MMT is Montimage's flagship network visibility and security analytics platform. Built around a high-performance Deep Packet Inspection engine, it delivers complete traffic intelligence across physical, virtual, cloud, and 5G/6G networks — from raw packet capture through real-time alerting and historical dashboards.

• Deep packet inspection across 700+ protocols — HTTP/2, QUIC, DNS, MQTT, TLS and more
• Native 5G / LTE support: NGAP, NAS, S1AP, GTPv2 for core and RAN monitoring
• LTL rule engine (MMT-Security) for precise multi-step attack and anomaly detection
• Web dashboard (MMT-Operator) with live stats, configurable alerts, and drill-down views
• Online interface capture and offline PCAP replay with session-level flow tracking
• Plugin generator for adding custom protocol support without touching core code

MAIP is an explainable-AI security platform that combines machine-learning detection with human-readable justifications and LLM-powered recommendations. It integrates directly with MMT and SOAR platforms to close the loop from detection to automated response.

• ML-based threat detection with Stacked Autoencoders (SAE) and Convolutional Neural Networks
• Explainable alerts via SHAP and LIME — no more black-box decisions
• Integrated Large Language Model for context-aware remediation recommendations
• Adversarial testing module to measure and harden model robustness
• SOAR connector for triggering automated incident-response workflows
• React-based interactive dashboard with real-time threat visualisation

MAG is a web-based authorized penetration-testing and security-education platform. Attacks run inside isolated Docker containers, keeping your infrastructure safe while providing realistic, reproducible test scenarios for researchers, educators, and red teams.

• 26 attack types — ARP spoofing, SYN/UDP/ICMP floods, SQL injection, XSS, MITM, SSL stripping, brute-force, BGP hijacking and more
• Docker-containerized execution for fully isolated, repeatable tests
• Visual configurator with real-time attack preview and parameter validation
• Educational Mermaid diagrams explaining each attack mechanism and impact
• IPv4 / IPv6, custom ports, URLs, and MAC-address targeting
• Web interface at mag.montimage.eu

5Greplay is a specialised fuzzing tool for testing the resilience and security of 5G network functions. It captures live 5G traffic or reads PCAP files, modifies packets according to XML-defined rules, and replays them against target components — exposing implementation flaws before they reach production.

• Modifies and replays both control-plane (NAS, NGAP) and data-plane (GTP-U) 5G traffic
• Tests AMF, SMF, gNodeB and other 5G core / RAN network functions
• Flexible XML rule system for scenario injection and parameter mutation
• Online (live interface) and offline (PCAP file) operation modes
• Used in EU projects for 5G security validation and robustness evaluation
• Documentation and releases at 5greplay.org

NetworkFuzzer extends 5Greplay's approach to any IP-based protocol. It combines classical mutation-based fuzzing with generative AI to produce semantically valid yet unexpected traffic patterns, revealing edge-case vulnerabilities in network devices, firewalls, and application servers.

• Online (live capture) and offline (PCAP replay) traffic modification modes
• Generative AI integration for intelligent, context-aware attack scenario creation
• Granular packet-level field manipulation and scenario injection
• XML-based rule configuration — no recompilation needed for new scenarios
• Compatible with any IP-based protocol stack

AI4SOAR is an AI-driven Security Orchestration, Automation and Response platform that turns security alerts into automated actions. Built on the Shuffle framework and extended with Montimage's AI capabilities, it lets analysts define intelligent response playbooks that execute in seconds rather than hours.

• Drag-and-drop workflow builder for automated incident-response procedures
• AI-driven trigger logic for context-aware playbook selection
• OpenSearch backend for high-speed security event correlation and storage
• REST API integrations with SIEM, ticketing, and notification systems
• Docker Compose deployment — fully operational in minutes

TAS is a lightweight platform for testing and simulating IoT devices and sensor networks. It generates realistic sensor data streams to validate IoT infrastructure, security controls, and data pipelines before physical devices are deployed — saving cost and catching issues early.

• Simulates a wide range of IoT device types and communication protocols
• Generates configurable, realistic sensor data streams for functional testing
• Validates IoT security controls and monitoring tools in a safe environment
• Lightweight JavaScript implementation — runs on edge hardware and laptops

MMT-LB is a protocol-aware network traffic splitter that distributes packet flows across multiple analysis probes while preserving session continuity. It makes horizontal scaling of deep-packet-inspection pipelines practical — without sacrificing the visibility that session-aware analysis requires.

• Splits traffic by protocol or application type with sticky-session guarantees
• Enables independent, disjoint security-rule sets per traffic partition
• Scales MMT analysis horizontally to handle 10 Gbps+ environments
• Transparent to both endpoints — no traffic modification

MMT-Pentester (formerly ai4sim) is a full-stack web platform for managing, executing, and reporting on cybersecurity tests and attack simulations. Built for red teams and security researchers, it orchestrates complex pentest campaigns — including AI-agent-driven autonomous attack execution — from a single collaborative interface.

• Hierarchical project and campaign management with team-based access controls and audit trails
• Automated attack scenario execution with real-time WebSocket monitoring
• Integrates with Caldera, MAIP, Shennina, KNX Smart Fuzzer, and GAN Fuzzer
• AI agent orchestration for autonomous pentest pipelines and agentic workflows
• PDF report generation for professional pentest deliverables
• React + Node.js + MongoDB full-stack, Docker-ready deployment

ACAS is an ML-based analytics service that detects malicious network traffic and bot attacks in real time by processing the event stream produced by MMT-Probe. It trains and deploys Stacked Autoencoder and CNN models on captured traffic, providing a REST API for on-demand classification and continuous Kafka-driven monitoring.

• Real-time detection via Apache Kafka consumer — processes MMT-Probe output continuously
• ML models: Stacked Autoencoders (SAE) and Convolutional Neural Networks (CNN)
• REST API for PCAP / CSV file submission and model management
• Configurable hyperparameter training on custom datasets
• HDF5 model versioning and hot-reload without service restart
• Docker Compose deployment alongside MMT-Probe

MMT-RCA is a similarity-learning tool that automatically identifies the most probable root causes of detected anomalies by comparing them against a library of previously observed and labelled incidents. It helps security teams move from "an alert fired" to "here is the most likely cause and a ranked list of evidence" in seconds.

• Two-phase workflow: learning phase (store labelled known incidents) + monitoring phase (match new events)
• Gaussian distribution modelling for robust similarity scoring across variable data
• Data augmentation to maximise accuracy even with small training sets
• Feature selection to remove noisy or irrelevant attributes automatically
• Reports include Known Incident ID, similarity score, and proof for analyst review
• MongoDB backend; CSV and JSON input formats; pure Python implementation

Montimage's Anti-Phishing Email Service protects organisations from phishing campaigns by analysing inbound emails for malicious indicators before they reach users' inboxes. It combines threat intelligence, header analysis, link inspection, and content fingerprinting to catch targeted spear-phishing attempts that bypass conventional spam filters.

• Inspects email headers, sender reputation, and domain spoofing indicators
• Analyses embedded URLs and attachments for malicious payloads
• Content fingerprinting to detect known phishing template variations
• Threat intelligence feed integration for up-to-date IOC matching
• Low-latency inline deployment — does not add noticeable delivery delay