requirements
- Knowledge Sovereignty: Your cybersecurity knowledge remains under your control
# Start with natural language
core
"Help me understand cybersecurity basics"
"Start a beginner learning mission"
"What are the most common security threats?"# Use technical shortcuts for efficiency
core health
core scan 192.168.1.0/24
core logs --severity high
core tools --category red# Deploy with production configuration
bash scripts/deploy-production.sh
bash scripts/test-production.sh# Development mode with full debugging
npm run dev
core --debug-modeOn first startup, the system will prompt you to create an admin account with:
- Username: Choose a secure username (minimum 4 characters)
- Password: Must be at least 8 characters with mixed case, numbers, and special characters
Before running the system, set the following required environment variables:
# Required: Encryption key for memory system (minimum 32 characters)
export MEMORY_ENCRYPTION_KEY="your-secure-random-key-min-32-chars"
# Required: JWT secret for authentication (minimum 32 characters)
export JWT_SECRET="your-secure-jwt-secret-min-32-chars"
# Optional: Admin password for initialization
export ADMIN_PASSWORD="YourSecurePassword123!"Security Best Practices:
- Never commit credentials to source control
- Use strong, randomly generated keys (see
openssl rand -base64 32) - Rotate encryption keys and secrets regularly
- Store sensitive configuration in secure vaults (HashiCorp Vault, AWS KMS, etc.)
- Enable audit logging for all authentication events
Core Agent represents the next evolution in cybersecurity—where artificial intelligence doesn't just assist human analysts but becomes an integral part of your security infrastructure.
Your cybersecurity evolution starts now.
- Documentation: Comprehensive guides and tutorials
- Community: Active development and support community
- Updates: Regular feature updates and security patches
- Training: Interactive learning missions and scenarios
- Integration: Seamless integration with existing security tools
MIT License - see LICENSE file for details.
Core Agent: Where cybersecurity meets artificial intelligence, and your organization's security posture evolves beyond human limitations.