Skip to content

vgnshwar/kestrel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
code
code
 
 
data
data
 
 
outputs
outputs
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Kestrel

A cybersecurity research assistant built using Retrieval-Augmented Generation (RAG). Kestrel enables efficient question-answering on cybersecurity knowledge by combining vector search with large language models, making research faster and more precise.

🔗 Watch a demo of Kestrel in action

Features

  • Choose reasoning strategy: Chain of Thought, ReAct, Self-Ask, or skip for direct answers
  • Cybersecurity-focused RAG pipeline for precise and reliable responses
  • Converts knowledge bases into vector embeddings for fast retrieval
  • Retrieves relevant documents from an indexed vector database
  • Builds contextual prompts by combining retrieved content, reasoning mode, and system instructions
  • Generates finite, grounded answers using LLMs
  • Modular design to swap datasets, vector databases, or LLM providers
  • Stores responses and logs in the outputs/ directory for review

Repository Structure

📦 Kestrel
├─ .env.example
├─ .gitignore
├─ LICENSE
├─ README.md
├─ code
│  ├─ config
│  │  ├─ prompt_config.yaml
│  │  └─ reasoning_config.yaml
│  ├─ paths.py
│  ├─ to_llm.py
│  ├─ to_vectordb.py
│  └─ utils.py
├─ data
│  └─ 1dfc5bee07ff.json
├─ outputs
│  ├─ .gitignore
│  ├─ demo.mov
│  └─ vector_db
│     └─ .gitignore
└─ requirements.txt

Installation

git clone https://github.com/vgnshwar/Kestrel.git
cd Kestrel
python3 -m venv .venv
source venv/bin/activate
pip install -r requirements.txt
python code/to_llm.py

cybersecurity Research Queries

What mitigation steps are recommended for an unauthenticated directory traversal vulnerability in a web appliance.

List any Metasploit modules in the DB that mention CVE-2023-20198 and summarize what they exploit and which versions are affected.

Which modules in the DB target Active Directory Certificate Services (ADCS) template misconfigurations or certificate issuance attacks? Provide module fullnames and short purpose.

Explain the full TLS 1.3 handshake exchange (messages and purpose) and show how a server implements key update. Cite sources.

Kestrel first asks the user to choose a reasoning mode like CoT (Chain of Thought), ReAct, Self-Ask, or simply press Enter to continue without selecting. The user provides their query. Kestrel fetches the most relevant documents from the indexed vector database. The retrieved documents are combined with the chosen reasoning instructions and the system prompt. The complete prompt is sent to the LLM, which produces a grounded, finite answer.

Roadmap

  • Add support for multiple vector DBs (FAISS, Pinecone, Weaviate).
  • Expand cybersecurity corpus (NVD, MITRE ATT&CK, CWE, etc.).
  • Web interface for interactive research.
  • Evaluation framework for measuring answer quality.

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

Kestrel — A question-answering system using RAG serving as a cybersecurity research assistant.

Topics

python rag langchain chromadb vectordb

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages