AI Tool Suggestions

AI Tool Suggestions recommends the best tools and commands to use for a specific technique — right when you need them. It takes into account the technique you're working on and your command history for this engagement.

What It Does

When you're working on a technique and aren't sure which tool to use, AI Tool Suggestions gives you:

Recommended tools for the technique (e.g., nmap, BloodHound, mimikatz)
Example commands you can use directly in the terminal
Context-aware suggestions based on what you've already run during the engagement

The suggestions are generated by AI and cached for 7 days — so if you request suggestions for the same technique again, you get instant results.

How to Use Tool Suggestions

From the Navigator

Click on any technique in the MITRE ATT&CK Navigator
Look for the Tool Suggestions panel or button
Click Get Suggestions
Review the recommended tools and commands

From the Terminal

While working in the Web Terminal, you can request tool suggestions for the current technique path without leaving the terminal view.

Understanding the Suggestions

A typical suggestion looks like this:

Technique: Active Scanning — Scanning IP Blocks (T1595.001)

Recommended Tools:
  • nmap — Network scanner for host and port discovery
    └─ nmap -sV -sC -p- 192.168.1.0/24

  • masscan — Fast internet-scale port scanner
    └─ masscan 192.168.1.0/24 -p1-65535 --rate=1000

  • shodan (CLI) — Search for internet-exposed services
    └─ shodan search "hostname:target.com"

Notes:
  Start with masscan for speed, then nmap for service fingerprinting on
  discovered hosts. Save output in both XML and grepable format.

Context-Aware Suggestions

RTF tracks which tools you've already used during the engagement. The AI uses this history to:

Avoid repeating tools you've already used
Build on your existing workflow
Suggest complementary tools based on what you've run so far

Your command history is automatically captured from Web Terminal sessions.

Viewing Suggestion History

You can review all past tool suggestions for an engagement:

Go to AI Features → Tool Suggestions
Browse suggestions organized by technique path
Filter by date or tactic

This is useful for writing reports — you can see exactly what tools were recommended and when.

Caching

Tool suggestions are cached for 7 days. This means:

Repeated requests for the same technique return instantly
Suggestions refresh after a week to incorporate new tool recommendations
Cache is per-profile, so different engagements get independent suggestions

Tips

Request suggestions before opening a terminal session for a technique — this way you know which tools to run
Use the command history from terminal sessions alongside suggestions for your report
For tools not pre-installed in RTF, you can install them via the Package Manager

Next Steps

Web Terminal → — run the suggested commands directly in the browser
Package Manager → — install tools that aren't already available
Findings → — record what you find using those tools

What It Does​

How to Use Tool Suggestions​

From the Navigator​

From the Terminal​

Understanding the Suggestions​

Context-Aware Suggestions​

Viewing Suggestion History​

Caching​

Tips​

Next Steps​