What is an agentic AI system?

An agentic AI system is an autonomous AI that can plan, reason, use tools, and execute multi-step tasks without constant human input. Armor Tech builds custom agentic systems using LLMs like GPT-4 and Claude.

What is RAG (Retrieval-Augmented Generation)?

RAG is an AI technique that connects large language models to your private data via vector search, allowing AI to answer questions grounded in your documents, databases, and knowledge bases.

Where is Armor Tech based?

Armor Tech is a remote-first AI software company serving clients across UK, USA, UAE, Saudi Arabia, Europe, and Pakistan.

What kind of companies does Armor Tech work with?

We work with startups and growing businesses that want to embed AI into their products or operations — from founders building their first AI product to teams automating complex workflows.

Supercharging Pentests: RAG for Analyzing Nmap Scans

Penetration testers spend hours parsing through raw output from tools like Nmap, Nessus, and Burp Suite. But what if you could feed that output directly into an LLM that is securely grounded in the OWASP Top 10 and the latest exploit databases? In this tutorial, we will build a Retrieval-Augmented Generation (RAG) pipeline that turns raw XML scans into actionable, step-by-step exploit paths.

The Problem with Generic LLMs

If you paste an Nmap scan into ChatGPT, the advice you get is often generic and sanitized (e.g., "Ensure you patch your servers"). It refuses to provide actionable intel due to safety guardrails, and it might hallucinate CVE numbers. We need an AI that acts as a true red-team assistant.

By building a custom RAG pipeline, we solve both problems:
1. Context: We embed thousands of historic exploit write-ups and CVE details into a vector database.
2. Accuracy: The LLM is forced to answer only based on the retrieved exploits, eliminating hallucinations.

Pentest RAG Dashboard analyzing Nmap XML

Our custom RAG dashboard instantly correlating an open SSH port with a specific historical CVE.

Step 1: The Data Ingestion Pipeline

A RAG system is only as good as its data. We will use LangChain and ChromaDB (a lightweight, open-source vector store) to index our cybersecurity knowledge base.

First, gather your data. Download the National Vulnerability Database (NVD) JSON feeds, or scrape Exploit-DB repositories. We then chunk this text and generate embeddings using a fast model like text-embedding-3-small.

from langchain.text_splitter import RecursiveCharacterTextSplitter
from langchain_community.vectorstores import Chroma
from langchain_openai import OpenAIEmbeddings

# Assume 'documents' is a loaded list of CVE JSON files and exploit write-ups
text_splitter = RecursiveCharacterTextSplitter(chunk_size=1000, chunk_overlap=200)
chunks = text_splitter.split_documents(documents)

# Create the vector database
vectorstore = Chroma.from_documents(
    documents=chunks, 
    embedding=OpenAIEmbeddings(),
    persist_directory="./chroma_cyber_db"
)

Step 2: Parsing the Nmap XML

Nmap XML output is machine-readable, making it perfect for LLMs. Instead of sending the entire file, we extract the critical entities: IP addresses, open ports, and service banners.

# Run a comprehensive service scan and output to XML
nmap -sV -sC -p- -T4 target_ip -oX scan_results.xml

We pass the condensed string `Host: 10.0.0.51 | Port: 22 | Service: OpenSSH 7.4p1` as the query to our RAG system.

Step 3: Creating the Retrieval Chain

Now we bridge the gap. We take the extracted service banner, search the vector database for similar exploits, and feed both the scan data and the retrieved exploits to the LLM with a strict system prompt.

from langchain.prompts import ChatPromptTemplate
from langchain.chat_models import ChatOpenAI
from langchain.schema.runnable import RunnablePassthrough

system_prompt = """
You are a senior Red Team penetration tester. 
Analyze the provided Nmap scan data against the retrieved exploit context below.
Provide:
1. Identified vulnerabilities based on service versions.
2. The relevant CVE numbers.
3. A conceptual proof-of-concept payload or exact command to verify the vulnerability.

Context: {context}
Scan Data: {scan_data}
"""

prompt = ChatPromptTemplate.from_template(system_prompt)
model = ChatOpenAI(model="gpt-4o")

retriever = vectorstore.as_retriever(search_kwargs={"k": 3})

# Build the RAG chain
chain = (
    {"context": retriever, "scan_data": RunnablePassthrough()} 
    | prompt 
    | model
)

# Run the analysis!
response = chain.invoke("OpenSSH 7.4p1 on port 22")
print(response.content)

The Result: Actionable Intel in Seconds

The output is remarkable. Because the LLM grounds its answer in the embedded exploit database, it doesn't just tell you "SSH is outdated." It tells you: "OpenSSH 7.4p1 is vulnerable to CVE-2018-15473 (User Enumeration). Use the following conceptual Python sequence to test for user existence..."

Build Secure AI Faster

Deploying RAG pipelines for sensitive cybersecurity data requires strict data governance and self-hosted infrastructure. Armor Tech builds isolated, high-performance RAG systems designed for security teams.

Secure Your RAG Pipeline