@raghulm/aegis-mcp 1.0.4 → 1.0.7

package/tools/network/headers.py

@@ -1,99 +1,99 @@
-from __future__ import annotations
-
-from typing import Any
-
-import requests
-
-_SECURITY_HEADERS = {
-    "Strict-Transport-Security": {
-        "description": "Enforces HTTPS connections",
-        "recommended": True,
-    },
-    "Content-Security-Policy": {
-        "description": "Controls resources the browser is allowed to load",
-        "recommended": True,
-    },
-    "X-Content-Type-Options": {
-        "description": "Prevents MIME-type sniffing",
-        "recommended": True,
-        "expected_value": "nosniff",
-    },
-    "X-Frame-Options": {
-        "description": "Controls whether the page can be embedded in iframes",
-        "recommended": True,
-    },
-    "Referrer-Policy": {
-        "description": "Controls how much referrer information is sent",
-        "recommended": True,
-    },
-    "Permissions-Policy": {
-        "description": "Controls browser features available to the page",
-        "recommended": True,
-    },
-    "X-XSS-Protection": {
-        "description": "Legacy XSS filter (mostly deprecated but still checked)",
-        "recommended": False,
-    },
-    "Cache-Control": {
-        "description": "Controls caching behavior for sensitive data",
-        "recommended": True,
-    },
-}
-
-
-def check_http_headers(url: str) -> dict[str, Any]:
-    """Audit HTTP security headers for a given URL.
-
-    Args:
-        url: The target URL to check (must include scheme, e.g. https://example.com).
-
-    Returns:
-        Dict with header analysis, score, and recommendations.
-    """
-    if not url.startswith(("http://", "https://")):
-        url = "https://" + url
-
-    try:
-        resp = requests.head(url, timeout=10, allow_redirects=True)
-    except requests.ConnectionError as exc:
-        raise RuntimeError(f"Cannot connect to '{url}': {exc}") from exc
-    except requests.Timeout as exc:
-        raise RuntimeError(f"Request to '{url}' timed out") from exc
-
-    headers_lower = {k.lower(): v for k, v in resp.headers.items()}
-    total_recommended = sum(1 for h in _SECURITY_HEADERS.values() if h["recommended"])
-    present_recommended = 0
-
-    results: list[dict[str, Any]] = []
-    for header_name, info in _SECURITY_HEADERS.items():
-        value = headers_lower.get(header_name.lower())
-        is_present = value is not None
-        if is_present and info["recommended"]:
-            present_recommended += 1
-
-        entry: dict[str, Any] = {
-            "header": header_name,
-            "present": is_present,
-            "value": value or "",
-            "description": info["description"],
-        }
-
-        expected = info.get("expected_value")
-        if expected and is_present and value != expected:
-            entry["warning"] = f"Expected '{expected}', got '{value}'"
-
-        results.append(entry)
-
-    score = round((present_recommended / total_recommended) * 100) if total_recommended else 0
-    grade = "A" if score >= 85 else "B" if score >= 70 else "C" if score >= 50 else "D" if score >= 30 else "F"
-
-    missing = [r["header"] for r in results if not r["present"] and _SECURITY_HEADERS[r["header"]]["recommended"]]
-
-    return {
-        "url": url,
-        "status_code": resp.status_code,
-        "score": score,
-        "grade": grade,
-        "headers": results,
-        "missing_recommended": missing,
-    }
+from __future__ import annotations
+
+from typing import Any
+
+import requests
+
+_SECURITY_HEADERS = {
+    "Strict-Transport-Security": {
+        "description": "Enforces HTTPS connections",
+        "recommended": True,
+    },
+    "Content-Security-Policy": {
+        "description": "Controls resources the browser is allowed to load",
+        "recommended": True,
+    },
+    "X-Content-Type-Options": {
+        "description": "Prevents MIME-type sniffing",
+        "recommended": True,
+        "expected_value": "nosniff",
+    },
+    "X-Frame-Options": {
+        "description": "Controls whether the page can be embedded in iframes",
+        "recommended": True,
+    },
+    "Referrer-Policy": {
+        "description": "Controls how much referrer information is sent",
+        "recommended": True,
+    },
+    "Permissions-Policy": {
+        "description": "Controls browser features available to the page",
+        "recommended": True,
+    },
+    "X-XSS-Protection": {
+        "description": "Legacy XSS filter (mostly deprecated but still checked)",
+        "recommended": False,
+    },
+    "Cache-Control": {
+        "description": "Controls caching behavior for sensitive data",
+        "recommended": True,
+    },
+}
+
+
+def check_http_headers(url: str) -> dict[str, Any]:
+    """Audit HTTP security headers for a given URL.
+
+    Args:
+        url: The target URL to check (must include scheme, e.g. https://example.com).
+
+    Returns:
+        Dict with header analysis, score, and recommendations.
+    """
+    if not url.startswith(("http://", "https://")):
+        url = "https://" + url
+
+    try:
+        resp = requests.head(url, timeout=10, allow_redirects=True)
+    except requests.ConnectionError as exc:
+        raise RuntimeError(f"Cannot connect to '{url}': {exc}") from exc
+    except requests.Timeout as exc:
+        raise RuntimeError(f"Request to '{url}' timed out") from exc
+
+    headers_lower = {k.lower(): v for k, v in resp.headers.items()}
+    total_recommended = sum(1 for h in _SECURITY_HEADERS.values() if h["recommended"])
+    present_recommended = 0
+
+    results: list[dict[str, Any]] = []
+    for header_name, info in _SECURITY_HEADERS.items():
+        value = headers_lower.get(header_name.lower())
+        is_present = value is not None
+        if is_present and info["recommended"]:
+            present_recommended += 1
+
+        entry: dict[str, Any] = {
+            "header": header_name,
+            "present": is_present,
+            "value": value or "",
+            "description": info["description"],
+        }
+
+        expected = info.get("expected_value")
+        if expected and is_present and value != expected:
+            entry["warning"] = f"Expected '{expected}', got '{value}'"
+
+        results.append(entry)
+
+    score = round((present_recommended / total_recommended) * 100) if total_recommended else 0
+    grade = "A" if score >= 85 else "B" if score >= 70 else "C" if score >= 50 else "D" if score >= 30 else "F"
+
+    missing = [r["header"] for r in results if not r["present"] and _SECURITY_HEADERS[r["header"]]["recommended"]]
+
+    return {
+        "url": url,
+        "status_code": resp.status_code,
+        "score": score,
+        "grade": grade,
+        "headers": results,
+        "missing_recommended": missing,
+    }

package/tools/network/port_scanner.py

@@ -1,66 +1,66 @@
-from __future__ import annotations
-
-import socket
-from typing import Any
-
-_COMMON_PORTS: dict[int, str] = {
-    21: "FTP",
-    22: "SSH",
-    23: "Telnet",
-    25: "SMTP",
-    53: "DNS",
-    80: "HTTP",
-    110: "POP3",
-    143: "IMAP",
-    443: "HTTPS",
-    445: "SMB",
-    993: "IMAPS",
-    995: "POP3S",
-    3306: "MySQL",
-    3389: "RDP",
-    5432: "PostgreSQL",
-    6379: "Redis",
-    8080: "HTTP-Alt",
-    8443: "HTTPS-Alt",
-    27017: "MongoDB",
-}
-
-
-def port_scan(host: str, ports: str = "") -> list[dict[str, Any]]:
-    """Perform a basic TCP connect scan on a host.
-
-    Args:
-        host: Target hostname or IP address.
-        ports: Comma-separated port numbers. If empty, scans common service ports.
-
-    Returns:
-        List of port results with port number, status, and service name.
-    """
-    try:
-        resolved_ip = socket.gethostbyname(host)
-    except socket.gaierror as exc:
-        raise RuntimeError(f"Cannot resolve hostname '{host}': {exc}") from exc
-
-    if ports:
-        try:
-            port_list = [int(p.strip()) for p in ports.split(",") if p.strip()]
-        except ValueError as exc:
-            raise RuntimeError(f"Invalid port specification: {exc}") from exc
-    else:
-        port_list = list(_COMMON_PORTS.keys())
-
-    results: list[dict[str, Any]] = []
-    for port in sorted(port_list):
-        try:
-            with socket.create_connection((host, port), timeout=2):
-                status = "open"
-        except (socket.timeout, ConnectionRefusedError, OSError):
-            status = "closed"
-
-        results.append({
-            "port": port,
-            "status": status,
-            "service": _COMMON_PORTS.get(port, "unknown"),
-        })
-
-    return results
+from __future__ import annotations
+
+import socket
+from typing import Any
+
+_COMMON_PORTS: dict[int, str] = {
+    21: "FTP",
+    22: "SSH",
+    23: "Telnet",
+    25: "SMTP",
+    53: "DNS",
+    80: "HTTP",
+    110: "POP3",
+    143: "IMAP",
+    443: "HTTPS",
+    445: "SMB",
+    993: "IMAPS",
+    995: "POP3S",
+    3306: "MySQL",
+    3389: "RDP",
+    5432: "PostgreSQL",
+    6379: "Redis",
+    8080: "HTTP-Alt",
+    8443: "HTTPS-Alt",
+    27017: "MongoDB",
+}
+
+
+def port_scan(host: str, ports: str = "") -> list[dict[str, Any]]:
+    """Perform a basic TCP connect scan on a host.
+
+    Args:
+        host: Target hostname or IP address.
+        ports: Comma-separated port numbers. If empty, scans common service ports.
+
+    Returns:
+        List of port results with port number, status, and service name.
+    """
+    try:
+        resolved_ip = socket.gethostbyname(host)
+    except socket.gaierror as exc:
+        raise RuntimeError(f"Cannot resolve hostname '{host}': {exc}") from exc
+
+    if ports:
+        try:
+            port_list = [int(p.strip()) for p in ports.split(",") if p.strip()]
+        except ValueError as exc:
+            raise RuntimeError(f"Invalid port specification: {exc}") from exc
+    else:
+        port_list = list(_COMMON_PORTS.keys())
+
+    results: list[dict[str, Any]] = []
+    for port in sorted(port_list):
+        try:
+            with socket.create_connection((host, port), timeout=2):
+                status = "open"
+        except (socket.timeout, ConnectionRefusedError, OSError):
+            status = "closed"
+
+        results.append({
+            "port": port,
+            "status": status,
+            "service": _COMMON_PORTS.get(port, "unknown"),
+        })
+
+    return results

package/tools/network/ssl_checker.py

@@ -1,65 +1,65 @@
-from __future__ import annotations
-
-import socket
-import ssl
-from datetime import datetime, timezone
-from typing import Any
-
-
-def check_ssl_certificate(hostname: str, port: int = 443) -> dict[str, Any]:
-    """Check the SSL/TLS certificate for a given hostname.
-
-    Args:
-        hostname: Domain name to check.
-        port: TCP port (default 443).
-
-    Returns:
-        Certificate details including subject, issuer, validity, and expiry info.
-    """
-    context = ssl.create_default_context()
-    try:
-        with socket.create_connection((hostname, port), timeout=10) as sock:
-            with context.wrap_socket(sock, server_hostname=hostname) as ssock:
-                cert = ssock.getpeercert()
-    except socket.gaierror as exc:
-        raise RuntimeError(f"DNS resolution failed for '{hostname}': {exc}") from exc
-    except socket.timeout as exc:
-        raise RuntimeError(f"Connection to '{hostname}:{port}' timed out") from exc
-    except ssl.SSLError as exc:
-        raise RuntimeError(f"SSL error for '{hostname}:{port}': {exc}") from exc
-    except OSError as exc:
-        raise RuntimeError(f"Connection failed to '{hostname}:{port}': {exc}") from exc
-
-    if not cert:
-        raise RuntimeError(f"No certificate returned by '{hostname}:{port}'")
-
-    def _format_name(name_tuples: tuple) -> str:
-        parts = []
-        for attr_group in name_tuples:
-            for key, value in attr_group:
-                parts.append(f"{key}={value}")
-        return ", ".join(parts)
-
-    not_before = datetime.strptime(cert["notBefore"], "%b %d %H:%M:%S %Y %Z").replace(tzinfo=timezone.utc)
-    not_after = datetime.strptime(cert["notAfter"], "%b %d %H:%M:%S %Y %Z").replace(tzinfo=timezone.utc)
-    now = datetime.now(tz=timezone.utc)
-    days_until_expiry = (not_after - now).days
-
-    san_entries = []
-    for san_type, san_value in cert.get("subjectAltName", ()):
-        san_entries.append(f"{san_type}:{san_value}")
-
-    return {
-        "hostname": hostname,
-        "port": port,
-        "subject": _format_name(cert.get("subject", ())),
-        "issuer": _format_name(cert.get("issuer", ())),
-        "serial_number": cert.get("serialNumber", ""),
-        "version": cert.get("version", ""),
-        "not_before": not_before.isoformat(),
-        "not_after": not_after.isoformat(),
-        "days_until_expiry": days_until_expiry,
-        "expired": days_until_expiry < 0,
-        "subject_alt_names": san_entries,
-        "protocol": "TLSv1.2+",
-    }
+from __future__ import annotations
+
+import socket
+import ssl
+from datetime import datetime, timezone
+from typing import Any
+
+
+def check_ssl_certificate(hostname: str, port: int = 443) -> dict[str, Any]:
+    """Check the SSL/TLS certificate for a given hostname.
+
+    Args:
+        hostname: Domain name to check.
+        port: TCP port (default 443).
+
+    Returns:
+        Certificate details including subject, issuer, validity, and expiry info.
+    """
+    context = ssl.create_default_context()
+    try:
+        with socket.create_connection((hostname, port), timeout=10) as sock:
+            with context.wrap_socket(sock, server_hostname=hostname) as ssock:
+                cert = ssock.getpeercert()
+    except socket.gaierror as exc:
+        raise RuntimeError(f"DNS resolution failed for '{hostname}': {exc}") from exc
+    except socket.timeout as exc:
+        raise RuntimeError(f"Connection to '{hostname}:{port}' timed out") from exc
+    except ssl.SSLError as exc:
+        raise RuntimeError(f"SSL error for '{hostname}:{port}': {exc}") from exc
+    except OSError as exc:
+        raise RuntimeError(f"Connection failed to '{hostname}:{port}': {exc}") from exc
+
+    if not cert:
+        raise RuntimeError(f"No certificate returned by '{hostname}:{port}'")
+
+    def _format_name(name_tuples: tuple) -> str:
+        parts = []
+        for attr_group in name_tuples:
+            for key, value in attr_group:
+                parts.append(f"{key}={value}")
+        return ", ".join(parts)
+
+    not_before = datetime.strptime(cert["notBefore"], "%b %d %H:%M:%S %Y %Z").replace(tzinfo=timezone.utc)
+    not_after = datetime.strptime(cert["notAfter"], "%b %d %H:%M:%S %Y %Z").replace(tzinfo=timezone.utc)
+    now = datetime.now(tz=timezone.utc)
+    days_until_expiry = (not_after - now).days
+
+    san_entries = []
+    for san_type, san_value in cert.get("subjectAltName", ()):
+        san_entries.append(f"{san_type}:{san_value}")
+
+    return {
+        "hostname": hostname,
+        "port": port,
+        "subject": _format_name(cert.get("subject", ())),
+        "issuer": _format_name(cert.get("issuer", ())),
+        "serial_number": cert.get("serialNumber", ""),
+        "version": cert.get("version", ""),
+        "not_before": not_before.isoformat(),
+        "not_after": not_after.isoformat(),
+        "days_until_expiry": days_until_expiry,
+        "expired": days_until_expiry < 0,
+        "subject_alt_names": san_entries,
+        "protocol": "TLSv1.2+",
+    }