Skip to main content

CyberMind CLI

CyberMind Docs

Core Workflows

OMEGA Planning Mode — AI builds your full attack plan before you run a single tool

Planning mode is the most intelligent entry point on Linux. It runs passive recon first, sends all intelligence to AI, and returns a deep 9-phase attack plan tailored to your exact target.

$cybermind /plan example.com

What OMEGA Planning Mode does

Instead of running tools blindly, /plan first collects passive intelligence about the target — DNS records, Shodan data, HTTP headers, tech stack, open ports — then sends everything to AI. The AI returns a structured JSON attack plan with exact tool flags, skip lists, timing strategy, and CVE pre-detection. CyberMind then executes that plan automatically.

  • Passive recon first — zero active probing before the plan is built.
  • AI analyzes target intelligence and builds a 9-phase plan.
  • Every phase has exact tool flags, not just tool names.
  • WAF-aware — Cloudflare, Akamai, Imperva bypass strategies built in.
  • Target-specific — WordPress gets wpscan, GraphQL gets graphw00f, JWT gets jwt_tool.
  • Auto-doctor runs before execution — missing tools are installed automatically.
  • System resource check — warns if RAM or disk is low before starting.

The 9-phase attack plan

OMEGA Planning Mode produces a plan across 9 phases. Each phase is executed in priority order based on the target type.

  • Phase 1 — Passive OSINT: whois, theHarvester, dig (all DNS records, emails, org intel).
  • Phase 2 — Subdomain Enumeration: reconftw (50+ tools), subfinder, amass, dnsx, puredns.
  • Phase 3 — Port Scanning: rustscan → nmap → naabu → masscan (full 65535 ports).
  • Phase 4 — HTTP Fingerprinting: httpx, whatweb, tlsx, wafw00f (tech stack + TLS + WAF).
  • Phase 5 — Directory Discovery: ffuf, feroxbuster, gobuster (recursive, 13 extensions).
  • Phase 6 — Vulnerability Scanning: nuclei (500 threads, all CVE tags), nikto, katana.
  • Phase 7 — Hunt Mode: waymore, gau, gospider, x8, arjun, dalfox, kxss, ssrfmap, tplmap.
  • Phase 8 — Secret Hunting: trufflehog, secretfinder, subjs, mantra, cariddi.
  • Phase 9 — Exploitation: sqlmap, commix, wpscan, hydra, metasploit, jwt_tool, graphw00f.

How to use it — step by step

Planning mode is Linux-only. Run it on Kali or any Debian-based system.

# Basic usage — AI builds full plan for target
cybermind /plan example.com

# What happens automatically:
# 1. System resource check (RAM, disk, CPU)
# 2. Auto-doctor — checks and installs all tools
# 3. Passive recon — DNS, Shodan, HTTP headers collected
# 4. AI analysis — 9-phase plan generated
# 5. Plan displayed — you confirm before execution
# 6. Execution — phases run in priority order
# 7. Results — AI analysis after each phase

Full Linux workflow — from zero to exploitation

This is the complete recommended flow on Kali Linux. Planning mode chains into recon, hunt, and Abhimanyu automatically.

# Step 1: Install CyberMind
curl -sL https://cybermindcli1.vercel.app/install.sh | bash

# Step 2: Save your API key
cybermind --key cp_live_xxxxx

# Step 3: Install all tools (one time)
cybermind /install-tools

# Step 4: Run OMEGA Planning Mode
cybermind /plan target.com

# --- Planning mode auto-runs phases ---
# After plan completes, you can also run individually:

# Step 5: Deep recon (if you want manual control)
cybermind /recon target.com

# Step 6: Vulnerability hunt
cybermind /hunt target.com

# Step 7: Exploit confirmed vulnerabilities (Elite plan)
cybermind /abhimanyu target.com

# Step 8: Generate professional pentest report
cybermind report

Difference between /plan, /recon, /hunt, and /abhimanyu

Each mode has a specific role. Use them in order for maximum coverage.

  • /plan — AI-first. Builds the strategy before running anything. Best starting point.
  • /recon — Execution-first. Runs all 20 recon tools immediately. Use when you already know the target type.
  • /hunt — Vulnerability-focused. Runs after recon. Finds XSS, SQLi, SSRF, hidden params.
  • /abhimanyu — Exploitation. Runs after hunt. Exploits confirmed vulnerabilities. Elite plan only.

Tool flags used in each phase

Planning mode uses the most powerful flags for every tool — not defaults.

  • nuclei: -c 500 -rl 100 -tags cve,xss,sqli,ssrf,lfi,rce,xxe,idor,misconfig,exposure,takeover
  • subfinder: -all -t 500 (all passive sources, 500 threads)
  • ffuf: -t 300 -recursion -recursion-depth 4 -ac (recursive, auto-calibrate)
  • nmap: -sS -sV -sC -T4 -p- --min-rate 10000 --script vuln,auth,http-vuln*
  • sqlmap: --batch --level 5 --risk 3 --dbs --dump-all --tamper space2comment,between,randomcase
  • dalfox: --waf-bypass --trigger alert(1) --follow-redirects

WAF bypass strategy

If a WAF is detected during passive recon, the AI automatically adjusts the plan.

  • Cloudflare detected → stealth mode, slow nuclei rate, Cloudflare-specific bypass payloads.
  • Akamai detected → header manipulation, rate limiting, Akamai bypass techniques.
  • Imperva detected → encoding variations, slow scan mode.
  • No WAF → aggressive mode, full speed, all tools at maximum threads.

Requirements

Planning mode requires Linux (Kali recommended) and an active API key.

  • OS: Linux or Kali Linux (not available on Windows or macOS).
  • API key: any plan — free plan gets AI chat + planning, Elite gets full exploitation.
  • Tools: /install-tools installs everything automatically.
  • RAM: 2GB minimum recommended for full pipeline.
  • Internet: required for passive recon and AI analysis.

Installation

Install CyberMind on Linux.

open

Recon mode

Run recon without planning mode.

open

Hunt mode

Vulnerability hunting after recon.

open

Abhimanyu mode

Exploitation engine.

open