What's new in CyberMind

CyberMind v4.4.0 introduces four new specialized offensive security modes: DevSec scanning, autonomous AI hacking, vulnerability chaining, and multi-day red team campaigns.

• ✓/devsec [Starter+] — Scan GitHub repos for secrets (trufflehog/gitleaks), SAST (semgrep), and vulnerable deps (trivy/npm audit/pip-audit)
• ✓/vibe-hack [Pro+] — Autonomous AI hacking session: AI decides next attack step, streams live via SSE, saves full transcript
• ✓/chain [Pro+] — Reads Brain_Memory findings and suggests multi-step exploit chains (e.g., SSRF+IDOR → PII leak) with PoC
• ✓/red-team [Elite] — Structured 7-day campaign: OSINT → Phishing → Initial Access → Lateral Movement → Persistence → Report

OMEGA now auto-detects what kind of target you gave it and runs the right pipeline automatically. No more manually picking modes — just give it a target and it figures out the rest.

• ✓Web/domain → OSINT Deep → Recon → Hunt → BizLogic → Abhimanyu → Cloud → Aegis → Report
• ✓IP address → OSINT → Port scan → CVE Feed → Abhimanyu network → Report
• ✓Email → Breach check (HIBP + BreachDir) → OSINT Deep → Threat Intel
• ✓Phone (+91...) → WhatsApp OSINT → OSINT Deep → Locate
• ✓Username/person → OSINT Deep (3000+ sites) → Breach check
• ✓Company name → OSINT → Cloud misconfigs → Breach → Recon
• ✓Binary/ELF/PE → RevEng (static + dynamic + decompile) → Malware scan
• ✓APK file → Mobile analysis → RevEng mobile mode
• ✓MD5/SHA hash → VirusTotal + MalwareBazaar + OTX threat intel
• ✓Non-web targets auto-run their pipeline — web/IP continue to full OMEGA flow

Every Python tool now installs in a fully isolated environment. No more 'externally-managed-environment' errors on Kali 2024+, Ubuntu 23+, or Debian 12+. Three-layer fallback ensures tools always install.

• ✓Layer 1: pipx with PIPX_BIN_DIR=/usr/local/bin — best isolation, binary auto-lands in PATH
• ✓Layer 2: /opt/<toolname>-venv — dedicated venv per tool, symlinked to /usr/local/bin
• ✓Layer 3: pip3 --break-system-packages — last resort for old systems only
• ✓Git tools: .venv inside installDir, wrapper script uses venv python
• ✓C2 tools (sliver, havoc): document-only — setup guide saved to /tmp/cybermind_c2_setup.txt
• ✓installOmegaToolAlt upgraded: uses isolated venv instead of raw pip3
• ✓Abhimanyu InstallTool: Python tools use venv, C2 tools skip with clear message
• ✓Fixes: 'externally-managed-environment', requirements.txt conflicts, version clashes

The brain now learns from every single tool run. Confidence scores update in real-time. Future scans automatically prioritize tools that found things before. The system gets smarter with every target.

• ✓RecordToolRun() called after every recon and hunt tool — success/failure/duration tracked
• ✓RecordScanComplete() after full session — bug types, tech stack, WAF vendor saved
• ✓Tool confidence scores: +10-20 on success (more output = bigger boost), -5 on failure
• ✓Self-model: best tools, weak tools, best vuln types, best tech targets — all updated live
• ✓GetAdaptiveToolOrder() — future scans run highest-confidence tools first
• ✓SelfReflect() — generates insights: success rate, avg bugs/scan, recommendations
• ✓Brain memory: ~/.cybermind/brain/targets/<target>.json + self_model.json
• ✓Cross-session: patterns that worked, false positives to skip, tech stack remembered

Research-backed additions from 2025-2026 offensive security landscape. Every tool is real, installable, and integrated into the exploit pipeline with proper fallback args.

• ✓interactsh-client — OOB/blind detection: blind SSRF, blind XSS, blind RCE, Log4Shell
• ✓ffuf — IDOR fuzzing (numeric IDs), auth bypass, API endpoint discovery
• ✓ghauri — modern SQLi tool: WAF bypass, JSON injection, GraphQL SQLi (better than sqlmap for modern apps)
• ✓puredns — 10M+ subdomains/hour, wildcard filtering, faster than amass
• ✓jwt_tool — none algorithm, RS256→HS256 confusion, key injection, claim tampering
• ✓cloud_enum — AWS S3, Azure blobs, GCP storage misconfigs
• ✓pacu — AWS post-exploit: IAM privesc, Lambda backdoors, EC2 SSRF
• ✓roadrecon — Azure AD recon: users, groups, apps, conditional access policies
• ✓trufflehog — leaked AWS keys, GitHub tokens, Stripe keys in source code
• ✓sliver — modern C2 framework (documented, not auto-installed)
• ✓havoc — advanced C2 with AMSI/ETW bypass (documented, not auto-installed)
• ✓nuclei-fuzz — fuzzing templates mode, finds logic bugs nuclei misses

Real-time per-user usage tracking across all API endpoints. Anomaly detection for abuse patterns. Admin dashboard endpoint for visibility into who's using what.

• ✓Per-user hourly/daily request counts with plan-based limits
• ✓Expensive endpoints (recon/hunt/abhimanyu) count double toward daily limit
• ✓Anomaly detection: hourly spikes (>3x plan limit), near-limit warnings (>80%)
• ✓Scan abuse detection: free plan >3 scan jobs, starter >10 scan jobs
• ✓Endpoint diversity detection: >8 different endpoints in <20 requests (scraping)
• ✓/usage-stats admin endpoint: real-time per-user data, sorted by daily usage
• ✓Async Supabase logging: usage_logs table (fire-and-forget, non-blocking)
• ✓Wired into: chat, recon, hunt, abhimanyu, plan, cve, report, wordlist routes

Two missing helper functions that were silently breaking features. portListOrDefault was referenced in abhimanyu/engine.go but never defined — MSF resource scripts were generating with empty port lists.

• ✓portListOrDefault() added to omega/plan.go — MSF scripts now include correct port list
• ✓appendUniqueStr() added to hunt/engine.go — bug type deduplication in brain recording
• ✓Both functions were referenced but undefined — silent failures now fixed
• ✓go vet passes clean — zero warnings across all packages