Skip to content

README.md

Latest commit

 

History

History
87 lines (63 loc) · 2.55 KB

README.md

File metadata and controls

87 lines (63 loc) · 2.55 KB

Hancock Python SDK

Setup

pip install openai python-dotenv
export NVIDIA_API_KEY=nvapi-YOUR_KEY_HERE

Quick Start

from hancock_client import HancockClient

h = HancockClient()

# Security Q&A
print(h.ask("Explain CVE-2021-44228 Log4Shell"))

# Multi-turn chat with explicit mode selection
history = [{"role": "user", "content": "How do I investigate Kerberoasting?"}]
print(h.chat("Give me SOC triage steps.", history=history, mode="soc"))

# Alert triage
print(h.triage("Mimikatz.exe detected on DC01 at 03:14 UTC. lsass dump."))

# Threat hunting query
print(h.hunt("lateral movement via PsExec", siem="splunk"))

# Incident response playbook
print(h.respond("ransomware"))

# Security code generation (Qwen 2.5 Coder 32B)
print(h.code("YARA rule for Emotet dropper", language="yara"))
print(h.code("KQL query to detect Pass-the-Hash attacks", language="kql"))

CLI

# Interactive default mode (auto)
python hancock_cli.py

# Interactive code mode
python hancock_cli.py --mode code

# One-shot
python hancock_cli.py --task "explain Kerberoasting"
python hancock_cli.py --mode code --task "write a Sigma rule for Kerberoasting"
python hancock_cli.py --model mixtral-8x7b --task "CISO risk framework"

Supported chat modes: `auto`, `pentest`, `soc`, `code`, `ciso`, `sigma`, `yara`, `ioc`, `osint`
(`security` remains accepted as an alias for `auto`).

Models

Alias Model Best For
mistral-7b mistralai/mistral-7b-instruct-v0.3 Security Q&A, triage, IR
qwen-coder qwen/qwen2.5-coder-32b-instruct YARA, Sigma, KQL, exploit code
llama-8b meta/llama-3.1-8b-instruct Fast general queries
mixtral-8x7b mistralai/mixtral-8x7b-instruct-v0.1 Long-form CISO strategy

API Reference

Method Description
h.ask(question, mode="auto") Security Q&A — pentest / soc / auto
h.code(task, language=None) Code gen via Qwen 2.5 Coder 32B
h.triage(alert) SOC alert triage + MITRE mapping
h.hunt(target, siem="splunk") Threat hunting query generation
h.respond(incident) Full PICERL IR playbook
h.chat(message, history=[], mode="auto") Multi-turn conversation with explicit mode (auto, pentest, soc, code, ciso, sigma, yara, ioc, osint)

Chat mode validation

from hancock_client import HancockClient

h = HancockClient()

try:
    h.chat("test", mode="not-a-mode")
except ValueError as exc:
    print(exc)  # Unsupported mode 'not-a-mode' passed to chat(). Supported modes: ...