An intelligent AI-powered security assistant that helps protect your system through automated security scanning and analysis. This application combines multiple security scanning capabilities with local AI models (via Ollama) to provide comprehensive security monitoring and actionable insights.
-
Log File Scanner
- Scans log files for suspicious patterns and security threats
- Detects failed login attempts, authentication failures, SQL injection attempts
- Identifies XSS attacks, brute force attempts, malware signatures
- Configurable log file paths and directories
- Severity-based threat classification (HIGH, MEDIUM, LOW)
-
Network Traffic Analyzer
- Monitors active network connections in real-time
- Detects suspicious ports and connections
- Identifies known malicious ports (Back Orifice, NetBus, Metasploit, etc.)
- Tracks listening ports and associated processes
- Network statistics monitoring
-
File Scanner
- Calculates file hashes (MD5, SHA256)
- Checks hashes against known malware databases
- Extracts and analyzes strings from binary files
- Detects suspicious code patterns (eval, exec, shell commands)
- Scans files and directories for threats
- Identifies potential code injection vulnerabilities
-
Windows Registry Scanner (Windows Only)
- Scans common autorun registry locations
- Monitors Windows services for suspicious entries
- Detects potentially malicious registry modifications
- Identifies entries in temporary directories
- Flags obfuscated or suspicious registry values
- Local AI Integration via Ollama (privacy-focused, no cloud dependency)
- Non-Hallucinating Responses - Low temperature settings ensure factual, grounded responses
- Security-Focused Prompts - Specialized system prompts for accurate security analysis
- Conversational Interface - Chat with the AI about security concerns
- Automated Scan Analysis - AI analyzes scan results and provides remediation steps
- Context-Aware - Maintains conversation history for better understanding
- Modern Dark Theme using CustomTkinter
- Tabbed Interface:
- Chat Tab: Interactive AI security assistant
- Security Scans Tab: Execute and view security scans
- Settings Tab: Configure log paths, AI model, and Ollama connection
- Real-time Results display with threaded scanning (non-blocking UI)
- Configurable Settings with persistent storage
- Python 3.8+ required
- Ollama - Install from ollama.ai
# Start Ollama service ollama serve # Pull a model (recommended: llama2 for general use, mistral for low RAM) ollama pull llama2 # or for low RAM systems: ollama pull mistral
-
Clone the repository:
git clone https://github.com/fawad0dev/AI-Sec-Assist.git cd AI-Sec-Assist -
Install Python dependencies:
pip install -r requirements.txt
-
Run the application:
python main.py
- Launch the application:
python main.py - Configure Settings:
- Go to "Settings" tab
- Verify Ollama connection status
- Select your preferred AI model
- Add log file paths to monitor
- Run Security Scans:
- Go to "Security Scans" tab
- Click any scan button (Log Files, Network, File, Registry)
- View results in the right panel
- AI Analysis:
- After running a scan, click "Analyze Results with AI"
- Get detailed security assessment and remediation steps
- Chat with AI:
- Go to "Chat" tab
- Ask security questions or request analysis
Settings β Add Log Path β Select /var/log/auth.log
Security Scans β Scan Log Files
Review suspicious activities β Analyze with AI
Security Scans β Analyze Network
Review active connections and suspicious ports
Analyze with AI for threat assessment
Security Scans β Scan File β Select suspicious file
View hash, strings, and security findings
Analyze with AI for malware indicators
Security Scans β Scan Registry
Review autorun locations and services
Identify persistence mechanisms
- "What are the most critical security threats I should address?"
- "How do I remediate a brute force attack?"
- "Explain the suspicious activity found in my logs"
- "What ports should I be monitoring?"
- "How can I prevent SQL injection attacks?"
Configuration is stored in config.json (auto-created on first run):
{
"ai": {
"model": "llama2",
"ollama_url": "http://localhost:11434",
"temperature": 0.1
},
"scan": {
"log_paths": [],
"max_log_lines": 1000,
"scan_file_strings": true,
"network_scan_enabled": true,
"registry_scan_enabled": true
},
"ui": {
"theme": "dark",
"window_width": 1200,
"window_height": 800
}
}-
llama2 (Default)
- Good balance of accuracy and performance
- RAM: ~4-8GB
- Best for: General security analysis
-
mistral
- Faster, more efficient
- RAM: ~4GB
- Best for: Low RAM systems, quick responses
-
codellama
- Specialized for code analysis
- RAM: ~4-8GB
- Best for: Source code security scanning
-
phi
- Smallest model
- RAM: ~2GB
- Best for: Very low RAM systems (may be less accurate)
The application uses temperature 0.1 by default to minimize hallucinations:
- 0.0-0.2: More deterministic, factual (security-appropriate)
- 0.3-0.7: Balanced creativity and accuracy
- 0.8-1.0: More creative but may hallucinate
For security purposes, we maintain low temperature to ensure responses are grounded in the actual scan data.
- Low Temperature Settings (0.1) - Ensures factual, deterministic responses
- Strict System Prompts - AI instructed to only analyze provided data
- Explicit Instructions - AI told to say "I don't know" rather than speculate
- Context Limiting - Truncates large inputs to prevent confusion
- Fact-Based Analysis - All responses must reference actual scan data
- 100% Local - No data sent to cloud services
- Ollama Integration - All AI processing happens on your machine
- Offline Capable - Works without internet connection
- No Data Collection - Your security data stays private
Some scans require elevated privileges:
-
Linux/Mac: Run as root or with sudo for full network/file access
sudo python main.py
-
Windows: Run as Administrator for registry and full network access
- Right-click β "Run as Administrator"
Error: Ollama is not available
Solution:
1. Ensure Ollama is installed
2. Start Ollama service: ollama serve
3. Check URL in Settings (default: http://localhost:11434)
Error: Permission denied
Solution: Run application with administrator/root privileges
Error: No models found
Solution: Pull a model first: ollama pull llama2
Issue: System running out of RAM
Solution:
1. Switch to smaller model (mistral or phi)
2. Close other applications
3. Reduce scan scope (fewer log files)
AI-Sec-Assist/
βββ main.py # Application entry point
βββ requirements.txt # Python dependencies
βββ config.json # User configuration (auto-generated)
βββ src/
βββ scanners/ # Security scanning modules
β βββ log_scanner.py
β βββ network_analyzer.py
β βββ file_scanner.py
β βββ registry_scanner.py
βββ ai/ # AI integration
β βββ ollama_client.py
βββ gui/ # GUI interface
β βββ main_gui.py
βββ utils/ # Utilities
βββ config_manager.py
Contributions are welcome! Areas for improvement:
- Additional security scanning modules
- More threat detection patterns
- Enhanced AI prompts
- Performance optimizations
- Cross-platform compatibility
This project is open source. Please ensure you comply with all applicable security and privacy regulations when using this tool.
This tool is for legitimate security monitoring and research purposes only. Users are responsible for:
- Ensuring they have authorization to scan systems
- Complying with local laws and regulations
- Understanding the tool's limitations
- Not relying solely on AI analysis for critical security decisions
Note: While the AI is designed to minimize hallucinations, always verify critical security findings through additional means.
For issues, questions, or contributions:
- GitHub Issues: Report bugs or request features
- Discussions: Ask questions or share use cases
- Ollama - Local AI model inference
- CustomTkinter - Modern GUI framework
- psutil - System monitoring capabilities
- Security research community for threat patterns