"Intelligence amplified through orchestrated AI agents."
Designed and developed by demonking369
Important
π§ THIS PROJECT IS CURRENTLY IN ACTIVE DEVELOPMENT (BETA Phase) π§
While the core features are functional, you may encounter bugs or incomplete features. We are actively shaping the future of this tool.
- Overview
- Architecture
- Key Features
- Installation Guide
- Usage Manual
- Configuration
- Credits & Thanks
- Disclaimer
NeuroRift is a terminal-based multi-agent intelligence system designed for authorized security research and penetration testing. The framework employs specialized AI agents that work in concert to plan, execute, analyze, and report on security operations with unprecedented precision.
Unlike traditional security tools, NeuroRift leverages NeuroCore, a high-performance, embedded inference engine that replaces external LLM servers with direct llama.cpp C bindings. It features a Scope-File driven autonomous pipeline that ensures all operations stay within authorized boundaries while maximizing cognitive throughput.
Specialized AI Agent Roles:
- NR Planner: Strategic planning and task decomposition
- NR Operator: Terminal-based execution with human-in-the-loop controls
- NR Analyst: Advanced vulnerability analysis with CVSS scoring
- NR Scribe: Professional multi-format report generation
The framework unifies industry-standard tools (nmap, nuclei, subfinder) into a cohesive, modular platform accessible via a modern Web Dashboard or a powerful Command Line Interface (CLI).
NeuroRift is built on a multi-agent orchestration architecture with strict operational discipline:
graph TD
Input["Scope File + Target URL"] --> Parser["Scope Parser"]
Parser --> Enforcer["Scope Enforcer Layer"]
Enforcer -->|Authorized| Recon["Recon Engine (Rust)"]
Recon -->|Findings| Planner["Vuln Planner"]
Planner -->|Strategy| Executor["Execution Loop"]
Executor -->|Tool Calls| Tools["Security Tools"]
Executor <-->|Inference| NeuroCore["NeuroCore (Model Routing)"]
NeuroCore -->|Direct C Bindings| LlamaCPP["llama.cpp static library"]
Executor -->|Real-time Alerts| OpenClaw["OpenClaw Notifications"]
OpenClaw -->|Push| Messaging["Discord/Telegram/Slack/etc."]
Executor -->|Data| Reporter["Report Generator"]
Reporter -->|Final Output| Reports["Markdown/JSON Reports"]
- Direct C Bindings: Embedded runtime using
llama.cppstatic library for zero HTTP overhead. - VRAM-Aware Loading: Real-time VRAM monitoring ensures models are only loaded when needed and unloaded immediately after task completion.
- Multi-Model Task Routing: Dynamically routes tasks to specialized models:
- vuln_planning β
hermes-2-pro - exploit_generation β
deepseek-coder - recon_analysis β
mistral-instruct - context_compression β
phi-3-mini
- vuln_planning β
- CPU Fallback: High-performance execution even on hardware without dedicated GPUs.
- Multi-Platform Support: Sends live updates to Discord, Telegram, Slack, WhatsApp, Signal, Matrix, and 20+ other platforms.
- Configurable Alerts: Complete control via
notifications.yamlfor event toggles (scan_started, vuln_found, etc.). - Severity Filtering: Adjust notifications based on risk levels (low | medium | high | critical).
- Instant Critical Alerts: Critical findings always trigger immediate push notifications regardless of filters.
- NR Planner: Creates strategic execution plans with task decomposition and risk assessment.
- NR Operator: Executes commands with human-in-the-loop controls.
- NR Analyst: Performs advanced vulnerability analysis with CVSS 3.1 scoring.
- NR Scribe: Generates professional reports in multiple formats.
- Rust-Powered: Dedicated high-performance networking core for subdomain enumeration, port scanning, and probing.
- Vulnerability Assessment: Integrated
nucleiscanning for rapid identification of security flaws.
- Required Approval: High-risk commands and external API calls require researchers' explicit consent.
- Audit Trail: Complete logging of all planning decisions and execution outcomes.
- Operating System: Linux (Kali Linux or Ubuntu 22.04+ recommended)
- Python: Version 3.10 or higher
- Node.js & npm: Required for Web Mode and OpenClaw
- Rust: Required for Recon Engine components
-
Clone the Repository
git clone https://github.com/demonking369/NeuroRift.git cd NeuroRift -
Run the Unified Installer
# Handles Rust, Python, and Node.js dependencies bash install_script.sh -
NeuroCore Model Setup
source .venv/bin/activate python -m neurocore.cli setup -
OpenClaw Onboarding (Notifications)
npm install -g openclaw@latest openclaw onboard --install-daemon
# Standard Launch
neurorift --webmod- Access: Open your browser to
http://localhost:3000 - System State: Real-time monitoring of NeuroCore model status and pipeline progress.
# Start an autonomous assessment
neurorift -t example.com --scope my_scope.txt --orchestratedNeuroRift configuration is managed via specialized YAML files:
config/models.yaml: Controls NeuroCore model paths, roles, and VRAM limits.config/notifications.yaml: Configuration for messaging channels and severity filters.configs/neurorift_config.json: Core engine parameters.
| Variable | Description | Default |
|---|---|---|
NEUROCORE_MODEL |
Primary LLM for Orchestrated Pipeline | hermes-2-pro |
NEUROCORE_MODELS_PATH |
Path to your local GGUF model storage | ~/neurocore/models/ |
AI_ENABLED |
Master switch for AI components | true |
NeuroRift is purpose-built for AUTHORIZED security testing, red teaming, and educational research.
- Authorization Required: You must have explicit, written permission from the owner of any system you test.
- Liability: The developer is not liable for any misuse or damage.
NeuroRift is independently developed by demonking369.
- NeuroCore β Custom high-performance LLM runtime (demonking369)
- OpenClaw β Unified notification and approval layer
- llama.cpp β Static library for C bindings
- ProjectDiscovery β Security tools (subfinder, nuclei, httpx)
- Next.js β Web Mode dashboard framework
- Nmap β Network scanning core
Thanks to the open-source projects that inspired and supported NeuroRift.
Designed and developed with β€οΈ and β by demonking369