Nebula AI-Powered Ethical Hacking Assistant
Nebula AI-Powered Ethical Hacking Assistant

Nebula: AI-Powered Ethical Hacking Assistant


Please do not use this tool in a production environment, we are still experimenting and it is currently only suitable for testing environments

At the moment, to utilize the tools provided in this repository effectively, users are expected to possess a basic understanding of nmap, nuclei, zap, and crackmap.

In future versions, we’ll focus on enhancing free natural language capabilities, and we’re dedicated to making this vision a reality.

Please be advised that this repository is currently in its beta phase; as such, occasional discrepancies or bugs might be encountered. We are diligently working towards refining and resolving all known issues.

Why nebula?

The youtube video below provide a quick example of how Nebula can speed up the process of identifying vulnerabilities

  • Enhanced Vulnerability Identification and Exploitation: Nebula will execute a series of scripts to detect potential vulnerabilities. Leveraging AI-driven algorithms, it will subsequently try to exploit identified vulnerabilities.
  • Effortless Tool Usage with Natural Language: No need to remember intricate commands or switches for various tools. With Nebula, you can seamlessly communicate your intent, whether it’s initiating an NMAP scan or any other task. Let Nebula translate your natural language into precise tool commands.
  • Direct Command Line Access: Execute suggested commands without having to copy and paste.
  • Monitor the IP addresses and ports you’ve engaged with during a penetration test using the Nebula-Watcher tool to ensure complete coverage. Visit nebula-watcher for more information.

Disclaimer: Only NMAP is currently supported for smart analysis of tool output.

  • Smart Analysis of Tool Outputs: Whether it’s the open ports from an NMAP scan or results from other tools, Nebula provides tailored suggestions to further investigate and identify potential vulnerabilities.
  • Search for commands that help identify Vulnerabilities: Easily search and retrieve commands that aid in detecting vulnerabilities across a range of services. Whether you’re dealing with HTTP, FTP, or SMB, Nebula guides you through.


Nebula Overview
Nebula Overview

Nebula is an AI-powered assistant specifically designed for the field of ethical hacking. It provides a unique capability for users to input commands using natural language processing, facilitating a seamless transition from intent to execution.

Additionally, Nebula offers a command search engine. Ethical hackers can effortlessly search for services, ports, or specific terms. In response, Nebula provides curated suggestions on commands that can aid in identifying potential vulnerabilities.

Currently, Nebula is integrated with and supports the following ethical hacking tools:

  • NMAP: A versatile tool for network discovery and security auditing.
  • OWASP ZAP (Full Scan Only): A popular web application security scanner.
  • Crackmapexec: A robust network information gathering tool.
  • Nuclei: A tool is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts.

Our roadmap envisions Nebula’s continuous expansion to incorporate the majority of the tools leveraged by ethical hackers globally. This commitment ensures that our users remain at the cutting edge of cybersecurity endeavors.


Non-Docker versions of Nebula have been extensively tested and optimized for Linux platforms. As of now, its functionality on Windows or macOS is not guaranteed, and it may not operate as expected.

System dependencies

  • Storage: A minimum of 50GB is required.
  • RAM: A minimum of 16GB RAM memory is required
  • Graphics Processing Unit (GPU): While not mandatory, having at least 8GB of GPU memory is recommended for optimal performance.

Docker based distribution requirement(s)

PYPI based distribution requirement(s)

Linux (debian based):

sudo apt install -y libreadline-dev
  • wget:

Linux (debian based):

sudo apt install -y wget


The easiest way to get started is to use the docker image. Please note that the ZAP model is NOT supported in the docker image. If you would like to use ZAP please install the package using pip.

PRO TIP: Regardless of if you are using the docker or pip version, always run nebula in the same folder so that it doesn’t have to download the models each time you run it.


Pulling the image:

docker pull berylliumsec/nebula:latest

Running the image without GPU:

docker run --rm -it berylliumsec/nebula:latest

To avoid downloading the models each time you run the docker container, mount a directory to store the models like so:

docker run --rm -v "$(pwd)":/app/unified_models_no_zap -it berylliumsec/nebula:latest

Running the model with all GPU(s)

docker run --rm --gpus all -v "$(pwd)":/app/unified_models_no_zap -it berylliumsec/nebula:latest
docker run --rm --gpus all -v "$(pwd)":/app/unified_models -it nebula:latest

For autonomous mode and to use the default vulnerability scan:

docker run --rm --gpus all -v "$(pwd)/targets.txt":/app/targets.txt -v "$(pwd)"/unified_models:/app/unified_models -v $(pwd)/targets:/app/targets -it nebula_testn:latest --autonomous_mode True --targets_list /app/targets.txt

For autonomous mode and to use your own nmap vulnerability scan:

docker run --rm --gpus all -v "$(pwd)/targets.txt":/app/targets.txt -v "$(pwd)"/unified_models:/app/unified_models -v $(pwd)/targets:/app/targets -it nebula_testn:latest --autonomous_mode True --nmap_vuln_scan_command="nmap -Pn -sV --exclude-ports 21 --script=vulscan/vulscan.nse" --targets_list /app/targets.txt


pip install nebula-ai

To run nebula simply run this command:


For performing operations that require elevated privileges, consider installing via sudo

sudo pip install nebula-ai

Then run:

sudo nebula

OPTIONAL nebula-watcher installation


To install nebula-watcher:

pip3 install nebula-watcher


Pulling the image:

docker pull berylliumsec/nebula_watcher:latest

Running the docker image :

docker run --network host -v directory_that_contains_nmap_results/nmap_plain_text_or_xml:/app/results -v where/you/want/the/diagram:/app/output  berylliumsec/nebula_watcher:latest

To change the diagram name from the default:

docker run --network host -v directory_that_contains_nmap_results/nmap_plain_text_or_xml:/app/results -v where/you/want/the/diagram:/app/output  berylliumsec/nebula_watcher:latest python3 --diagram_name /app/your_diagram_name


For optimal performance and to ensure access to the most recent advancements, we consistently release updates and refinements to our models. Nebula will proactively inform you of any available updates to the package or the models upon each execution.


pip install nebula-ai --upgrade
pip3 install nebula-watcher --upgrade


docker pull berylliumsec/nebula:latest
docker pull berylliumsec/nebula_watcher:latest


In this beta release, there are three primary applications for Nebula:

  • As an auto-exploitation engine.
  • As a dedicated search engine.
  • As an AI-driven assistant (currently in beta).
  • A command suggestion engine.

As an auto-exploitation Engine

Using the autonomous mode, ethical hackers can supply a list of targets in a file named targets.txt. Nebula will run an NMAP vulnerability scan and then attempt to exploit the vulnerabilities using a combination of scripts and AI.

As a search engine:

Within the search engine capability, ethical hackers can input port numbers or specific service names. In return, they will receive recommended commands to assist in the identification of potential vulnerabilities.

Pro Tip: For optimal results, search using service names or port numbers. This approach is more effective than entering a full sentence or broad query.

As an AI-driven assistant.

DISCLAIMER: The results provided by this tool may contain inaccuracies or may not be suitable for all scenarios. We highly recommend users to review and, if necessary, modify the suggested commands before executing them. Proceed with caution and always ensure you are acting within legal and ethical boundaries Queries can be presented naturally to the AI-driven assistant, which then translates them into specific commands.

As a command suggestion engine.

Nebula can process results from NMAP scans (plain text or XML format) and suggest commands to run to detect vulnerabilities on services running on open ports.

As an ethical hacking coverage tool

Using the optional Nebula-Watcher, ethical hackers can automatically monitor the IP addresses and ports that they have engaged with during a penetration test to ensure maximum coverage.

Download Nebula