[ AI-Powered Cybersecurity ]
 ██╗  ██╗ █████╗ ███╗   ██╗ ██████╗ ██████╗  ██████╗██╗  ██╗
 ██║  ██║██╔══██╗████╗  ██║██╔════╝██╔═══██╗██╔════╝██║ ██╔╝
 ███████║███████║██╔██╗ ██║██║     ██║   ██║██║     █████╔╝
 ██╔══██║██╔══██║██║╚██╗██║██║     ██║   ██║██║     ██╔═██╗
 ██║  ██║██║  ██║██║ ╚████║╚██████╗╚██████╔╝╚██████╗██║  ██╗
 ╚═╝  ╚═╝╚═╝  ╚═╝╚═╝  ╚═══╝ ╚═════╝ ╚═════╝  ╚═════╝╚═╝  ╚═╝

Your AI Cybersecurity
Co-Pilot — Built for Operators

Hancock is CyberViser's elite AI security agent — fine-tuned on Mistral 7B with MITRE ATT&CK, NVD/CVE, and real-world pentest knowledge. Automate pentesting, SOC analysis, and incident response with a single API.

⚡ Get Access View API Docs
hancock — bash
$ python hancock_agent.py --server
[CyberViser] Hancock API starting on port 5000
POST /v1/chat — conversational (pentest|soc|auto)
POST /v1/triage — SOC alert triage
POST /v1/hunt — threat hunting query generator
POST /v1/respond — IR playbook (PICERL)
✓ Hancock online. Model: mistralai/mistral-7b-instruct-v0.3
$
// capabilities

Two Specialists. One Agent.

Hancock switches modes on command — red team or blue team, it adapts to your mission.

🔴 Live
⚔️

Pentest Specialist

Recon, exploitation, post-exploitation, CVE research, and professional report writing. Built on MITRE ATT&CK and NVD. Knows Metasploit, Burp Suite, nmap, sqlmap, and 50+ tools.

🔵 Live
🛡️

SOC Analyst (Tier 2/3)

Alert triage, SIEM queries (Splunk SPL, Elastic KQL, Sentinel KQL), PICERL incident response, Sigma/YARA rule generation, IOC analysis, and threat hunting.

⚡ Live
🤖

Fine-Tuned on Mistral 7B

LoRA fine-tuned on curated cybersecurity datasets — MITRE ATT&CK TTPs, CVE/NVD data, and real pentest Q&A. Runs locally or via NVIDIA NIM inference.

🔌 Live
🌐

REST API Ready

Drop Hancock into any workflow. Seven endpoints: /v1/chat, /v1/ask, /v1/triage, /v1/hunt, /v1/respond, /v1/code, /v1/webhook. JSON in, answers out.

🟢 Live
🐍

Python & Node.js SDKs

Official clients in clients/python/ and clients/nodejs/. One-line install, all 7 endpoints, interactive CLI, streaming output, model alias switching.

🔔 Live
📡

SIEM Webhook Integration

Push alerts from Splunk, Elastic, Sentinel, or CrowdStrike to /v1/webhook — auto-triage with MITRE mapping and instant Slack or Teams notification.

🟡 Soon
👔

CISO Strategy Mode

Board-level risk reporting, compliance gap analysis (SOC2, ISO 27001, NIST CSF), security program roadmaps, and executive summaries — coming in Phase 3.

📋 Planned
🔗

Burp Suite Integration

Native Burp Suite extension for real-time AI analysis of web app findings, automated report generation, and payload suggestion during active engagements.

7B Mistral Parameters
4 Specialist Modes
12 API Endpoints
8 Specialist Modes
// api reference

Simple, Powerful API

Start the server with python hancock_agent.py --server and hit these endpoints.

GET /health Agent status & capabilities check
POST /v1/chat Conversational AI with history (mode: auto|pentest|soc)
POST /v1/ask Single-shot question, no history needed
POST /v1/triage SOC alert triage — severity, MITRE mapping, containment steps
POST /v1/hunt Generate Splunk/Elastic/Sentinel threat hunting queries
POST /v1/respond Full PICERL incident response playbook generation
POST /v1/code Security code gen via Qwen 2.5 Coder 32B — YARA, Sigma, KQL, SPL, exploits
POST /v1/webhook SIEM push webhook — auto-triage + optional Slack/Teams notification
example — /v1/triage
$ curl -X POST http://localhost:5000/v1/triage \
  -H "Content-Type: application/json" \
  -d '{"alert": "Mimikatz detected on DC01 at 03:14 UTC"}'

→ Severity: CRITICAL
→ MITRE: T1003 (OS Credential Dumping) / T1078 (Valid Accounts)
→ Verdict: TRUE POSITIVE — isolate DC01 immediately
→ Actions: [isolate, collect memory dump, reset krbtgt x2, audit]
// roadmap

Building the Full Security Stack

Three phases. One mission: automate cybersecurity from red team to the boardroom.

Phase 1 — 🔨 Building

Pentest Specialist

Fine-tuned Mistral 7B on MITRE ATT&CK, NVD/CVE, and pentest knowledge bases. CLI + REST API with Pentest and SOC modes. NVIDIA NIM inference backend.

Phase 2 — Planned

SOC Analyst Deep Specialization

Expanded fine-tuning on detection engineering, threat intel feeds (MISP/TAXII/STIX), UEBA patterns, and automated Sigma/YARA rule generation pipelines.

Phase 3 — Planned

CISO Strategy & Compliance

Executive reporting, compliance automation (SOC2, ISO 27001, NIST CSF), risk scoring, security program KPIs, and board-ready presentation generation.

Deploy Hancock Today

Source available. Runs locally or in the cloud via NVIDIA NIM. Free for personal use.

⭐ View on GitHub Read the Docs