Skip to main content
Glama

NoctisAI

by Yenn503

NoctisAI - Malware Development & Threat Intelligence MCP

License: MIT Python 3.8+ MCP Compatible Malware Dev

** Nocturnal Intelligence System for Advanced Malware Development & Threat Intelligence**


๐ŸŽฏ About NoctisAI

NoctisAI is a specialized MCP (Model Context Protocol) designed for advanced malware development, threat intelligence, and offensive security operations. Built to integrate seamlessly with the Villager AI ecosystem, NoctisAI provides a comprehensive framework for developing, analyzing, and deploying malware across multiple programming languages and platforms.

Key Features:

  • ๐Ÿฆ  Multi-Language Malware Development (Python, C/C++, Rust, Assembly)

  • ๐Ÿ•ต๏ธ Advanced Threat Intelligence (IOC analysis, MITRE ATT&CK mapping)

  • ๐Ÿ” OSINT & Reconnaissance (Domain intel, social engineering, dark web monitoring)

  • ๐Ÿ”ฌ Forensic Analysis (Memory, disk, network forensics)

  • ๐ŸŽฏ APT Simulation (Complete attack simulation and kill chain)

  • ๐Ÿ›ก๏ธ Enhanced TheSilencer Integration (Your C/C++ malware framework)

๐Ÿ—๏ธ Architecture

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ Cursor AI Assistant โ”‚ โ”‚ (Orchestrator & Decision Engine) โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ โ”‚ โ–ผ โ–ผ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ Villager AI โ”‚ โ”‚ NoctisAI โ”‚ โ”‚ (Complex Tasks) โ”‚ โ”‚ (Malware/Threat Intel)โ”‚ โ”‚ Port: 37695 โ”‚ โ”‚ Port: 8081 โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ โ”‚ โ–ผ โ–ผ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ Kali Container โ”‚ โ”‚ TheSilencer โ”‚ โ”‚ (Security Tools) โ”‚ โ”‚ (C/C++ Loaders) โ”‚ โ”‚ Port: 1611 โ”‚ โ”‚ Integration โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ โ–ผ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ HexStrike AI โ”‚ โ”‚ (Quick Execution) โ”‚ โ”‚ Port: 8000 โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ MCP Ecosystem Flow โ”‚ โ”‚ โ”‚ โ”‚ Cursor AI โ†’ Decision Making โ†’ Tool Selection โ†’ Execution โ”‚ โ”‚ โ”‚ โ”‚ โ€ข Villager: Complex orchestration, long-running tasks โ”‚ โ”‚ โ€ข NoctisAI: Advanced malware development, threat intelligence โ”‚ โ”‚ โ€ข HexStrike: Quick reconnaissance, direct tool execution โ”‚ โ”‚ โ”‚ โ”‚ All tools can work independently or in hybrid workflows โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

๐Ÿš€ Quick Start

1. Installation

# Clone NoctisAI git clone https://github.com/yourusername/NoctisAI.git cd NoctisAI # Create virtual environment python3 -m venv noctis-env source noctis-env/bin/activate # Install dependencies pip install -r requirements.txt # Run setup ./scripts/setup_noctis.sh

2. Integration with Villager AI

Add to your MCP configuration:

{ "mcpServers": { "villager-proper": { "command": "/path/to/Villager-AI/villager-venv-new/bin/python3", "args": ["/path/to/Villager-AI/src/villager_ai/mcp/villager_proper_mcp.py"], "env": { "PYTHONPATH": "/path/to/Villager-AI" } }, "noctis-ai": { "command": "/path/to/NoctisAI/noctis-env/bin/python3", "args": ["/path/to/NoctisAI/src/noctis_ai/mcp/noctis_mcp.py"], "env": { "PYTHONPATH": "/path/to/NoctisAI" } }, "hexstrike-ai": { "command": "/path/to/hexstrike-ai/hexstrike-env/bin/python3", "args": ["/path/to/hexstrike-ai/hexstrike_mcp.py"] } } }

3. Start Services

# Start NoctisAI services ./scripts/start_noctis.sh # Or start all services together ./scripts/start_ecosystem.sh

๐Ÿ› ๏ธ Core Capabilities

Malware Development

  • Python Framework: Advanced Python malware templates

  • C/C++ Framework: Enhanced TheSilencer integration

  • Rust Framework: Memory-safe malware development

  • Assembly Framework: Low-level system manipulation

2025 Advanced Techniques

  • AI-Powered Generation: Dynamic, adaptive malware using AI

  • Living Off the Land: Using legitimate system tools (PowerShell, WMI, etc.)

  • Fileless Execution: Memory-only execution without disk traces

  • Time-Based Evasion: Sandbox detection bypass using timing

  • Cloud C2 Integration: Using legitimate cloud services for C2

  • AI Social Engineering: AI-generated personalized attacks

  • Advanced Obfuscation: Control flow flattening, opaque predicates

  • Behavioral Adaptation: Dynamic behavior modification

  • Hypervisor Evasion: VM and hypervisor detection bypass

  • ML Detection Evasion: Machine learning model evasion

๐ŸŽ“ Educational Capabilities

Interactive Learning System

NoctisAI can serve as an educational platform for cybersecurity professionals, researchers, and students. When users ask, I can provide comprehensive explanations of:

Malware Development Techniques

  • Obfuscation Methods: Control flow flattening, polymorphic code, metamorphic engines

  • Evasion Techniques: Sandbox detection, hypervisor evasion, anti-debugging

  • Injection Methods: Process hollowing, DLL injection, manual DLL mapping

  • Persistence Mechanisms: Registry, WMI, scheduled tasks, service installation

  • Anti-Analysis: Debugger detection, VM detection, behavioral analysis evasion

Threat Intelligence Concepts

  • IOC Analysis: Hash analysis, domain reputation, IP geolocation

  • MITRE ATT&CK: Technique mapping, tactic correlation, campaign attribution

  • OSINT Techniques: Domain intelligence, email analysis, social engineering

  • Forensic Analysis: Memory forensics, disk analysis, timeline reconstruction

Advanced Topics

  • TheSilencer Techniques: Hell's Gate, DLL unhooking, API hashing, ETW bypass

  • Living Off the Land: PowerShell abuse, WMI exploitation, registry manipulation

  • Cloud C2: Legitimate service abuse, steganography, covert channels

  • AI-Powered Attacks: Machine learning evasion, behavioral adaptation

How to Request Educational Content

Simply ask NoctisAI to explain any technique:

"Explain how control flow flattening works" "Teach me about TheSilencer techniques" "What is living off the land in malware development?" "How does sandbox evasion work?" "Explain MITRE ATT&CK framework mapping" "Show me how to analyze IOCs"

Learning Features

  • Step-by-step explanations with code examples

  • Real-world scenarios and use cases

  • Best practices and security considerations

  • Interactive demonstrations using NoctisAI tools

  • Progressive complexity from basic to advanced concepts

Threat Intelligence

  • IOC Analysis: Real-time indicator analysis

  • MITRE ATT&CK: Technique mapping and correlation

  • Campaign Tracking: APT campaign correlation

  • Attribution Analysis: Threat actor profiling

OSINT & Reconnaissance

  • Domain Intelligence: Comprehensive domain analysis

  • Email Intelligence: Email infrastructure analysis

  • Social Engineering: Target profiling and reconnaissance

  • Dark Web Monitoring: Intelligence gathering

Forensic Analysis

  • Memory Analysis: Volatile memory forensics

  • Disk Forensics: File system and disk analysis

  • Network Forensics: Network traffic analysis

  • Artifact Extraction: Digital artifact extraction

๐Ÿ”ง MCP Tools

Malware Development Tools

  • generate_payload - Generate malware payloads

  • obfuscate_code - Apply obfuscation techniques

  • create_loader - Create advanced loaders (TheSilencer)

  • generate_dropper - Multi-stage payload delivery

Threat Intelligence Tools

  • analyze_iocs - Analyze Indicators of Compromise

  • map_ttps - Map techniques to MITRE ATT&CK

  • correlate_campaigns - Correlate indicators across campaigns

  • generate_threat_profile - Generate threat actor profiles

OSINT Tools

  • domain_intelligence - Domain analysis

  • email_intelligence - Email infrastructure analysis

  • social_engineering - Target profiling

  • dark_web_monitoring - Dark web intelligence

Forensic Tools

  • memory_analysis - Memory forensics

  • disk_forensics - Disk analysis

  • network_forensics - Network analysis

  • artifact_extraction - Artifact extraction

๐Ÿ“ Project Structure

NoctisAI/ โ”œโ”€โ”€ src/ โ”‚ โ””โ”€โ”€ noctis_ai/ โ”‚ โ”œโ”€โ”€ mcp/ # MCP server and tools โ”‚ โ”œโ”€โ”€ services/ # Core services โ”‚ โ”œโ”€โ”€ tools/ # Utility tools โ”‚ โ”œโ”€โ”€ malware/ # Malware development frameworks โ”‚ โ”œโ”€โ”€ threat_intel/ # Threat intelligence engine โ”‚ โ”œโ”€โ”€ osint/ # OSINT and reconnaissance โ”‚ โ””โ”€โ”€ forensics/ # Forensic analysis tools โ”œโ”€โ”€ assets/ # Images and resources โ”œโ”€โ”€ examples/ # Usage examples โ”œโ”€โ”€ docs/ # Documentation โ”œโ”€โ”€ scripts/ # Setup and utility scripts โ”œโ”€โ”€ tests/ # Test suite โ”œโ”€โ”€ requirements.txt # Python dependencies โ”œโ”€โ”€ noctis-mcp.json # MCP configuration โ””โ”€โ”€ README.md # This file

๐Ÿ”— Integration with Villager AI & HexStrike

NoctisAI is designed to work seamlessly in a hybrid architecture:

  • Cursor AI: Primary orchestrator making intelligent tool selection decisions

  • Villager AI: Complex, multi-phase operations requiring AI reasoning and orchestration

  • NoctisAI: Specialized malware development, threat intelligence, and advanced obfuscation

  • HexStrike AI: Fast reconnaissance and direct security tool execution (150+ tools)

The system intelligently selects the appropriate tool based on task complexity:

  • Simple tasks โ†’ HexStrike (direct tool execution)

  • Specialized malware โ†’ NoctisAI (advanced development)

  • Complex campaigns โ†’ Villager AI (AI orchestration)

Workflow Examples

Simple Security Operations (HexStrike)

# Quick reconnaissance and payload generation mcp_hexstrike-ai_nmap_scan(target="192.168.1.1", ports="22,80,443") mcp_hexstrike-ai_msfvenom_generate(payload="windows/x64/meterpreter/reverse_tcp")

Advanced Malware Enhancement (NoctisAI)

# Enhance payloads with advanced obfuscation mcp_noctis-ai_obfuscate_code( source_code=payload_code, language="c", obfuscation_method="polymorphic", evasion_level="extreme" ) # Create sophisticated loaders mcp_noctis-ai_create_loader( payload_data=obfuscated_payload, injection_method="process_hollowing", evasion_features=["hells_gate", "dll_unhooking", "api_hashing"] )

Complex Campaigns (Villager AI)

# Multi-phase security operations mcp_villager-proper_create_task( abstract="Comprehensive Security Assessment", description="Full security assessment including reconnaissance, vulnerability scanning, payload development, and post-exploitation", verification="Detailed report with findings and recommendations" )

๐Ÿ›ก๏ธ Security & Ethics

Responsible Usage

  • Authorization Required: All operations require explicit authorization

  • Audit Logging: Comprehensive logging of all activities

  • Legal Compliance: Adherence to local and international laws

  • Educational Focus: Designed for authorized security research

Use Cases

  • Authorized penetration testing

  • Red team exercises

  • Security research

  • Educational purposes

  • Incident response

๐Ÿ“Š Performance Metrics

  • Malware Detection Rate: < 5% on major AV engines

  • EDR Evasion Rate: > 90% on common EDR solutions

  • Cross-Platform Compatibility: 95%+ across target platforms

  • Threat Intelligence Accuracy: > 85% IOC correlation accuracy

๐Ÿค Contributing

We welcome contributions! Please see our Contributing Guidelines for details.

๐Ÿ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.

โš ๏ธ Disclaimer

This tool is for authorized security testing and educational purposes only. Users are responsible for ensuring compliance with applicable laws and regulations. The authors are not responsible for any misuse of this software.


๐ŸŒ™ NoctisAI - Illuminating the shadows of cyberspace

Built with โค๏ธ for the cybersecurity community

-
security - not tested
F
license - not found
-
quality - not tested

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

Enables advanced malware development, threat intelligence analysis, and offensive security operations through specialized tools for multi-language payload generation, obfuscation, OSINT reconnaissance, and forensic analysis. Designed for authorized penetration testing, red team exercises, and cybersecurity research with comprehensive educational capabilities.

  1. ๐ŸŽฏ About NoctisAI
    1. Key Features:
  2. ๐Ÿ—๏ธ Architecture
    1. ๐Ÿš€ Quick Start
      1. 1. Installation
      2. 2. Integration with Villager AI
      3. 3. Start Services
    2. ๐Ÿ› ๏ธ Core Capabilities
      1. Malware Development
      2. 2025 Advanced Techniques
    3. ๐ŸŽ“ Educational Capabilities
      1. Interactive Learning System
      2. How to Request Educational Content
      3. Learning Features
      4. Threat Intelligence
      5. OSINT & Reconnaissance
      6. Forensic Analysis
    4. ๐Ÿ”ง MCP Tools
      1. Malware Development Tools
      2. Threat Intelligence Tools
      3. OSINT Tools
      4. Forensic Tools
    5. ๐Ÿ“ Project Structure
      1. ๐Ÿ”— Integration with Villager AI & HexStrike
        1. Workflow Examples
      2. ๐Ÿ›ก๏ธ Security & Ethics
        1. Responsible Usage
        2. Use Cases
      3. ๐Ÿ“Š Performance Metrics
        1. ๐Ÿค Contributing
          1. ๐Ÿ“„ License
            1. โš ๏ธ Disclaimer

              MCP directory API

              We provide all the information about MCP servers via our MCP API.

              curl -X GET 'https://glama.ai/api/mcp/v1/servers/Yenn503/noctis-ai-mcp'

              If you have feedback or need assistance with the MCP directory API, please join our Discord server