As a security analyst, a typical workflow for me was a frustrating juggling act: run an Nmap scan, manually parse the output, search for CVEs, find an exploit script, set up a listener in Metasploit, and then finally launch the exploit.
I was drowning in terminal windows and context-switching, and I knew there had to be a better way.
So, I built Syd: a desktop assistant that acts as an intelligent front-end for the security tools I use every day. My goal was to create an "analyst co-pilot" that automates the tedious parts and provides expert guidance, letting me
focus on the actual analysis. It's built in Python with a simple Tkinter GUI.
Here's a concrete example—the "Pwn a Box" workflow that Syd now streamlines:
1. Recon: I kick off an Nmap scan directly from Syd's UI.
2. Automated Analysis: The moment the scan finishes, Syd's own rule-based engine and local CVE database parse thenresults. It automatically identifies a service (e.g., "vsftpd 2.3.4") and finds it's vulnerable, recommending a specific Metasploit module(exploit/unix/ftp/vsftpd_234_backdoor).
3. Strategic Guidance: This is where the AI comes in. I can take that analysis and ask Syd, "What's the best way to approach this?" and its RAG-powered chat gives me high-level strategic advice on exploitation, post-exploitation, and privilege escalation, all based on its embedded knowledge base.
4. Execution & C2: I then pivot to the Metasploit page within Syd. It uses a controller to connect to the Metasploit RPC server, pre-configures the recommended exploit, sets the LHOST/RHOST, and launches it. When the exploit succeeds, the new session appears right there in the UI, ready for interaction.
What used to be 30 minutes of manual work across five different tools is now a guided, 2-minute workflow within a
single interface.
For security, the whole system is designed to be air-gapped (it's delivered on a physical SSD) and the AI assistance is powered by local models and a curated knowledge base, so no sensitive data ever leaves the machine. It also integrates Volatility for memory analysis, YARA for malware hunting, and more.
The videos on my site are a bit rough, but they show some of this in action. The project is still evolving, and I'd love to get the HN community's feedback, ideas, or even contributions.
There's a mailing list on the website if you're interested in major updates or want to be part of a future beta for a more advanced version.
Website (with videos & mailing list): https://sydsec.co.uk/
paul2495•1h ago
Here's a concrete example—the "Pwn a Box" workflow that Syd now streamlines: