Documentation
Tool Inventory (62+ Tools)
SentinelForge integrates over 62 security tools organized by operational category. All tools run locally with zero cloud dependencies.
Network Reconnaissance
| Tool | Purpose |
|---|---|
Nmap | Network discovery and port scanning |
Masscan | High-speed port scanning |
Netdiscover | Active/passive ARP reconnaissance |
arp-scan | Layer 2 network discovery |
hping3 | TCP/IP packet crafting and analysis |
Zmap | Internet-scale network scanning |
Vulnerability Assessment
| Tool | Purpose |
|---|---|
OpenVAS | Full vulnerability scanning framework |
Nikto | Web server vulnerability scanner |
WPScan | WordPress security scanner |
SQLMap | SQL injection detection and exploitation |
Nuclei | Template-based vulnerability scanning |
Trivy | Container and filesystem vulnerability scanner |
Grype | Software composition analysis |
Exploitation Frameworks
| Tool | Purpose |
|---|---|
Metasploit | Penetration testing framework |
Cobalt Strike | Adversary simulation and red team operations |
BeEF | Browser exploitation framework |
Empire | Post-exploitation and lateral movement |
Sliver | Cross-platform adversary emulation |
Wireless and RF Security
| Tool | Purpose |
|---|---|
Aircrack-ng | WiFi security auditing suite |
Kismet | Wireless network detector and sniffer |
Reaver | WPS PIN attack tool |
Bettercap | Network attack and monitoring framework |
Wifite | Automated wireless auditing |
Password and Credential Testing
| Tool | Purpose |
|---|---|
Hashcat | Advanced password recovery |
John the Ripper | Password cracking suite |
Hydra | Network login brute-force |
Medusa | Parallel login brute-force |
CeWL | Custom wordlist generation |
Mimikatz | Credential extraction |
Traffic Analysis and Packet Capture
| Tool | Purpose |
|---|---|
Wireshark | Network protocol analyzer |
tcpdump | Command-line packet capture |
Zeek | Network security monitoring |
Suricata | IDS/IPS engine |
Snort | Network intrusion detection |
NetworkMiner | Network forensic analysis |
Web Application Testing
| Tool | Purpose |
|---|---|
Burp Suite | Web application security testing |
OWASP ZAP | Web application scanner |
Gobuster | Directory and DNS brute-force |
ffuf | Fast web fuzzer |
Dirb | Web content scanner |
XSStrike | XSS detection and exploitation |
OSINT and Information Gathering
| Tool | Purpose |
|---|---|
theHarvester | Email and subdomain harvesting |
Maltego | OSINT and graphical link analysis |
Recon-ng | Web reconnaissance framework |
Shodan CLI | Internet device intelligence |
SpiderFoot | OSINT automation |
Amass | Attack surface mapping |
Forensics and Incident Response
| Tool | Purpose |
|---|---|
Volatility | Memory forensics framework |
Autopsy | Digital forensics platform |
YARA | Malware identification and classification |
ClamAV | Antivirus scanning engine |
Foremost | File recovery and carving |
binwalk | Firmware analysis |
Logging, SIEM, and Monitoring
| Tool | Purpose |
|---|---|
Wazuh | Security monitoring and compliance |
OSSEC | Host-based intrusion detection |
Elastic Stack | Log aggregation and analysis |
Grafana | Operational dashboards |
Fluentd | Log collection and routing |
Container and Infrastructure Security
| Tool | Purpose |
|---|---|
Falco | Runtime container security |
kube-bench | Kubernetes CIS benchmarking |
Lynis | System security auditing |
OpenSCAP | Security compliance scanning |
Checkov | Infrastructure-as-code scanning |
Agent Orchestration Architecture
SentinelForge uses a multi-agent architecture where specialized AI agents coordinate security operations autonomously.
Agent Types
- Recon Agent - Performs continuous network discovery and asset enumeration
- Vulnerability Agent - Coordinates scanning tools and prioritizes findings by risk
- Exploit Agent - Validates vulnerabilities through controlled exploitation
- Response Agent - Executes containment and remediation playbooks
- Forensics Agent - Collects and analyzes artifacts for incident investigation
- Compliance Agent - Monitors security posture against policy baselines
Orchestration Flow
Agents communicate through a local message bus with no external network requirements. The orchestration layer manages agent lifecycle, task prioritization, and resource allocation. All inter-agent communication is encrypted and logged for audit compliance.
DDIL Deployment Configuration
SentinelForge is designed from the ground up for Denied, Disrupted, Intermittent, and Limited-bandwidth (DDIL) environments.
Deployment Modes
- Air-Gapped - Complete isolation with no network interfaces active. All updates via removable media.
- DDIL-Connected - Opportunistic synchronization when connectivity is available. Full autonomy when disconnected.
- Edge-Deployed - Lightweight configuration for resource-constrained edge hardware (ARM64/x86_64).
Requirements
- Linux kernel 5.10+ (hardened preferred)
- Minimum 16 GB RAM (32 GB recommended)
- 4 CPU cores (8 recommended)
- 100 GB storage (SSD recommended)
- No internet connectivity required
AegisOS Integration
AegisOS provides physical security event data to SentinelForge for cyber-physical threat correlation. Integration is handled through a local API with mutual TLS authentication.
Capabilities
- Physical access event correlation with network anomalies
- Facility sensor data integration for environmental threat detection
- Unified alert dashboard combining cyber and physical events
- Automated lockdown procedures triggered by correlated threat indicators
AriaOS Audit Integration
AriaOS provides governance and compliance capabilities, ensuring every SentinelForge action is logged, auditable, and policy-compliant.
Capabilities
- Immutable audit log for all security operations
- Policy engine for operational constraints and approval workflows
- Compliance reporting for NIST, FISMA, and CMMC frameworks
- Role-based access control with multi-factor authentication