Labsco
NIHAR-SARKAR logo

CHAI pentest tool

โ˜… 8

from NIHAR-SARKAR

Cyber Host Artificial Intelligence (C.H.A.I) is Autonomous penetration testing MCP (Model Context Protocol) server with an integrated AI decision engine, multi-provider LLM support, and an extensible plugin architecture.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedFreeAdvanced setup

CHAI

Cyber Host Artificial Intelligence (C.H.A.I)

A production-ready, autonomous penetration testing MCP (Model Context Protocol) server with an integrated AI decision engine, multi-provider LLM support, and an extensible plugin architecture. Designed for Raspberry Pi 4/5 running Kali Linux ARM64.

Architecture Overview

External Client (CHAI / any MCP tool)
         โ”‚  MCP stdio/SSE
         โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚         MCP Security Server             โ”‚
โ”‚                                         โ”‚
โ”‚  run_autonomous_scan()                  โ”‚
โ”‚         โ”‚                               โ”‚
โ”‚    โ”Œโ”€โ”€โ”€โ”€โ–ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”          โ”‚
โ”‚    โ”‚   execution_loop.py     โ”‚          โ”‚
โ”‚    โ”‚  (local, no LLM here)   โ”‚          โ”‚
โ”‚    โ”‚  tool1 โ†’ tool2 โ†’ tool3  โ”‚          โ”‚
โ”‚    โ””โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜          โ”‚
โ”‚         โ”‚ at phase boundaries only      โ”‚
โ”‚    โ”Œโ”€โ”€โ”€โ”€โ–ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”          โ”‚
โ”‚    โ”‚   ai_planner.py         โ”‚          โ”‚
โ”‚    โ”‚  plan / evaluate /      โ”‚โ—„โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€ llm/provider_factory.py
โ”‚    โ”‚  summarize              โ”‚          โ”‚   (Azure / OpenAI / Claude /
โ”‚    โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜          โ”‚    Bedrock / OpenRouter / HF)
โ”‚                                         โ”‚
โ”‚  All tools, safety, sandbox unchanged   โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

Design Philosophy: THIN BRAIN, THICK LOOP

  • The internal LLM fires only at decision boundaries, not per-step
  • A local execution_loop handles tool chaining deterministically between LLM calls
  • Keeps token usage low (~6-10 calls per full pentest) and latency acceptable on a Pi 4

Features

Multi-Provider LLM Support

  • Azure OpenAI (GPT-4.1, GPT-4o, GPT-5+, Kimi, DeepSeek via Azure AI Foundry)
  • Direct OpenAI (GPT-4.1, GPT-4o, etc.)
  • Anthropic Claude (Sonnet, Opus)
  • Amazon Bedrock (Claude, Titan, Llama via AWS)
  • OpenRouter (100+ models with one key)
  • HuggingFace (DeepSeek, Qwen, Llama via Inference API)

AI Decision Engine

  • plan(): Decides what to test next based on findings
  • evaluate(): Decides whether to continue or stop
  • summarize_for_report(): Generates executive summary and remediation priorities

Security & Sandboxing

  • firejail profiles with rlimit restrictions
  • Linux cgroups for resource limiting
  • Restricted user (pentester) execution
  • Tiered safety policy (Tier 1/2/3)
  • Immutable audit logging of all commands and AI decisions

Plugin System

  • Auto-discovers plugins from plugins/bundled/ and plugins/external/
  • Drop-in plugin architecture โ€” no core changes needed
  • Bundled plugins: Feroxbuster, Metasploit, Burp Suite API

Database

  • SQLite ONLY โ€” no Neo4j, Redis, or Postgres required
  • WAL mode for better concurrency
  • Knowledge graph with 50+ attack techniques and recursive CTE chain queries

Project Structure

CHAI/
โ”œโ”€โ”€ main.py                          # FastMCP server entry point
โ”œโ”€โ”€ config.py                        # Configuration loader
โ”œโ”€โ”€ config.yaml                      # Main configuration (no secrets)
โ”œโ”€โ”€ .security.yml                    # API keys (git-ignored)
โ”œโ”€โ”€ requirements.txt                 # Python dependencies
โ”œโ”€โ”€ app_context.py                   # Application context singleton
โ”‚
โ”œโ”€โ”€ llm/                             # Multi-provider LLM adapter layer
โ”‚   โ”œโ”€โ”€ base_provider.py             # Abstract base class
โ”‚   โ”œโ”€โ”€ provider_factory.py          # Provider selection with fallback
โ”‚   โ”œโ”€โ”€ prompt_templates.py          # All LLM prompts (versioned)
โ”‚   โ””โ”€โ”€ providers/
โ”‚       โ”œโ”€โ”€ azure_openai.py          # Azure OpenAI
โ”‚       โ”œโ”€โ”€ openai_direct.py         # Direct OpenAI
โ”‚       โ”œโ”€โ”€ anthropic_claude.py      # Claude
โ”‚       โ”œโ”€โ”€ amazon_bedrock.py        # AWS Bedrock
โ”‚       โ”œโ”€โ”€ openrouter.py            # OpenRouter
โ”‚       โ””โ”€โ”€ huggingface.py           # HuggingFace
โ”‚
โ”œโ”€โ”€ core/                            # Core engine
โ”‚   โ”œโ”€โ”€ session_manager.py           # SQLite session CRUD + state machine
โ”‚   โ”œโ”€โ”€ safety_policy.py             # Command validation, tier system
โ”‚   โ”œโ”€โ”€ process_controller.py        # firejail/cgroups/chroot wrapper
โ”‚   โ”œโ”€โ”€ audit_logger.py              # Immutable audit logging
โ”‚   โ”œโ”€โ”€ ai_planner.py                # LLM decision engine (3 call types)
โ”‚   โ””โ”€โ”€ execution_loop.py            # Local chain runner
โ”‚
โ”œโ”€โ”€ kb/                              # Knowledge Base
โ”‚   โ”œโ”€โ”€ graph_db.py                  # Attack graph with recursive CTE
โ”‚   โ”œโ”€โ”€ playbook_loader.py           # Playbook section extraction
โ”‚   โ””โ”€โ”€ vector_search.py             # Vector/BM25 search
โ”‚
โ”œโ”€โ”€ tools/                           # Security testing tools
โ”‚   โ”œโ”€โ”€ base.py                      # Base tool class
โ”‚   โ”œโ”€โ”€ recon.py                     # Reconnaissance
โ”‚   โ”œโ”€โ”€ scan.py                      # Vulnerability scanning
โ”‚   โ”œโ”€โ”€ injection.py                 # Injection testing
โ”‚   โ”œโ”€โ”€ auth.py                      # Authentication testing
โ”‚   โ”œโ”€โ”€ network.py                   # Network testing
โ”‚   โ”œโ”€โ”€ poc.py                       # PoC generation
โ”‚   โ”œโ”€โ”€ exec.py                      # Custom command execution
โ”‚   โ”œโ”€โ”€ analyze.py                   # Findings analysis
โ”‚   โ”œโ”€โ”€ report.py                    # Report generation
โ”‚   โ””โ”€โ”€ autonomous.py                # Autonomous scan orchestrator
โ”‚
โ”œโ”€โ”€ plugins/                         # Plugin system
โ”‚   โ”œโ”€โ”€ plugin_base.py               # Base class
โ”‚   โ”œโ”€โ”€ plugin_loader.py             # Auto-discovery loader
โ”‚   โ””โ”€โ”€ bundled/
โ”‚       โ”œโ”€โ”€ feroxbuster_plugin.py    # Directory bruteforcer
โ”‚       โ”œโ”€โ”€ metasploit_plugin.py     # Metasploit Framework
โ”‚       โ””โ”€โ”€ burp_api_plugin.py      # Burp Suite Pro API
โ”‚
โ”œโ”€โ”€ models/                          # Data models
โ”‚   โ”œโ”€โ”€ session.py                   # Session and Finding models
โ”‚   โ””โ”€โ”€ schemas.py                   # Pydantic schemas
โ”‚
โ”œโ”€โ”€ utils/                           # Utilities
โ”‚   โ”œโ”€โ”€ command_parser.py            # Command parsing
โ”‚   โ”œโ”€โ”€ output_parser.py             # Tool output parsing
โ”‚   โ””โ”€โ”€ cvss_calculator.py           # CVSS v3.1 calculator
โ”‚
โ””โ”€โ”€ data/                            # Database schemas & profiles
    โ”œโ”€โ”€ init_sessions.sql            # Session DB schema + AI decisions table
    โ”œโ”€โ”€ init_graph.sql               # Knowledge graph (50+ nodes)
    โ””โ”€โ”€ firejail/
        โ””โ”€โ”€ pentest.profile          # Firejail sandbox profile

Adding a New LLM Provider

Step 1 โ€” Create llm/providers/gemini.py:

from llm.base_provider import BaseLLMProvider, LLMResponse

class GeminiProvider(BaseLLMProvider):
    def __init__(self, config): ...
    @property
    def provider_name(self): return "gemini"
    async def complete(self, ...): ...
    async def health_check(self): ...

Step 2 โ€” Add one case to llm/provider_factory.py:

case "gemini":
    from llm.providers.gemini import GeminiProvider
    return GeminiProvider(config)

Step 3 โ€” Add config block to config.yaml:

llm:
  gemini:
    enabled: true
    model: "gemini-2.5-pro"
    api_base: "https://generativelanguage.googleapis.com/v1beta/openai"

Step 4 โ€” Add key to .security.yml:

gemini:
  api_key: ""

Step 5 โ€” Change active_provider: "gemini" in config.yaml.

That's it. No other files change.

Adding a New Pentest Plugin

Step 1 โ€” Create plugins/external/gospider_plugin.py:

from plugins.plugin_base import PentestPlugin, PluginMetadata, PluginResult

class GospiderPlugin(PentestPlugin):
    @property
    def metadata(self):
        return PluginMetadata(
            name="gospider", display_name="GoSpider Web Crawler",
            version="1.1.6", description="Fast web spider",
            tier="tier1", requires_binary="gospider",
            tags=["web", "recon", "crawler"],
        )
    async def run(self, session_id, target, args, process_controller, safety_policy, session_manager):
        # Build command, validate through safety_policy, execute via process_controller
        ...

Step 2 โ€” Restart the server. The plugin auto-loads.

That's it. No changes to core application.

LLM Call Budget

For a 4-phase autonomous scan:

  • Phase 1: plan() + evaluate() = 2 calls
  • Phase 2: plan() + evaluate() = 2 calls
  • Phase 3: plan() + evaluate() = 2 calls
  • Phase 4: plan() + evaluate() = 2 calls
  • Report: summarize_for_report() = 1 call
  • Total: ~9 LLM calls per full pentest

This keeps token usage low and latency acceptable on a Raspberry Pi 4.

Safety & Compliance

  • Command denylist: Dangerous commands (rm -rf /, fork bombs, etc.) are blocked
  • Tier system: Tools classified by risk (Tier 1/2/3)
  • Scope checking: Commands validated against defined scope
  • Rate limiting: Per-tier concurrent execution limits
  • Sandboxing: All commands run through firejail with resource limits
  • Audit trail: Every command and AI decision is logged immutably

Support

For issues and questions: