VYPR
researchPublished Jul 3, 2026· 1 source

Nebula AI Platform Integrates LLMs into Terminal for Automated Penetration Testing

BerylliumSec's open-source Nebula platform brings AI-powered vulnerability assessment and exploit script generation directly into the command-line interface for penetration testers.

A new open-source security tool is bringing large language models directly into the penetration tester's terminal. Nebula, developed by BerylliumSec, integrates state-of-the-art AI models into the command-line interface, allowing ethical hackers and security professionals to automate vulnerability assessments, generate exploit scripts, and maintain engagement documentation without switching contexts.

Nebula supports multiple AI backends, giving users flexibility based on infrastructure and privacy needs. Supported models include OpenAI's API-accessible models, Meta's Llama-3.1-8B-Instruct, Mistral AI's Mistral-7B-Instruct-v0.2, and DeepSeek-R1-Distill-Llama-8B. Local inference is handled through Ollama, which supports both CPU and GPU execution, while cloud-based models can be accessed via API keys. The tool works alongside any CLI-invokable security utility, meaning testers can pair it with existing toolchains like Nmap, Metasploit, or custom scripts rather than replacing established workflows.

Key features of the Nebula Penetration Testing Platform include AI-powered internet search agents that pull real-time cybersecurity context into responses, automated note-taking that categorizes findings during live engagements, and real-time exploitation suggestions based on terminal tool output. It also supports external tool data import for AI-assisted analysis, built-in screenshot capture and annotation for documentation, and a status feed panel that refreshes every five minutes to show recent testing activity.

Users interact with the AI by prefixing commands with "!" or toggling a dedicated AI/Terminal mode button, allowing them to move fluidly between manual terminal work and AI-assisted queries. Nebula requires at least 16GB RAM and Python 3.10–3.13.9 for CPU-based inference via Ollama. Installation is handled through pip: python -m pip install nebula-ai --upgrade.

For local models, users install Ollama, pull a model (e.g., ollama pull mistral), and reference the exact model name in Nebula's engagement settings. OpenAI models require setting an API key as an environment variable (OPENAI_API_KEY) before launching the tool. A Docker deployment option is also available, using X11 forwarding for GUI support alongside volume mounts for logs and engagement folders.

Alongside Nebula, BerylliumSec has also introduced the Deep Application Profiler (DAP), a complementary malware analysis service. Rather than relying on traditional signature-based detection, DAP uses neural networks to analyze an executable's internal structure and behavioral intent, enabling detection of zero-day malware that signature-based tools typically miss. DAP is available as both a web service and an API, providing detailed breakdowns for analyst review.

BerylliumSec has indicated plans to develop custom models purpose-built for penetration testing tasks, rather than relying solely on general-purpose LLMs adapted for security use cases. This suggests future versions of Nebula may offer more specialized, domain-tuned outputs for vulnerability discovery and exploitation guidance. Nebula reflects a broader trend of AI integration into offensive security tooling, where LLMs assist with reconnaissance, note-taking, and exploit ideation directly inside the workflows testers already use.

The tool can be downloaded from GitHub. By supporting both local and cloud-based models, it addresses varying operational security requirements, from air-gapped local inference to convenience-driven API access. Troubleshooting logs stored at ~/.local/share/nebula/logs should help users diagnose most runtime errors independently.

Synthesized by Vypr AI