๐Ÿ”Œ

Air-Gapped Operations

Fully offline pentesting powered by local LLMs โ€” no cloud dependency, no data leakage, no internet required.

Overview

PortShim is designed from the ground up for air-gapped, on-site operations. Every component โ€” inference engine, model storage, CVE database, and report generator โ€” runs locally on the operator's machine.

Local Inference Stack

llama.cpp serves as the inference backend with Vulkan GPU offload. The portshim CLI manages the entire lifecycle: server start, model loading, health checks, and graceful shutdown.

Hardware targets: Consumer GPUs with 16โ€“32 GB VRAM (RTX 4090, RX 7900 XTX, Radeon 8060S). Models run at Q4_K_M quantisation for optimal quality-to-speed ratio.

Three-Model Architecture

Each phase is assigned a model optimised for its task:

All models are Apache 2.0 or permissive licences โ€” no restrictions on security use cases.

Pre-Synced Knowledge Bases

Before going on-site, sync the following data:

Run python scripts/sync_knowledge.py to update before deployment.

Bootstrap Process

deploy.py handles first-time setup:

  1. Detects GPU capabilities (Vulkan vs. CPU fallback)
  2. Downloads the three recommended GGUF models to ~/local-models/
  3. Initialises the SQLite database and knowledge stores
  4. Installs the portshim CLI to the system PATH

Hybrid Mode

When the engagement allows, PortShim supports a hybrid mode: keep exploitation fully local (to avoid API refusals on exploit-specific prompts) while routing reporting and CVE analysis through cloud APIs for faster iteration. Configure via llm-config.py hybrid.