Features

A unified offline AI platform for red teams, blue teams and forensics investigators. Paste your tool output and get expert analysis instantly.

25+ tools planned Red Team + Blue Team 100% offline 9.27/10 avg accuracy

Core Architecture

Qwen 2.5 14B

Local LLM via llama-cpp-python. No Ollama, no GPU required. CPU inference with AVX2-free build for maximum hardware compatibility.

Anti-Hallucination

Fact-extraction layer runs before the LLM. Deterministic parsers extract verifiable facts from tool output. Only those facts reach the model.

FAISS RAG

Per-tool FAISS knowledge bases using IndexFlatIP with L2-normalised embeddings. Each tool has its own dedicated knowledge store.

100% Offline

Zero outbound calls after deployment. Runs in SCIFs, hospitals and classified networks. No telemetry, no phone-home, no cloud.

Edition Guide

Community Free, open source
Pro £250/yr, 6 tools
Expert £500/yr, 16 tools
Enterprise £1,000/yr, 26 tools
Coming Soon In development

🔴 Red Team Tools

Offensive security intelligence. Turn raw tool output into exploitation plans, attack chains and next-step recommendations.

Nmap

Community Pro

96.7% Accuracy

Parses Nmap XML output to identify open ports, running services and software versions. Cross-references findings against CVE data and generates evidence-based exploit recommendations grounded in your actual scan. No invented vulnerabilities.

  • Service and version fingerprinting
  • CVE cross-referencing
  • Metasploit module suggestions
  • Evidence-based attack chain planning

BloodHound

Community Pro

10/10 Accuracy

Analyses BloodHound JSON output to map Active Directory attack paths, identify privilege escalation opportunities and recommend lateral movement techniques. Cites specific findings from your enumeration data rather than generic AD advice.

  • AD attack path identification
  • Privilege escalation opportunities
  • Kerberoasting / AS-REP roasting detection
  • Domain dominance path planning

NetExec (NXC)

Pro

9.2/10 Accuracy

Analyses NetExec (formerly CrackMapExec) output for SMB enumeration results, credential spraying outcomes, share discovery and Active Directory findings. Recommends next steps in the attack chain based on what was discovered.

  • SMB enumeration analysis
  • Credential spray result interpretation
  • Share and permission discovery
  • Attack chain next-step guidance

Metasploit

Expert

Available Now

Full Metasploit integration, not just analysis but an intelligent interface to the framework itself. Browse modules with a split-pane treeview, view source code, build RC scripts visually and launch interactive msfconsole sessions with live output streaming.

  • Module browser with Ruby metadata parser
  • Source code viewer
  • CVE search normalisation
  • RC script builder & visual launcher
  • Interactive msfconsole with live output
  • "Ask Syd About Module" AI chat
  • Save/load .rc scripts

Sliver C2

Expert

Coming Soon

Sliver Command and Control framework integration. Knowledge base complete (21 documents, 7,986 lines covering beginner to expert usage). FAISS indexing and GUI page currently in development.

  • Implant management guidance
  • C2 traffic analysis
  • Listener configuration assistance
  • Detection evasion techniques
  • Operator workflow guidance

Responder

Expert

Coming Soon

LLMNR, NBT-NS and MDNS poisoner analysis. Interprets Responder output to identify captured credentials, assess the network environment and recommend follow-up credential relay or cracking steps.

  • Captured credential analysis
  • Hash relay opportunity identification
  • Network poisoning assessment

Impacket

Expert

Coming Soon

Python network protocol toolkit analysis. Interprets Impacket tool output (secretsdump, psexec, wmiexec, etc.) for lateral movement, credential extraction and remote execution activities.

  • secretsdump output analysis
  • Lateral movement guidance
  • Remote execution interpretation

Hashcat

Expert

Coming Soon

Advanced password recovery assistance. Helps identify hash types, recommend attack modes, optimise wordlist selection and interpret cracking results, all without sending hashes anywhere.

  • Hash type identification
  • Attack mode recommendations
  • Wordlist and rule optimisation
  • Cracking result analysis

Feroxbuster

Expert

Coming Soon

Web content discovery analysis. Interprets Feroxbuster results to identify interesting endpoints, hidden directories and potential attack vectors from recursive web enumeration output.

  • Interesting endpoint identification
  • Attack surface mapping
  • Follow-up enumeration suggestions

Curl

Expert

Coming Soon

HTTP request analysis and web interaction assistance. Interprets curl command output to identify server responses, headers, authentication mechanisms and potential vulnerabilities exposed through web endpoints.

  • HTTP response analysis
  • Header and cookie interpretation
  • Authentication mechanism identification
  • Follow-up attack recommendations

Payload Builder

Expert

Coming Soon

AI-assisted payload generation guidance. Helps craft and adapt payloads for specific target environments based on enumeration findings, suggesting appropriate encoding, obfuscation and delivery methods for the engagement.

  • Environment-aware payload suggestions
  • Encoding and obfuscation guidance
  • Delivery method recommendations
  • AV evasion technique suggestions

🔵 Blue Team & Forensics Tools

Defensive security intelligence. Analyse forensic artefacts, detect threats, understand malware behaviour and build incident response workflows, all offline.

Volatility 3

Community Pro

8.13/10 Accuracy

Analyses Volatility 3 memory forensics output to identify malicious processes, suspicious network connections, injected code and persistence mechanisms. Builds structured incident response workflows based on your specific memory dump findings.

  • Process tree analysis and anomaly detection
  • Network connection identification
  • Injected code and shellcode detection
  • Persistence mechanism identification
  • IR workflow recommendations

YARA

Pro

9.84/10 Accuracy

Analyses YARA rule match output to identify malware families, assess threat severity and build incident response workflows. The highest accuracy tool in the Syd suite. It consistently identifies the right malware family and recommends appropriate response steps.

  • Malware family identification
  • Threat severity assessment
  • IOC extraction from matches
  • IR workflow and containment steps
  • Threat hunting follow-up suggestions

PCAP Analysis

Pro

Available Now

Analyses packet capture output for anomalous traffic patterns, protocol abuse, C2 communication signatures and data exfiltration indicators. Extracts IOCs and correlates network activity with known attack techniques.

  • Anomalous traffic identification
  • C2 communication detection
  • Protocol abuse analysis
  • IOC extraction from traffic
  • Data exfiltration indicators

Zeek

Coming Soon

Enterprise

Network security monitor log analysis. Interprets Zeek logs (conn, dns, http, ssl, files) to identify suspicious network behaviour, lateral movement and threat indicators across your network traffic.

  • Connection log threat analysis
  • DNS anomaly detection
  • SSL/TLS certificate analysis
  • Lateral movement identification

Chainsaw

Coming Soon

Enterprise

Windows event log threat hunting analysis. Interprets Chainsaw output to correlate suspicious log entries with known attack techniques, MITRE ATT&CK mappings and threat intelligence.

  • Event log threat correlation
  • MITRE ATT&CK technique mapping
  • Suspicious activity timeline building
  • Attack pattern identification

Suricata

Coming Soon

Enterprise

IDS/IPS alert analysis. Interprets Suricata alert logs to prioritise detections, identify false positives, correlate multi-stage attacks and recommend tuning or response actions.

  • Alert prioritisation and triage
  • False positive identification
  • Multi-stage attack correlation
  • Rule tuning recommendations

Sysmon Helper

Coming Soon

Enterprise

Windows System Monitor log analysis. Interprets Sysmon events (process creation, network connections, registry changes, file operations) to identify malicious behaviour and build attack timelines.

  • Process creation anomaly detection
  • Registry modification analysis
  • Network connection behaviour
  • Attack timeline reconstruction

TShark

Coming Soon

Enterprise

Command-line Wireshark analysis. Interprets TShark filtered output for network forensics, identifying protocol anomalies, credential capture in traffic and evidence of lateral movement or exfiltration.

  • Protocol anomaly identification
  • Credential in-traffic detection
  • Lateral movement evidence
  • Exfiltration indicator analysis

Autopsy / Sleuth Kit

Coming Soon

Enterprise

Digital forensics platform assistance. Helps interpret disk image artefacts, deleted file recovery findings, timeline analysis and browser history for digital forensics investigations and legal proceedings.

  • Disk artefact interpretation
  • Deleted file analysis guidance
  • Timeline analysis assistance
  • Evidence documentation support

Raccine

Coming Soon

Enterprise

Ransomware protection and detection analysis. Interprets Raccine detections and blocked shadow copy deletion attempts, helping IR teams understand ransomware behaviour and containment options.

  • Ransomware behaviour analysis
  • Shadow copy deletion detection
  • Containment recommendations

🔧 Utilities

Productivity tools built into the Syd platform to support your workflow.

Report Builder

Enterprise

Generate structured security assessment reports from your Syd analysis sessions. Compile findings, recommendations and evidence into a professional deliverable, all offline.

Wordlist Manager

Coming Soon

Manage, filter and generate custom wordlists for password attacks. Integrates with Hashcat and NetExec workflows.

Credential Safe

Coming Soon

Secure offline credential management for engagement-captured credentials. Encrypted local storage with no cloud sync.

Artefact Viewer

Coming Soon

Examine and contextualise digital forensic artefacts (registry keys, prefetch files, shellbags) with AI-assisted interpretation.

File Triage

Coming Soon

Rapid assessment and categorisation of files for incident response. Identify suspicious files, scripts and executables quickly during live engagements.

AI Intelligence Features (All Editions)

Ask Syd Chat

Every tool page includes an AI chat interface. Ask follow-up questions, dig into specific findings, request alternative techniques or get a plain-English summary for a client report. All offline, all grounded in your actual data.

Context-Aware Intelligence

Syd understands whether you're on offence or defence. For Nmap scans it thinks like a red teamer. For Volatility and YARA findings it thinks like a forensic investigator. One platform, two perspectives.

MITRE ATT&CK Alignment

Analysis recommendations are mapped to MITRE ATT&CK techniques where applicable, helping both red teams document attack chains and blue teams understand and communicate threats.

8192-Token Context Budget

Intelligent context window management handles large tool outputs. Complex Nmap scans, multi-process memory dumps, long YARA match lists: all handled without running out of context or losing detail.

Edition Comparison

Feature / Tool Community
Free		 Pro
£250/yr		 Expert
£500/yr		 Enterprise
£1,000/yr
RED TEAM (11 tools)
Nmap
BloodHound
NetExec (NXC)
Metasploit
Sliver C2
Responder
Hashcat
Feroxbuster
Impacket
Curl
Payload Builder
BLUE TEAM & FORENSICS (10 tools)
Volatility 3
YARA
PCAP
Zeek
Chainsaw
Suricata
Sysmon Helper
TShark
Raccine
Autopsy / Sleuth Kit
UTILITIES (5 tools)
Wordlist Manager
Credential Safe
Report Builder
Artifact Viewer
File Triage
PLATFORM
Ask Syd AI Chat
MITRE ATT&CK Mapping
Air-Gapped / Offline
Support Level Community 5-day email 48hr email 24hr + phone
Download Free Get Pro Get Expert Get Enterprise

Start With the Free Edition

Community Edition includes Nmap, BloodHound and Volatility with no sign-up and no telemetry.

Download Free View Pricing Watch Demos