feat: pass device vendor and hostname to LLM analysis context

CyberRoute · claude · CyberRoute · commit dbee7789b433 · 2026-04-09T20:39:52.000+02:00
OllamaThread now accepts device_vendor and hostname parameters and
injects them into the prompt before the packet, giving the model
manufacturer and device identity context for more targeted IoT
vulnerability analysis.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/core/arp_scanner.py b/core/arp_scanner.py
@@ -58,6 +58,8 @@ def __init__(  # pylint: disable=too-many-arguments,too-many-positional-argument
         self.ip_address = ip_address
         self.interface = interface
         self.gateway_ip = gateway_ip
+        self._device_vendor = device_vendor
+        self._hostname = hostname
         self._mitm: MitmThread | None = None
 
         layout = QVBoxLayout()
@@ -216,7 +218,12 @@ def _analyse_packet(self):
 
         pkt_text = _format_packet(self._captured_packets[row])
         user_context = self._user_context.text().strip()
-        self._ollama_thread = OllamaThread(pkt_text, user_context=user_context)
+        self._ollama_thread = OllamaThread(
+            pkt_text,
+            user_context=user_context,
+            device_vendor=self._device_vendor,
+            hostname=self._hostname,
+        )
         self._ollama_thread.token.connect(self._on_llm_token)
         self._ollama_thread.error.connect(self._on_llm_error)
         self._ollama_thread.finished.connect(self._on_llm_finished)
diff --git a/core/ollama_analyst.py b/core/ollama_analyst.py
@@ -35,22 +35,37 @@ def __init__(
         self,
         packet_text: str,
         user_context: str = "",
+        device_vendor: str = "",
+        hostname: str = "",
         model: str = DEFAULT_MODEL,
         parent=None,
     ):
         super().__init__(parent)
         self.packet_text = packet_text
         self.user_context = user_context
+        self.device_vendor = device_vendor
+        self.hostname = hostname
         self.model = model
 
     def run(self):
         """Stream LLM analysis of the packet to the token signal."""
+        device_section = ""
+        if self.device_vendor or self.hostname:
+            device_section = "\nDevice under analysis:"
+            if self.hostname:
+                device_section += f"\n  Hostname : {self.hostname}"
+            if self.device_vendor:
+                device_section += f"\n  Vendor   : {self.device_vendor}"
+            device_section += "\n"
+
         context_section = (
             f"\nAdditional context from analyst:\n{self.user_context}\n"
             if self.user_context
             else ""
         )
-        prompt = f"{SYSTEM_PROMPT}\n{context_section}\nPacket:\n{self.packet_text}"
+        prompt = (
+            f"{SYSTEM_PROMPT}\n{device_section}{context_section}\nPacket:\n{self.packet_text}"
+        )
         payload = {
             "model": self.model,
             "prompt": prompt,
