Stop Googling Exploits: Try Mini RAGs

19 Sep, 2025

TL;DR: I built Kestrel, a simple command-line tool using RAG and ChromaDB, but the real goal is much bigger. This project highlights the power of mini, lightweight RAGs. Imagine a future where we do not need to read man pages or memorize complex filters—we just send one prompt and get our freedom back.

The Annoying Problem

When you are deep into cybersecurity research or testing, finding the right exploit or command can be frustrating. You spot a vulnerability, but then you have to stop what you are doing. You open Exploit-DB, run slow and complex search filters in Metasploit, or read through massive man pages just to find the right flag.

It completely breaks your focus. I wanted a way to get the exact information I needed immediately, without ever leaving the command line and without having to memorize every single tool’s syntax.

The Power of Mini RAGs

I thought, why not use an AI model to handle the search right then and there? But instead of relying on one massive, generalized AI, the real magic lies in building multiple mini RAG (Retrieval-Augmented Generation) systems.

Kestrel is just one example. The bigger idea is to build a product or an ecosystem that maintains these mini command-line RAGs for all kinds of tools. Think about it: you would never need to open a man page or type –help again. All you need is just to send one simple prompt. We can earn our freedom from remembering endless commands by using these focused, lightweight mini RAGs.

How Kestrel Works (The Proof of Concept)

I named the first project Kestrel. It is built to be a simple, agentic AI system for your terminal to solve the Metasploit search problem.

First, the tool takes a specific knowledge base (like a dataset of Metasploit modules) and turns it into vector embeddings. It stores these in a lightweight vector database like ChromaDB.

When you ask a question, like “List Metasploit modules that mention CVE-2023-20198,” Kestrel searches the database for the most relevant documents. It combines those documents with your question and sends them to a Large Language Model.

I also added the ability to choose different reasoning strategies before you search, like Chain of Thought or ReAct. This forces the AI to think through the steps logically, giving you a fast, accurate, and grounded response right in your terminal.

What Is Next?

Right now, Kestrel solves a specific workflow problem for cybersecurity. But it proves that this mini RAG concept works perfectly.

In the future, I plan to add more data sources to Kestrel, like the MITRE ATT&CK framework and the National Vulnerability Database (NVD). Beyond that, the goal is to explore how we can apply this same “mini RAG” product idea to other daily command-line tools.

You can find the code for Kestrel and try it out on my GitHub. If you find yourself wasting time searching for commands or exploits, these mini RAGs might just be the solution.

#Ai #Security