create-vasvibe 2.3.1 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +170 -167
- package/bin/cli.mjs +9 -9
- package/package.json +44 -44
- package/src/git.mjs +47 -47
- package/src/index.mjs +228 -228
- package/src/prompts.mjs +113 -113
- package/src/scaffold.mjs +74 -74
- package/src/upgrade.mjs +121 -121
- package/src/utils.mjs +91 -91
- package/template/.agents/agents/analyst/agent.json +43 -43
- package/template/.agents/agents/backend/agent.json +44 -44
- package/template/.agents/agents/data-architect/agent.json +43 -43
- package/template/.agents/agents/devops/agent.json +44 -44
- package/template/.agents/agents/discovery/agent.json +43 -43
- package/template/.agents/agents/document/agent.json +43 -43
- package/template/.agents/agents/fixer/agent.json +44 -44
- package/template/.agents/agents/frontend/agent.json +44 -44
- package/template/.agents/agents/fullstack/agent.json +44 -44
- package/template/.agents/agents/initiator/agent.json +41 -41
- package/template/.agents/agents/manual-tester/agent.json +44 -0
- package/template/.agents/agents/orchestrator/agent.json +44 -44
- package/template/.agents/agents/pm/agent.json +42 -42
- package/template/.agents/agents/qa/agent.json +44 -44
- package/template/.agents/agents/reliability/agent.json +44 -44
- package/template/.agents/agents/security/agent.json +44 -44
- package/template/.agents/agents/sysarch/agent.json +44 -44
- package/template/.agents/agents/tester/agent.json +44 -44
- package/template/.agents/agents/toolsmith/agent.json +44 -44
- package/template/.agents/agents/ux-designer/agent.json +43 -43
- package/template/.agents/skills/find-skills/SKILL.md +142 -142
- package/template/.agents/skills/fullstack/SKILL.md +89 -89
- package/template/.agents/skills/penetration-testing/SKILL.md +94 -94
- package/template/.agents/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.agents/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.agents/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.agents/skills/pm/SKILL.md +170 -170
- package/template/.agents/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.agents/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.agents/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.agents/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.agents/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.agents/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.agents/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.agents/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.agents/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.agents/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.agents/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/.agents/workflows/build-feature.md +21 -21
- package/template/.agents/workflows/daily-standup.md +16 -16
- package/template/.agents/workflows/deliver-feature.md +16 -16
- package/template/.agents/workflows/harden-release.md +21 -21
- package/template/.agents/workflows/plan-project.md +25 -25
- package/template/.agents/workflows/release.md +18 -18
- package/template/.agents/workflows/security-audit.md +19 -19
- package/template/.agents/workflows/setup-workspace.md +21 -21
- package/template/.agents/workflows/start-fix.md +17 -17
- package/template/.agents/workflows/test-feature.md +17 -17
- package/template/.claude/agents/analyst.md +75 -75
- package/template/.claude/agents/backend.md +61 -61
- package/template/.claude/agents/data-architect.md +43 -43
- package/template/.claude/agents/devops.md +44 -43
- package/template/.claude/agents/discovery.md +51 -51
- package/template/.claude/agents/document.md +51 -51
- package/template/.claude/agents/fixer.md +83 -82
- package/template/.claude/agents/frontend.md +58 -58
- package/template/.claude/agents/fullstack.md +84 -83
- package/template/.claude/agents/initiator.md +74 -74
- package/template/.claude/agents/manual-tester.md +108 -0
- package/template/.claude/agents/orchestrator.md +114 -113
- package/template/.claude/agents/pm.md +199 -199
- package/template/.claude/agents/qa.md +66 -65
- package/template/.claude/agents/reliability.md +48 -47
- package/template/.claude/agents/security.md +107 -106
- package/template/.claude/agents/sysarch.md +301 -301
- package/template/.claude/agents/tester.md +100 -100
- package/template/.claude/agents/toolsmith.md +77 -76
- package/template/.claude/agents/ux-designer.md +45 -45
- package/template/.claude/commands/build-feature.md +22 -22
- package/template/.claude/commands/daily-standup.md +16 -16
- package/template/.claude/commands/deliver-feature.md +17 -17
- package/template/.claude/commands/harden-release.md +22 -22
- package/template/.claude/commands/manual-test.md +19 -0
- package/template/.claude/commands/plan-project.md +26 -26
- package/template/.claude/commands/release.md +19 -19
- package/template/.claude/commands/security-audit.md +20 -20
- package/template/.claude/commands/setup-workspace.md +22 -22
- package/template/.claude/commands/start-fix.md +18 -18
- package/template/.claude/commands/test-feature.md +18 -18
- package/template/.claude/skills/find-skills +1 -0
- package/template/.claude/skills/penetration-testing/SKILL.md +94 -94
- package/template/.claude/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.claude/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.claude/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.claude/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.claude/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.claude/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.claude/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.claude/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.claude/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.claude/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.claude/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.claude/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.claude/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.claude/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/.github/prompts/analyst.prompt.md +57 -57
- package/template/.github/prompts/backend.prompt.md +44 -44
- package/template/.github/prompts/data-architect.prompt.md +38 -38
- package/template/.github/prompts/devops.prompt.md +32 -32
- package/template/.github/prompts/discovery.prompt.md +39 -39
- package/template/.github/prompts/document.prompt.md +14 -14
- package/template/.github/prompts/fixer.prompt.md +90 -89
- package/template/.github/prompts/frontend.prompt.md +43 -43
- package/template/.github/prompts/fullstack.prompt.md +91 -91
- package/template/.github/prompts/initiator.prompt.md +55 -55
- package/template/.github/prompts/manual-tester.prompt.md +103 -0
- package/template/.github/prompts/orchestrator.prompt.md +75 -75
- package/template/.github/prompts/pm.prompt.md +186 -186
- package/template/.github/prompts/qa.prompt.md +57 -57
- package/template/.github/prompts/reliability.prompt.md +44 -44
- package/template/.github/prompts/security.prompt.md +41 -41
- package/template/.github/prompts/sysarch.prompt.md +351 -351
- package/template/.github/prompts/tester.prompt.md +107 -107
- package/template/.github/prompts/toolsmith.prompt.md +46 -46
- package/template/.github/prompts/ux-designer.prompt.md +41 -41
- package/template/.opencode/agents/analyst.md +75 -75
- package/template/.opencode/agents/backend.md +61 -61
- package/template/.opencode/agents/data-architect.md +43 -43
- package/template/.opencode/agents/devops.md +44 -41
- package/template/.opencode/agents/discovery.md +51 -51
- package/template/.opencode/agents/document.md +51 -51
- package/template/.opencode/agents/fixer.md +83 -82
- package/template/.opencode/agents/frontend.md +58 -58
- package/template/.opencode/agents/fullstack.md +84 -83
- package/template/.opencode/agents/initiator.md +74 -74
- package/template/.opencode/agents/manual-tester.md +107 -0
- package/template/.opencode/agents/orchestrator.md +116 -119
- package/template/.opencode/agents/pm.md +199 -199
- package/template/.opencode/agents/qa.md +66 -65
- package/template/.opencode/agents/reliability.md +48 -46
- package/template/.opencode/agents/security.md +107 -105
- package/template/.opencode/agents/sysarch.md +301 -301
- package/template/.opencode/agents/tester.md +100 -100
- package/template/.opencode/agents/toolsmith.md +77 -77
- package/template/.opencode/agents/ux-designer.md +45 -45
- package/template/.opencode/commands/build-feature.md +21 -21
- package/template/.opencode/commands/daily-standup.md +16 -16
- package/template/.opencode/commands/deliver-feature.md +16 -16
- package/template/.opencode/commands/harden-release.md +21 -21
- package/template/.opencode/commands/manual-test.md +18 -0
- package/template/.opencode/commands/plan-project.md +25 -25
- package/template/.opencode/commands/release.md +18 -18
- package/template/.opencode/commands/security-audit.md +19 -19
- package/template/.opencode/commands/setup-workspace.md +21 -21
- package/template/.opencode/commands/start-fix.md +17 -17
- package/template/.opencode/commands/test-feature.md +17 -17
- package/template/.opencode/skills/penetration-testing/SKILL.md +94 -94
- package/template/.opencode/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.opencode/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.opencode/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.opencode/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.opencode/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.opencode/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.opencode/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.opencode/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.opencode/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.opencode/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.opencode/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.opencode/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.opencode/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.opencode/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/AGENT_PERSONAS.md +595 -551
- package/template/GIT_STRUCTURE_GUIDE.md +270 -270
- package/template/PROJECT_README.example.md +81 -81
- package/template/QUICK-START.md +134 -131
- package/template/README.md +1942 -1919
- package/template/_gitignore +141 -141
- package/template/agent/workflows/_shared/change-management.md +70 -70
- package/template/agent/workflows/_shared/git-branch-management.md +25 -25
- package/template/agent/workflows/_shared/phases.md +88 -88
- package/template/agent/workflows/_shared/state-management.md +87 -87
- package/template/agent/workflows/_shared/work-depth.md +46 -46
- package/template/agent/workflows/analyst.md +75 -75
- package/template/agent/workflows/backend.md +61 -61
- package/template/agent/workflows/data-architect.md +43 -43
- package/template/agent/workflows/devops.md +44 -44
- package/template/agent/workflows/discovery.md +51 -51
- package/template/agent/workflows/document.md +51 -51
- package/template/agent/workflows/fixer.md +83 -82
- package/template/agent/workflows/frontend.md +58 -58
- package/template/agent/workflows/fullstack.md +84 -84
- package/template/agent/workflows/initiator.md +74 -74
- package/template/agent/workflows/manual-tester.md +103 -0
- package/template/agent/workflows/orchestrator.md +114 -114
- package/template/agent/workflows/pm.md +199 -199
- package/template/agent/workflows/qa.md +66 -66
- package/template/agent/workflows/reliability.md +48 -48
- package/template/agent/workflows/security.md +107 -107
- package/template/agent/workflows/sysarch.md +301 -301
- package/template/agent/workflows/tester.md +100 -100
- package/template/agent/workflows/toolsmith.md +77 -77
- package/template/agent/workflows/ux-designer.md +45 -45
- package/template/codes/.gitkeep +1 -1
- package/template/project_overview_example.md +54 -54
- package/template/schemas/adr.template.md +36 -36
- package/template/schemas/changelog.template.md +34 -34
- package/template/schemas/data-model.template.md +57 -57
- package/template/schemas/design-system.template.md +63 -63
- package/template/schemas/dev_log.template.md +20 -20
- package/template/schemas/product-ci.template.yml +50 -50
- package/template/schemas/requirements.template.md +64 -64
- package/template/schemas/security-standards.template.md +58 -58
- package/template/schemas/security_report.template.md +89 -89
- package/template/schemas/specification.template.md +57 -57
- package/template/schemas/style_guide.template.md +29 -29
- package/template/schemas/task_list.template.md +28 -28
- package/template/schemas/workspace-manifest.template.json +24 -24
- package/template/schemas/workspace-registry.json +94 -94
- package/template/skills-lock.json +11 -11
- package/template/specifications/.gitkeep +1 -1
- package/template/state/knowledge_base/.gitkeep +1 -1
- package/template/state/knowledge_base/requirements/.gitkeep +1 -1
- package/template/tests/.gitkeep +1 -1
- package/template/.agents/workflows/explorer.md +0 -78
- package/template/.agents/workflows/logger.md +0 -117
- package/template/.claude/settings.local.json +0 -35
- package/template/.claude/skills/find-skills/SKILL.md +0 -142
- package/template/.opencode/agents/explorer.md +0 -138
- package/template/.opencode/agents/logger.md +0 -143
|
@@ -1,328 +1,328 @@
|
|
|
1
|
-
# Automated Penetration Testing Framework
|
|
2
|
-
|
|
3
|
-
## Automated Penetration Testing Framework
|
|
4
|
-
|
|
5
|
-
```python
|
|
6
|
-
# pentest_framework.py
|
|
7
|
-
import requests
|
|
8
|
-
import socket
|
|
9
|
-
import subprocess
|
|
10
|
-
import json
|
|
11
|
-
from typing import List, Dict
|
|
12
|
-
from dataclasses import dataclass, asdict
|
|
13
|
-
from datetime import datetime
|
|
14
|
-
|
|
15
|
-
@dataclass
|
|
16
|
-
class Finding:
|
|
17
|
-
severity: str
|
|
18
|
-
category: str
|
|
19
|
-
target: str
|
|
20
|
-
vulnerability: str
|
|
21
|
-
evidence: str
|
|
22
|
-
remediation: str
|
|
23
|
-
cvss_score: float
|
|
24
|
-
|
|
25
|
-
class PenetrationTester:
|
|
26
|
-
def __init__(self, target: str):
|
|
27
|
-
self.target = target
|
|
28
|
-
self.findings: List[Finding] = []
|
|
29
|
-
|
|
30
|
-
def test_sql_injection(self, url: str) -> None:
|
|
31
|
-
"""Test for SQL injection vulnerabilities"""
|
|
32
|
-
print(f"Testing SQL injection on {url}")
|
|
33
|
-
|
|
34
|
-
payloads = [
|
|
35
|
-
"' OR '1'='1",
|
|
36
|
-
"'; DROP TABLE users--",
|
|
37
|
-
"' UNION SELECT NULL, NULL, NULL--",
|
|
38
|
-
"1' AND 1=1--",
|
|
39
|
-
"admin'--"
|
|
40
|
-
]
|
|
41
|
-
|
|
42
|
-
for payload in payloads:
|
|
43
|
-
try:
|
|
44
|
-
response = requests.get(
|
|
45
|
-
url,
|
|
46
|
-
params={'id': payload},
|
|
47
|
-
timeout=5
|
|
48
|
-
)
|
|
49
|
-
|
|
50
|
-
# Check for SQL errors
|
|
51
|
-
sql_errors = [
|
|
52
|
-
'mysql_fetch_array',
|
|
53
|
-
'SQLServer JDBC Driver',
|
|
54
|
-
'ORA-01756',
|
|
55
|
-
'PostgreSQL',
|
|
56
|
-
'sqlite3.OperationalError'
|
|
57
|
-
]
|
|
58
|
-
|
|
59
|
-
for error in sql_errors:
|
|
60
|
-
if error in response.text:
|
|
61
|
-
self.findings.append(Finding(
|
|
62
|
-
severity='critical',
|
|
63
|
-
category='SQL Injection',
|
|
64
|
-
target=url,
|
|
65
|
-
vulnerability=f'SQL Injection detected with payload: {payload}',
|
|
66
|
-
evidence=f'Error message: {error}',
|
|
67
|
-
remediation='Use parameterized queries or prepared statements',
|
|
68
|
-
cvss_score=9.8
|
|
69
|
-
))
|
|
70
|
-
break
|
|
71
|
-
|
|
72
|
-
except Exception as e:
|
|
73
|
-
print(f"Error testing {url}: {e}")
|
|
74
|
-
|
|
75
|
-
def test_xss(self, url: str) -> None:
|
|
76
|
-
"""Test for Cross-Site Scripting vulnerabilities"""
|
|
77
|
-
print(f"Testing XSS on {url}")
|
|
78
|
-
|
|
79
|
-
payloads = [
|
|
80
|
-
"<script>alert('XSS')</script>",
|
|
81
|
-
"<img src=x onerror=alert('XSS')>",
|
|
82
|
-
"javascript:alert('XSS')",
|
|
83
|
-
"<svg onload=alert('XSS')>",
|
|
84
|
-
"'-alert('XSS')-'"
|
|
85
|
-
]
|
|
86
|
-
|
|
87
|
-
for payload in payloads:
|
|
88
|
-
try:
|
|
89
|
-
response = requests.get(
|
|
90
|
-
url,
|
|
91
|
-
params={'q': payload},
|
|
92
|
-
timeout=5
|
|
93
|
-
)
|
|
94
|
-
|
|
95
|
-
if payload in response.text:
|
|
96
|
-
self.findings.append(Finding(
|
|
97
|
-
severity='high',
|
|
98
|
-
category='Cross-Site Scripting',
|
|
99
|
-
target=url,
|
|
100
|
-
vulnerability=f'Reflected XSS detected with payload: {payload}',
|
|
101
|
-
evidence='Payload reflected in response without sanitization',
|
|
102
|
-
remediation='Implement output encoding and Content Security Policy',
|
|
103
|
-
cvss_score=7.3
|
|
104
|
-
))
|
|
105
|
-
break
|
|
106
|
-
|
|
107
|
-
except Exception as e:
|
|
108
|
-
print(f"Error testing {url}: {e}")
|
|
109
|
-
|
|
110
|
-
def test_authentication(self, login_url: str) -> None:
|
|
111
|
-
"""Test authentication mechanisms"""
|
|
112
|
-
print(f"Testing authentication on {login_url}")
|
|
113
|
-
|
|
114
|
-
# Test default credentials
|
|
115
|
-
default_creds = [
|
|
116
|
-
('admin', 'admin'),
|
|
117
|
-
('admin', 'password'),
|
|
118
|
-
('root', 'root'),
|
|
119
|
-
('administrator', 'administrator')
|
|
120
|
-
]
|
|
121
|
-
|
|
122
|
-
for username, password in default_creds:
|
|
123
|
-
try:
|
|
124
|
-
response = requests.post(
|
|
125
|
-
login_url,
|
|
126
|
-
data={'username': username, 'password': password},
|
|
127
|
-
timeout=5
|
|
128
|
-
)
|
|
129
|
-
|
|
130
|
-
if response.status_code == 200 and 'dashboard' in response.text.lower():
|
|
131
|
-
self.findings.append(Finding(
|
|
132
|
-
severity='critical',
|
|
133
|
-
category='Weak Authentication',
|
|
134
|
-
target=login_url,
|
|
135
|
-
vulnerability=f'Default credentials accepted: {username}/{password}',
|
|
136
|
-
evidence='Successful authentication with default credentials',
|
|
137
|
-
remediation='Enforce strong password policy and remove default accounts',
|
|
138
|
-
cvss_score=9.1
|
|
139
|
-
))
|
|
140
|
-
|
|
141
|
-
except Exception as e:
|
|
142
|
-
print(f"Error testing credentials: {e}")
|
|
143
|
-
|
|
144
|
-
def test_security_headers(self, url: str) -> None:
|
|
145
|
-
"""Test for missing security headers"""
|
|
146
|
-
print(f"Testing security headers on {url}")
|
|
147
|
-
|
|
148
|
-
try:
|
|
149
|
-
response = requests.get(url, timeout=5)
|
|
150
|
-
|
|
151
|
-
critical_headers = {
|
|
152
|
-
'Strict-Transport-Security': 'HSTS not implemented',
|
|
153
|
-
'X-Frame-Options': 'Clickjacking protection missing',
|
|
154
|
-
'X-Content-Type-Options': 'MIME sniffing prevention missing',
|
|
155
|
-
'Content-Security-Policy': 'CSP not implemented',
|
|
156
|
-
'X-XSS-Protection': 'XSS protection header missing'
|
|
157
|
-
}
|
|
158
|
-
|
|
159
|
-
for header, description in critical_headers.items():
|
|
160
|
-
if header not in response.headers:
|
|
161
|
-
self.findings.append(Finding(
|
|
162
|
-
severity='medium',
|
|
163
|
-
category='Missing Security Header',
|
|
164
|
-
target=url,
|
|
165
|
-
vulnerability=f'Missing header: {header}',
|
|
166
|
-
evidence=description,
|
|
167
|
-
remediation=f'Add {header} header to all responses',
|
|
168
|
-
cvss_score=5.3
|
|
169
|
-
))
|
|
170
|
-
|
|
171
|
-
except Exception as e:
|
|
172
|
-
print(f"Error testing headers: {e}")
|
|
173
|
-
|
|
174
|
-
def test_directory_traversal(self, url: str) -> None:
|
|
175
|
-
"""Test for directory traversal vulnerabilities"""
|
|
176
|
-
print(f"Testing directory traversal on {url}")
|
|
177
|
-
|
|
178
|
-
payloads = [
|
|
179
|
-
'../../../etc/passwd',
|
|
180
|
-
'..\\..\\..\\windows\\system32\\drivers\\etc\\hosts',
|
|
181
|
-
'....//....//....//etc/passwd',
|
|
182
|
-
'%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd'
|
|
183
|
-
]
|
|
184
|
-
|
|
185
|
-
for payload in payloads:
|
|
186
|
-
try:
|
|
187
|
-
response = requests.get(
|
|
188
|
-
url,
|
|
189
|
-
params={'file': payload},
|
|
190
|
-
timeout=5
|
|
191
|
-
)
|
|
192
|
-
|
|
193
|
-
# Check for Unix passwd file
|
|
194
|
-
if 'root:' in response.text or 'daemon:' in response.text:
|
|
195
|
-
self.findings.append(Finding(
|
|
196
|
-
severity='critical',
|
|
197
|
-
category='Directory Traversal',
|
|
198
|
-
target=url,
|
|
199
|
-
vulnerability=f'Path traversal detected with payload: {payload}',
|
|
200
|
-
evidence='System file contents exposed',
|
|
201
|
-
remediation='Validate and sanitize file paths, use whitelist approach',
|
|
202
|
-
cvss_score=8.6
|
|
203
|
-
))
|
|
204
|
-
break
|
|
205
|
-
|
|
206
|
-
except Exception as e:
|
|
207
|
-
print(f"Error testing traversal: {e}")
|
|
208
|
-
|
|
209
|
-
def test_ssl_tls(self) -> None:
|
|
210
|
-
"""Test SSL/TLS configuration"""
|
|
211
|
-
print(f"Testing SSL/TLS on {self.target}")
|
|
212
|
-
|
|
213
|
-
try:
|
|
214
|
-
result = subprocess.run(
|
|
215
|
-
['testssl.sh', '--jsonfile', 'ssl-results.json', self.target],
|
|
216
|
-
capture_output=True,
|
|
217
|
-
text=True,
|
|
218
|
-
timeout=60
|
|
219
|
-
)
|
|
220
|
-
|
|
221
|
-
# Parse SSL test results
|
|
222
|
-
# This is a simplified check
|
|
223
|
-
weak_protocols = ['SSLv2', 'SSLv3', 'TLSv1.0']
|
|
224
|
-
for protocol in weak_protocols:
|
|
225
|
-
self.findings.append(Finding(
|
|
226
|
-
severity='high',
|
|
227
|
-
category='Weak SSL/TLS',
|
|
228
|
-
target=self.target,
|
|
229
|
-
vulnerability=f'Weak protocol enabled: {protocol}',
|
|
230
|
-
evidence='Outdated SSL/TLS protocol support',
|
|
231
|
-
remediation='Disable weak protocols, enforce TLS 1.2+',
|
|
232
|
-
cvss_score=7.5
|
|
233
|
-
))
|
|
234
|
-
|
|
235
|
-
except Exception as e:
|
|
236
|
-
print(f"SSL test error: {e}")
|
|
237
|
-
|
|
238
|
-
def run_full_pentest(self, target_urls: List[str]) -> Dict:
|
|
239
|
-
"""Execute comprehensive penetration test"""
|
|
240
|
-
for url in target_urls:
|
|
241
|
-
self.test_sql_injection(url)
|
|
242
|
-
self.test_xss(url)
|
|
243
|
-
self.test_security_headers(url)
|
|
244
|
-
self.test_directory_traversal(url)
|
|
245
|
-
|
|
246
|
-
self.test_ssl_tls()
|
|
247
|
-
|
|
248
|
-
return self.generate_report()
|
|
249
|
-
|
|
250
|
-
def generate_report(self) -> Dict:
|
|
251
|
-
"""Generate comprehensive pentest report"""
|
|
252
|
-
summary = {
|
|
253
|
-
'critical': 0,
|
|
254
|
-
'high': 0,
|
|
255
|
-
'medium': 0,
|
|
256
|
-
'low': 0
|
|
257
|
-
}
|
|
258
|
-
|
|
259
|
-
for finding in self.findings:
|
|
260
|
-
if finding.severity in summary:
|
|
261
|
-
summary[finding.severity] += 1
|
|
262
|
-
|
|
263
|
-
report = {
|
|
264
|
-
'timestamp': datetime.now().isoformat(),
|
|
265
|
-
'target': self.target,
|
|
266
|
-
'total_findings': len(self.findings),
|
|
267
|
-
'summary': summary,
|
|
268
|
-
'findings': [asdict(f) for f in self.findings],
|
|
269
|
-
'risk_score': self._calculate_risk_score(),
|
|
270
|
-
'recommendations': self._generate_recommendations()
|
|
271
|
-
}
|
|
272
|
-
|
|
273
|
-
with open('pentest-report.json', 'w') as f:
|
|
274
|
-
json.dump(report, f, indent=2)
|
|
275
|
-
|
|
276
|
-
return report
|
|
277
|
-
|
|
278
|
-
def _calculate_risk_score(self) -> float:
|
|
279
|
-
"""Calculate overall risk score"""
|
|
280
|
-
if not self.findings:
|
|
281
|
-
return 0.0
|
|
282
|
-
|
|
283
|
-
total_cvss = sum(f.cvss_score for f in self.findings)
|
|
284
|
-
return round(total_cvss / len(self.findings), 2)
|
|
285
|
-
|
|
286
|
-
def _generate_recommendations(self) -> List[str]:
|
|
287
|
-
"""Generate prioritized recommendations"""
|
|
288
|
-
recommendations = []
|
|
289
|
-
|
|
290
|
-
categories = {}
|
|
291
|
-
for finding in self.findings:
|
|
292
|
-
if finding.category not in categories:
|
|
293
|
-
categories[finding.category] = []
|
|
294
|
-
categories[finding.category].append(finding)
|
|
295
|
-
|
|
296
|
-
for category, findings in sorted(
|
|
297
|
-
categories.items(),
|
|
298
|
-
key=lambda x: len(x[1]),
|
|
299
|
-
reverse=True
|
|
300
|
-
):
|
|
301
|
-
recommendations.append(
|
|
302
|
-
f"Address {len(findings)} {category} vulnerabilities"
|
|
303
|
-
)
|
|
304
|
-
|
|
305
|
-
return recommendations[:5]
|
|
306
|
-
|
|
307
|
-
# Usage
|
|
308
|
-
if __name__ == '__main__':
|
|
309
|
-
tester = PenetrationTester('https://example.com')
|
|
310
|
-
|
|
311
|
-
target_urls = [
|
|
312
|
-
'https://example.com/api/users',
|
|
313
|
-
'https://example.com/search',
|
|
314
|
-
'https://example.com/download'
|
|
315
|
-
]
|
|
316
|
-
|
|
317
|
-
report = tester.run_full_pentest(target_urls)
|
|
318
|
-
|
|
319
|
-
print("\n=== Penetration Test Report ===")
|
|
320
|
-
print(f"Target: {report['target']}")
|
|
321
|
-
print(f"Total Findings: {report['total_findings']}")
|
|
322
|
-
print(f"Risk Score: {report['risk_score']}")
|
|
323
|
-
print(f"\nFindings by Severity:")
|
|
324
|
-
print(f" Critical: {report['summary']['critical']}")
|
|
325
|
-
print(f" High: {report['summary']['high']}")
|
|
326
|
-
print(f" Medium: {report['summary']['medium']}")
|
|
327
|
-
print(f" Low: {report['summary']['low']}")
|
|
328
|
-
```
|
|
1
|
+
# Automated Penetration Testing Framework
|
|
2
|
+
|
|
3
|
+
## Automated Penetration Testing Framework
|
|
4
|
+
|
|
5
|
+
```python
|
|
6
|
+
# pentest_framework.py
|
|
7
|
+
import requests
|
|
8
|
+
import socket
|
|
9
|
+
import subprocess
|
|
10
|
+
import json
|
|
11
|
+
from typing import List, Dict
|
|
12
|
+
from dataclasses import dataclass, asdict
|
|
13
|
+
from datetime import datetime
|
|
14
|
+
|
|
15
|
+
@dataclass
|
|
16
|
+
class Finding:
|
|
17
|
+
severity: str
|
|
18
|
+
category: str
|
|
19
|
+
target: str
|
|
20
|
+
vulnerability: str
|
|
21
|
+
evidence: str
|
|
22
|
+
remediation: str
|
|
23
|
+
cvss_score: float
|
|
24
|
+
|
|
25
|
+
class PenetrationTester:
|
|
26
|
+
def __init__(self, target: str):
|
|
27
|
+
self.target = target
|
|
28
|
+
self.findings: List[Finding] = []
|
|
29
|
+
|
|
30
|
+
def test_sql_injection(self, url: str) -> None:
|
|
31
|
+
"""Test for SQL injection vulnerabilities"""
|
|
32
|
+
print(f"Testing SQL injection on {url}")
|
|
33
|
+
|
|
34
|
+
payloads = [
|
|
35
|
+
"' OR '1'='1",
|
|
36
|
+
"'; DROP TABLE users--",
|
|
37
|
+
"' UNION SELECT NULL, NULL, NULL--",
|
|
38
|
+
"1' AND 1=1--",
|
|
39
|
+
"admin'--"
|
|
40
|
+
]
|
|
41
|
+
|
|
42
|
+
for payload in payloads:
|
|
43
|
+
try:
|
|
44
|
+
response = requests.get(
|
|
45
|
+
url,
|
|
46
|
+
params={'id': payload},
|
|
47
|
+
timeout=5
|
|
48
|
+
)
|
|
49
|
+
|
|
50
|
+
# Check for SQL errors
|
|
51
|
+
sql_errors = [
|
|
52
|
+
'mysql_fetch_array',
|
|
53
|
+
'SQLServer JDBC Driver',
|
|
54
|
+
'ORA-01756',
|
|
55
|
+
'PostgreSQL',
|
|
56
|
+
'sqlite3.OperationalError'
|
|
57
|
+
]
|
|
58
|
+
|
|
59
|
+
for error in sql_errors:
|
|
60
|
+
if error in response.text:
|
|
61
|
+
self.findings.append(Finding(
|
|
62
|
+
severity='critical',
|
|
63
|
+
category='SQL Injection',
|
|
64
|
+
target=url,
|
|
65
|
+
vulnerability=f'SQL Injection detected with payload: {payload}',
|
|
66
|
+
evidence=f'Error message: {error}',
|
|
67
|
+
remediation='Use parameterized queries or prepared statements',
|
|
68
|
+
cvss_score=9.8
|
|
69
|
+
))
|
|
70
|
+
break
|
|
71
|
+
|
|
72
|
+
except Exception as e:
|
|
73
|
+
print(f"Error testing {url}: {e}")
|
|
74
|
+
|
|
75
|
+
def test_xss(self, url: str) -> None:
|
|
76
|
+
"""Test for Cross-Site Scripting vulnerabilities"""
|
|
77
|
+
print(f"Testing XSS on {url}")
|
|
78
|
+
|
|
79
|
+
payloads = [
|
|
80
|
+
"<script>alert('XSS')</script>",
|
|
81
|
+
"<img src=x onerror=alert('XSS')>",
|
|
82
|
+
"javascript:alert('XSS')",
|
|
83
|
+
"<svg onload=alert('XSS')>",
|
|
84
|
+
"'-alert('XSS')-'"
|
|
85
|
+
]
|
|
86
|
+
|
|
87
|
+
for payload in payloads:
|
|
88
|
+
try:
|
|
89
|
+
response = requests.get(
|
|
90
|
+
url,
|
|
91
|
+
params={'q': payload},
|
|
92
|
+
timeout=5
|
|
93
|
+
)
|
|
94
|
+
|
|
95
|
+
if payload in response.text:
|
|
96
|
+
self.findings.append(Finding(
|
|
97
|
+
severity='high',
|
|
98
|
+
category='Cross-Site Scripting',
|
|
99
|
+
target=url,
|
|
100
|
+
vulnerability=f'Reflected XSS detected with payload: {payload}',
|
|
101
|
+
evidence='Payload reflected in response without sanitization',
|
|
102
|
+
remediation='Implement output encoding and Content Security Policy',
|
|
103
|
+
cvss_score=7.3
|
|
104
|
+
))
|
|
105
|
+
break
|
|
106
|
+
|
|
107
|
+
except Exception as e:
|
|
108
|
+
print(f"Error testing {url}: {e}")
|
|
109
|
+
|
|
110
|
+
def test_authentication(self, login_url: str) -> None:
|
|
111
|
+
"""Test authentication mechanisms"""
|
|
112
|
+
print(f"Testing authentication on {login_url}")
|
|
113
|
+
|
|
114
|
+
# Test default credentials
|
|
115
|
+
default_creds = [
|
|
116
|
+
('admin', 'admin'),
|
|
117
|
+
('admin', 'password'),
|
|
118
|
+
('root', 'root'),
|
|
119
|
+
('administrator', 'administrator')
|
|
120
|
+
]
|
|
121
|
+
|
|
122
|
+
for username, password in default_creds:
|
|
123
|
+
try:
|
|
124
|
+
response = requests.post(
|
|
125
|
+
login_url,
|
|
126
|
+
data={'username': username, 'password': password},
|
|
127
|
+
timeout=5
|
|
128
|
+
)
|
|
129
|
+
|
|
130
|
+
if response.status_code == 200 and 'dashboard' in response.text.lower():
|
|
131
|
+
self.findings.append(Finding(
|
|
132
|
+
severity='critical',
|
|
133
|
+
category='Weak Authentication',
|
|
134
|
+
target=login_url,
|
|
135
|
+
vulnerability=f'Default credentials accepted: {username}/{password}',
|
|
136
|
+
evidence='Successful authentication with default credentials',
|
|
137
|
+
remediation='Enforce strong password policy and remove default accounts',
|
|
138
|
+
cvss_score=9.1
|
|
139
|
+
))
|
|
140
|
+
|
|
141
|
+
except Exception as e:
|
|
142
|
+
print(f"Error testing credentials: {e}")
|
|
143
|
+
|
|
144
|
+
def test_security_headers(self, url: str) -> None:
|
|
145
|
+
"""Test for missing security headers"""
|
|
146
|
+
print(f"Testing security headers on {url}")
|
|
147
|
+
|
|
148
|
+
try:
|
|
149
|
+
response = requests.get(url, timeout=5)
|
|
150
|
+
|
|
151
|
+
critical_headers = {
|
|
152
|
+
'Strict-Transport-Security': 'HSTS not implemented',
|
|
153
|
+
'X-Frame-Options': 'Clickjacking protection missing',
|
|
154
|
+
'X-Content-Type-Options': 'MIME sniffing prevention missing',
|
|
155
|
+
'Content-Security-Policy': 'CSP not implemented',
|
|
156
|
+
'X-XSS-Protection': 'XSS protection header missing'
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
for header, description in critical_headers.items():
|
|
160
|
+
if header not in response.headers:
|
|
161
|
+
self.findings.append(Finding(
|
|
162
|
+
severity='medium',
|
|
163
|
+
category='Missing Security Header',
|
|
164
|
+
target=url,
|
|
165
|
+
vulnerability=f'Missing header: {header}',
|
|
166
|
+
evidence=description,
|
|
167
|
+
remediation=f'Add {header} header to all responses',
|
|
168
|
+
cvss_score=5.3
|
|
169
|
+
))
|
|
170
|
+
|
|
171
|
+
except Exception as e:
|
|
172
|
+
print(f"Error testing headers: {e}")
|
|
173
|
+
|
|
174
|
+
def test_directory_traversal(self, url: str) -> None:
|
|
175
|
+
"""Test for directory traversal vulnerabilities"""
|
|
176
|
+
print(f"Testing directory traversal on {url}")
|
|
177
|
+
|
|
178
|
+
payloads = [
|
|
179
|
+
'../../../etc/passwd',
|
|
180
|
+
'..\\..\\..\\windows\\system32\\drivers\\etc\\hosts',
|
|
181
|
+
'....//....//....//etc/passwd',
|
|
182
|
+
'%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd'
|
|
183
|
+
]
|
|
184
|
+
|
|
185
|
+
for payload in payloads:
|
|
186
|
+
try:
|
|
187
|
+
response = requests.get(
|
|
188
|
+
url,
|
|
189
|
+
params={'file': payload},
|
|
190
|
+
timeout=5
|
|
191
|
+
)
|
|
192
|
+
|
|
193
|
+
# Check for Unix passwd file
|
|
194
|
+
if 'root:' in response.text or 'daemon:' in response.text:
|
|
195
|
+
self.findings.append(Finding(
|
|
196
|
+
severity='critical',
|
|
197
|
+
category='Directory Traversal',
|
|
198
|
+
target=url,
|
|
199
|
+
vulnerability=f'Path traversal detected with payload: {payload}',
|
|
200
|
+
evidence='System file contents exposed',
|
|
201
|
+
remediation='Validate and sanitize file paths, use whitelist approach',
|
|
202
|
+
cvss_score=8.6
|
|
203
|
+
))
|
|
204
|
+
break
|
|
205
|
+
|
|
206
|
+
except Exception as e:
|
|
207
|
+
print(f"Error testing traversal: {e}")
|
|
208
|
+
|
|
209
|
+
def test_ssl_tls(self) -> None:
|
|
210
|
+
"""Test SSL/TLS configuration"""
|
|
211
|
+
print(f"Testing SSL/TLS on {self.target}")
|
|
212
|
+
|
|
213
|
+
try:
|
|
214
|
+
result = subprocess.run(
|
|
215
|
+
['testssl.sh', '--jsonfile', 'ssl-results.json', self.target],
|
|
216
|
+
capture_output=True,
|
|
217
|
+
text=True,
|
|
218
|
+
timeout=60
|
|
219
|
+
)
|
|
220
|
+
|
|
221
|
+
# Parse SSL test results
|
|
222
|
+
# This is a simplified check
|
|
223
|
+
weak_protocols = ['SSLv2', 'SSLv3', 'TLSv1.0']
|
|
224
|
+
for protocol in weak_protocols:
|
|
225
|
+
self.findings.append(Finding(
|
|
226
|
+
severity='high',
|
|
227
|
+
category='Weak SSL/TLS',
|
|
228
|
+
target=self.target,
|
|
229
|
+
vulnerability=f'Weak protocol enabled: {protocol}',
|
|
230
|
+
evidence='Outdated SSL/TLS protocol support',
|
|
231
|
+
remediation='Disable weak protocols, enforce TLS 1.2+',
|
|
232
|
+
cvss_score=7.5
|
|
233
|
+
))
|
|
234
|
+
|
|
235
|
+
except Exception as e:
|
|
236
|
+
print(f"SSL test error: {e}")
|
|
237
|
+
|
|
238
|
+
def run_full_pentest(self, target_urls: List[str]) -> Dict:
|
|
239
|
+
"""Execute comprehensive penetration test"""
|
|
240
|
+
for url in target_urls:
|
|
241
|
+
self.test_sql_injection(url)
|
|
242
|
+
self.test_xss(url)
|
|
243
|
+
self.test_security_headers(url)
|
|
244
|
+
self.test_directory_traversal(url)
|
|
245
|
+
|
|
246
|
+
self.test_ssl_tls()
|
|
247
|
+
|
|
248
|
+
return self.generate_report()
|
|
249
|
+
|
|
250
|
+
def generate_report(self) -> Dict:
|
|
251
|
+
"""Generate comprehensive pentest report"""
|
|
252
|
+
summary = {
|
|
253
|
+
'critical': 0,
|
|
254
|
+
'high': 0,
|
|
255
|
+
'medium': 0,
|
|
256
|
+
'low': 0
|
|
257
|
+
}
|
|
258
|
+
|
|
259
|
+
for finding in self.findings:
|
|
260
|
+
if finding.severity in summary:
|
|
261
|
+
summary[finding.severity] += 1
|
|
262
|
+
|
|
263
|
+
report = {
|
|
264
|
+
'timestamp': datetime.now().isoformat(),
|
|
265
|
+
'target': self.target,
|
|
266
|
+
'total_findings': len(self.findings),
|
|
267
|
+
'summary': summary,
|
|
268
|
+
'findings': [asdict(f) for f in self.findings],
|
|
269
|
+
'risk_score': self._calculate_risk_score(),
|
|
270
|
+
'recommendations': self._generate_recommendations()
|
|
271
|
+
}
|
|
272
|
+
|
|
273
|
+
with open('pentest-report.json', 'w') as f:
|
|
274
|
+
json.dump(report, f, indent=2)
|
|
275
|
+
|
|
276
|
+
return report
|
|
277
|
+
|
|
278
|
+
def _calculate_risk_score(self) -> float:
|
|
279
|
+
"""Calculate overall risk score"""
|
|
280
|
+
if not self.findings:
|
|
281
|
+
return 0.0
|
|
282
|
+
|
|
283
|
+
total_cvss = sum(f.cvss_score for f in self.findings)
|
|
284
|
+
return round(total_cvss / len(self.findings), 2)
|
|
285
|
+
|
|
286
|
+
def _generate_recommendations(self) -> List[str]:
|
|
287
|
+
"""Generate prioritized recommendations"""
|
|
288
|
+
recommendations = []
|
|
289
|
+
|
|
290
|
+
categories = {}
|
|
291
|
+
for finding in self.findings:
|
|
292
|
+
if finding.category not in categories:
|
|
293
|
+
categories[finding.category] = []
|
|
294
|
+
categories[finding.category].append(finding)
|
|
295
|
+
|
|
296
|
+
for category, findings in sorted(
|
|
297
|
+
categories.items(),
|
|
298
|
+
key=lambda x: len(x[1]),
|
|
299
|
+
reverse=True
|
|
300
|
+
):
|
|
301
|
+
recommendations.append(
|
|
302
|
+
f"Address {len(findings)} {category} vulnerabilities"
|
|
303
|
+
)
|
|
304
|
+
|
|
305
|
+
return recommendations[:5]
|
|
306
|
+
|
|
307
|
+
# Usage
|
|
308
|
+
if __name__ == '__main__':
|
|
309
|
+
tester = PenetrationTester('https://example.com')
|
|
310
|
+
|
|
311
|
+
target_urls = [
|
|
312
|
+
'https://example.com/api/users',
|
|
313
|
+
'https://example.com/search',
|
|
314
|
+
'https://example.com/download'
|
|
315
|
+
]
|
|
316
|
+
|
|
317
|
+
report = tester.run_full_pentest(target_urls)
|
|
318
|
+
|
|
319
|
+
print("\n=== Penetration Test Report ===")
|
|
320
|
+
print(f"Target: {report['target']}")
|
|
321
|
+
print(f"Total Findings: {report['total_findings']}")
|
|
322
|
+
print(f"Risk Score: {report['risk_score']}")
|
|
323
|
+
print(f"\nFindings by Severity:")
|
|
324
|
+
print(f" Critical: {report['summary']['critical']}")
|
|
325
|
+
print(f" High: {report['summary']['high']}")
|
|
326
|
+
print(f" Medium: {report['summary']['medium']}")
|
|
327
|
+
print(f" Low: {report['summary']['low']}")
|
|
328
|
+
```
|