AI Engine

AI ENGINE

Your AI-Powered
Pentest Partner

4 built-in AI assistants that analyze your session data in real-time — generating CVSS v4.0-scored reports, recommending ATT&CK-mapped next steps, and watching for anomalies across all active beacons. Runs on Ollama, OpenAI, or Anthropic.

View Pricing See Use Cases

omni@c2 — ai suggest

$ai suggest CORP-PC01

[*] Analyzing 47 journal entries...

[*] Correlating: credentials (12), network topology, privileges

[!] NEXT STEPS — 3 PATHS FOUND:

[★ HIGH] Kerberoast → WinRM pivot

T1558.003 · !cred_kerberoast → !lat_winrm SQLPROD

[★ HIGH] ADCS ESC1 — UserAuth template

T1649 · !ca_cert --template UserAuth --upn admin@corp

[★ MED ] LAPS password read

T1552.004 · !laps CORP-DC01

$_

Supported AI backends:

Ollama (local / offline)

OpenAI API

Anthropic API

ai report [host]

Automated Pentest Report

Generates a full pentest report from the session journal. CVSS v4.0 scoring is algorithmic and LLM-independent — scores are calculated from observed evidence, not guessed by the model.

ai report

$ai report CORP-DC01

[*] Journal: 47 commands · 2h 14m engagement

[*] CVSS v4.0 scoring active

CVSS:10.0 Domain Admin via Kerberoast chain

CVSS:9.8 LSASS — 3 admin NTLM hashes

CVSS:7.4 ADCS ESC1 cert impersonation

[✓] omni-report-CORP-DC01.md (44 KB)

CVSS v4.0 Markdown output Instant download

ai suggest [host]

Attack Path Advisor

Analyzes collected credentials, network topology, and privilege levels to recommend concrete next steps — each mapped to a MITRE ATT&CK technique ID and paired with the exact OMNI command to execute it.

ai suggest

$ai suggest CORP-WS04

[*] 8 NTLM hashes · 14 hosts mapped

[★]

Pass-the-Hash → RDP [T1550.002] !lat_rdp 10.0.0.5 --hash a1b2c3d4

[★]

SeImpersonate → SYSTEM [T1134.001] !priv_potato --check

ATT&CK mapped Priority ranked Command-ready

ai watch

Background Anomaly Detection

Runs as a daemon watching all active sessions. Alerts the operator when unexpected process spawns, unusual network connections, or failed login spikes appear — before the defender notices.

ai watch

$ai watch

[*] Monitoring 3 sessions · baseline set

[!] ALERT — CORP-WS04 (14:23:11)

msiexec.exe → cmd.exe (unexpected) PID mismatch — possible EDR injection

[OK] CORP-DC01 — nominal

[OK] CORP-SQLPROD — nominal

Always-on All sessions Real-time alerts

ai lateral [host]

Cross-Host Pivot Planner

Combines harvested credentials, mapped network topology, and current privilege levels into a cross-host movement plan — with specific routes, methods, and OMNI commands for each hop.

ai lateral

$ai lateral CORP-DC01

[*] 8 NTLM · 3 TGT · 2 cleartext

PC01 → SQLPROD [HIGH]

WinRM + PTH · !lat_winrm 10.0.0.50

PC01 → SHAREPOINT [MED]

DCOM · !lat_dcomexec 10.0.0.22

[→] PC01→SQLPROD→DC01 (2 hops)

Multi-hop Confidence scored Path to DC

Under the Hood

Circuit Breaker

Automatic provider failover if the LLM endpoint becomes unreachable. No dropped analyses.

Response Cache

Identical queries return cached results instantly. Reduces latency and API costs on repeated analyses.

Retry Logic

Exponential backoff on transient errors. Rate limit handling built in for all three providers.

CVSS v4.0 Scoring

Severity scores are computed algorithmically from observed evidence — fully deterministic, no LLM guessing.

Intelligence that works while you operate.

Every OMNI plan includes all 4 AI assistants. Bring your own API key or run fully offline with Ollama.

View Pricing    Talk to Sales