Autonomous binary analysis and exploit development agent powered by dolphin-mixtral (uncensored) running locally via Ollama.
LOWDOWN builds its own tools, persists findings to a semantic knowledge graph, and runs entirely in the background — set a task and walk away.
- Reverse engineering — ELF/PE/Mach-O parsing, disassembly, decompilation
- Vulnerability research — heap, stack, format strings, integer overflows
- Exploit development — ROP chains, shellcode, ret2libc, heap exploitation
- Malware analysis — C2 mapping, persistence mechanisms, evasion detection
- Tool building — writes, compiles, and registers its own Python/C/shell tools
- Persistent memory — stores every finding in a semantic knowledge graph via Antonlytics; recalls context across sessions
| Ollama | ollama.ai — runs the model locally |
| dolphin-mixtral | Uncensored model (~26 GB) — ollama pull dolphin-mixtral |
| Antonlytics | Free account at antonlytics.com — persistent memory |
| Python 3.11+ | pip install -r requirements.txt |
| Root / sudo | Recommended for package installation and full binary access |
# 1. Clone and install
git clone https://github.com/your-username/lowdown
cd lowdown
python -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
# 2. Install Ollama and pull the model
curl -fsSL https://ollama.ai/install.sh | sh # Linux
# macOS: download from https://ollama.ai/download
ollama pull dolphin-mixtral # ~26 GB, needs GPU
# 3. Launch (root recommended)
sudo .venv/bin/streamlit run app.pyOpen http://localhost:8501. On first launch the setup screen appears — enter your Ollama URL and Antonlytics credentials once, then they're saved permanently.
LOWDOWN shows a one-time setup screen before it can run:
① Ollama URL
Where Ollama is listening. Default is http://localhost:11434. Use a remote GPU server URL if not running locally. The "Test Ollama" button verifies dolphin-mixtral is available.
② Antonlytics LOWDOWN stores all findings in a semantic knowledge graph. Get a free API key and project ID at antonlytics.com — sign up, create a project, copy the key and project ID.
Credentials are saved to lowdown/.env and loaded automatically on all future runs.
Set in lowdown/.env or export before running:
OLLAMA_URL=http://localhost:11434
OLLAMA_MODEL=dolphin-mixtral:latest
ANTONLYTICS_API_KEY=anto_live_...
ANTONLYTICS_PROJECT_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxapp.py Streamlit UI — tabs: Quests / Workshop / Reports
lowdown/
agent.py Agentic loop — Ollama /api/chat, tool dispatch, memory
daemon.py Background process — picks up pending quests, auto-continues
quest.py File-based quest store (~/.lowdown/quests/)
memory.py Antonlytics wrapper — ingest + query the knowledge graph
tool_registry.py Persistent tool store — register, update, version tools
executor.py Shell + tool execution
search.py DuckDuckGo, URL fetch, paper search
session.py Report saving and listing
config.py Env var loading
pricing.py Token formatting (Ollama = free/local)
User types a task → quest created (pending)
Daemon picks it up → agent loop (running)
Agent calls tools, builds tools, stores findings in memory
After each tool-heavy turn → auto-continues (autonomous)
Up to 20 autonomous turns before going idle
User can send follow-up messages at any time
The agent writes specific triplet facts after every action:
binary /usr/bin/ssh function process_packet overflow at offset 0x48
technique ret2libc requires NX=on canary=off known-libc-base
tool elf_parser v3 handles DWARF compressed sections
These are indexed in Antonlytics and retrieved at the start of every new task — the agent remembers everything across sessions.
| Tab | |
|---|---|
| Quests | Quest list (left) + event stream, chat, token usage (right) |
| Workshop | All tools built by the agent — source, version history, category filter |
| Reports | Saved analysis reports — filter by category, download as markdown |
The top bar shows root / daemon status. If the daemon is stale or stopped, a ↺ Restart Daemon button appears.
To run the model on a remote GPU server:
# On the server
OLLAMA_HOST=0.0.0.0 ollama serve &
ollama pull dolphin-mixtralEnter http://YOUR_SERVER_IP:11434 as the Ollama URL in the setup screen.
MIT