Skip to content

byfranke/sheep-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Sheep CLI

Autonomous CLI agent for Cyber Threat Intelligence, powered by the Sheep API.

Threat intelligence, IOC enrichment, MITRE ATT&CK grounding and an interactive REPL with structured outputs (JSON, PDF, STIX 2.1) — all from your terminal.

Install

Linux / macOS

curl -fsSL https://sheep.byfranke.com/install.sh | bash

Windows (PowerShell)

iwr https://sheep.byfranke.com/install.ps1 -UseBasicParsing | iex

The installer detects your platform, downloads the matching binary from the latest release, verifies its SHA-256 against the published SHA256SUMS, and installs to /usr/local/bin/sheep-cli (Linux/macOS) or %LOCALAPPDATA%\Programs\sheep-cli (Windows).

Pin a specific version

curl -fsSL https://sheep.byfranke.com/install.sh | SHEEP_CLI_VERSION=v1.2.0 bash

Manual download

Each Release ships five binaries plus SHA256SUMS:

Platform Binary
Linux x86_64 sheep-cli-linux-x64
Linux aarch64 sheep-cli-linux-arm64
macOS Intel sheep-cli-macos-x64
macOS Apple Silicon sheep-cli-macos-arm64
Windows x64 sheep-cli-windows-x64.exe

Verify before running:

sha256sum -c SHA256SUMS

Usage

# 1. Save your Sheep API token (one time)
sheep-cli token

# 2. Launch the interactive REPL
sheep-cli

# 3. One-shot question (for scripts)
sheep-cli ask "what is APT28's most recent campaign?"

# 4. IOC analysis (IP / hash / domain / URL / CVE)
sheep-cli analyze 1.2.3.4
sheep-cli analyze 44d886... --json
sheep-cli analyze CVE-2024-1234 --report report.pdf

# 5. All commands
sheep-cli --help

Features

  • Interactive REPL with persistent session history (the API is stateless; the CLI remembers locally)
  • Priority Intelligence Requirements (PIR)/pir persists your CTI coverage profile (sectors, regions, threat actors, MITRE techniques, notes) and injects it into every /ask so the model prioritises information matching your scope
  • Session resume--resume brings any past session back
  • Model tier selection/model auto|scout|hunter|sage
  • Structured output--json for pipelines, --report for PDF, --stix for STIX 2.1 Bundle (MISP / OpenCTI / TheHive)
  • Threat-intel feeds read-only via /feeds (does not consume tokens)
  • Security auditing of local code via /audit
  • Plan / quota visibility via /profile

Get a token

Get an API token at sheep.byfranke.com/pages/store.

Trial (free, 3 days) and paid plans (Sheep Plus, Sheep Pro, Sheep Pro Max, Black Sheep gift cards) all use the same CLI.

Support

License

byFranke License — proprietary, with use granted for personal and commercial purposes. Redistribution requires prior written consent. See the Sheep Terms of Service and Privacy Policy.

About

Advanced Cybersecurity Assistant. Threat intelligence, IOC analysis and integrated AI.

sheep.byfranke.com/

Topics

cybersecurity threat-intelligence ai-agents ai-assistant

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 4

Sheep CLI v1.2.4 Latest
Jun 4, 2026
+ 3 releases

Packages

 
 
 

Contributors