Capabilities

Built for real engagements.

Every tool runs locally on your Mac. A local LLM orchestrates workflows, maintains context across tool tabs, and assists with analysis throughout the engagement.

⚡

Local LLM Inference

Models run natively on Apple Silicon via MLX. No API keys, no cloud round-trips, no content filtering. All inference stays on your hardware.

◎

Persistent Ops

Each engagement gets a named workspace. Switch between clients and targets without losing context. The model retains full history across every tool tab.

⬡

AI-Assisted & Manual

Describe what you need in natural language or configure tools directly. The AI handles orchestration while you maintain full control over execution.

⊞

Cross-Op Stash

Share artifacts between engagements. Credentials, host lists, payloads, and findings persist in a searchable store accessible from any op.

✎

Report Generation

Findings capture full attack chains with evidence and impact assessment. Generate client-ready reports in PDF, Markdown, or HTML with CVSS scoring.

⌘

Native macOS

Built with SwiftUI. Native rendering, system animations, and blur materials. Runs as a first-class Mac application, not a browser wrapper.

Tooling

Dedicated interfaces for each phase.

Each tool category has its own purpose-built UI. Browse Metasploit modules, monitor hashcat progress, enumerate SMB shares, and run OSINT lookups — all within the same workspace.

Web vulnerability scanner showing findings sorted by severity with CVSS scores

Network tab — SMB enumeration with host discovery, share mapping, and authentication status

Credentials tab — hashcat GPU-accelerated cracking with progress monitoring

Exploit tab — Metasploit module browser with payload configuration and active sessions

Post-exploitation tab — privilege escalation checks with LinPEAS integration

OSINT tab — username and email reconnaissance across platforms

Vulnerability findings with severity classification, affected hosts, and remediation context

Arsenal

30+ integrated tools.

Industry-standard tools for every phase of an engagement. Each runs natively on macOS with output parsed and indexed by the AI.

⊕

Reconnaissance

Subdomain enumeration, DNS resolution, port scanning, service fingerprinting, web technology detection, and crawling.

subfinder dnsx nmap masscan httpx katana theHarvester

⊘

Web Application

Template-based vulnerability scanning, SQL injection, cross-site scripting, directory enumeration, parameter discovery, and fuzzing.

nuclei sqlmap dalfox feroxbuster ffuf arjun wpscan

⊗

Network & AD

Windows protocol enumeration, SMB share mapping, SNMP discovery, packet capture, MITM, and network tunneling.

netexec snmpwalk tshark bettercap chisel

⊙

Credentials

GPU-accelerated hash cracking, online password attacks, hash identification, wordlist management, and secret scanning.

hashcat hydra seclists haiti trufflehog

⊛

Exploitation

Module browsing, payload generation, session management, reverse shells, and post-exploitation frameworks.

metasploit pwncat pwntools sliver

⊜

OSINT & Post-Exploit

Username enumeration, email reconnaissance, privilege escalation auditing, AD attack paths, and metadata extraction.

sherlock holehe impacket linpeas exiftool gowitness

Models

Sized for your hardware.

Curated models optimized for Apple Silicon via adaptive quantization. The app detects your available RAM and recommends the appropriate tier.

S

Small

122B total · 10B active (MoE)

8–16 GB RAM

Qwen3.5-VL-122B-A10B

JANG_2S quantization

M

Medium

MiniMax-M2.5

16–64 GB RAM

MiniMax-M2.5

JANG_2L quantization

L

Large

397B total · 17B active (MoE)

64–192 GB RAM

Qwen3.5-VL-397B-A17B

JANG_1L quantization

XL

Extra Large

400B+ params

192 GB+ RAM

Coming soon

Mac Studio / Mac Pro territory

Stash

Persistent artifact storage across engagements. Drop findings from any tool into a searchable, typed store.

Credentials, hashes, API tokens
Host lists, IP ranges, subdomains
Exploit code, payloads, scripts
Screenshots and evidence captures
Auto-typed, searchable, persistent

Findings & Reporting

Every confirmed vulnerability is tracked with full attack chain documentation, from initial access to impact.

Auto-reconstructed attack narratives
CVSS scoring with remediation guidance
Executive summary generation
Export: PDF, Markdown, HTML, JSON
Localized reports (EN/KO/ZH/ES/JA)

Localization

Five languages. Full interface.

Menus, tool interfaces, AI responses, and generated reports — all localized. Selected during onboarding, changeable anytime in Settings.

🇺🇸English

🇰🇷한국어

🇨🇳中文

🇪🇸Español

🇯🇵日本語

exploitbot