aiptx 2.0.1__tar.gz

aiptx-2.0.1/ARCHITECTURE.md

@@ -0,0 +1,88 @@
+# AIPT v2 Architecture
+## Built ON TOP of 8 AI Pentesting Frameworks
+
+### Module Origins
+
+```
+aipt_v2/
+├── llm/                    # FROM: AIPTx (litellm-based, 100+ providers)
+│   ├── llm.py             # AIPTx: LLM class with caching, vision, reasoning
+│   ├── memory.py          # AIPTx: MemoryCompressor (80% threshold)
+│   ├── config.py          # AIPTx: LLMConfig dataclass
+│   └── utils.py           # AIPTx: Tool invocation parsing
+│
+├── runtime/               # FROM: AIPTx + HackSynth
+│   ├── docker.py          # AIPTx: DockerRuntime (399 lines)
+│   ├── terminal.py        # AIPTx: TerminalSession (447 lines)
+│   └── sandbox.py         # HackSynth: Container isolation patterns
+│
+├── tools/                 # FROM: AIPTx + ez-ai-agent
+│   ├── executor.py        # AIPTx: Tool executor
+│   ├── terminal/          # AIPTx: Terminal tools
+│   ├── browser/           # AIPTx: Playwright browser (533 lines)
+│   ├── proxy/             # AIPTx: MITM proxy (785 lines)
+│   └── security/          # NEW: Security tool wrappers
+│       ├── nmap.py
+│       ├── nuclei.py
+│       ├── sqlmap.py
+│       └── ...
+│
+├── intelligence/          # FROM: pentest-agent + PentestAssistant
+│   ├── cve.py             # pentest-agent: CVE scoring (946 lines)
+│   ├── exploit_search.py  # pentest-agent: GitHub/ExploitDB searchers
+│   ├── rag.py             # PentestAssistant: BGE embeddings
+│   └── tool_selection.py  # PentestAssistant: Tool planning
+│
+├── agents/                # FROM: AIPTx + PentestGPT
+│   ├── base.py            # AIPTx: BaseAgent (518 lines)
+│   ├── state.py           # AIPTx: Agent state management
+│   ├── pentest_agent.py   # NEW: Security-focused agent
+│   └── ptt.py             # PentestGPT: Penetration Testing Tree
+│
+├── interface/             # FROM: AIPTx
+│   ├── tui.py             # AIPTx: Rich TUI (1,274 lines)
+│   ├── cli.py             # AIPTx: CLI interface
+│   └── utils.py           # AIPTx: UI utilities
+│
+├── database/              # FROM: VulnBot + AIPT v1
+│   ├── models.py          # VulnBot: SQLAlchemy models
+│   ├── repository.py      # AIPT v1: CRUD operations
+│   └── kb.py              # VulnBot: Knowledge base
+│
+└── api/                   # FROM: AIPT v1
+    └── app.py             # AIPT v1: FastAPI endpoints
+```
+
+### Feature Matrix
+
+| Feature | Source | Lines | Status |
+|---------|--------|-------|--------|
+| LLM (litellm) | AIPTx | 513 | Copy |
+| Memory Compression | AIPTx | 212 | Copy |
+| Docker Runtime | AIPTx | 399 | Copy |
+| Terminal Session | AIPTx | 447 | Copy |
+| Browser Automation | AIPTx | 533 | Copy |
+| Proxy/MITM | AIPTx | 785 | Copy |
+| TUI Interface | AIPTx | 1,274 | Copy |
+| CVE Intelligence | pentest-agent | 946 | Adapt |
+| Exploit Search | pentest-agent | 1,200+ | Adapt |
+| Tool RAG | PentestAssistant | 200 | Adapt |
+| PTT Tracking | PentestGPT | 400 | Adapt |
+| Knowledge Base | VulnBot | 500+ | Adapt |
+| Database | AIPT v1 | 616 | Keep |
+| REST API | AIPT v1 | 384 | Keep |
+| Security Tools | ez-ai-agent | 364 | Adapt |
+| Container Setup | HackSynth | 61 | Reference |
+
+### Total Expected Lines: ~8,000-10,000
+
+### Key Improvements Over Individual Tools
+
+1. **Unified LLM Layer** - litellm supports 100+ providers (better than any single tool)
+2. **Complete Toolset** - Browser + Terminal + Proxy (from AIPTx)
+3. **Security Intelligence** - CVE + Exploit search (from pentest-agent)
+4. **Smart Tool Selection** - RAG-based (from PentestAssistant)
+5. **Progress Tracking** - PTT (from PentestGPT)
+6. **Knowledge Persistence** - Database + KB (from VulnBot + AIPT v1)
+7. **Professional Interface** - Rich TUI (from AIPTx)
+8. **REST API** - Programmatic access (from AIPT v1)

aiptx-2.0.1/CHANGELOG.md

@@ -0,0 +1,121 @@
+# Changelog
+
+All notable changes to AIPTX will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [2.0.1] - 2024-12-16
+
+### Added
+- **LICENSE file** - MIT License now included in package
+- **MANIFEST.in** - Proper package data inclusion for PyPI
+- **Enhanced SEO** - Improved discoverability on PyPI and search engines
+  - Expanded keywords from 9 to 46 terms
+  - Increased classifiers from 14 to 37 categories
+  - Added comparison tables and use case examples to README
+
+### Changed
+- **README.md** - Complete rewrite for better SEO and user experience
+  - Added 6 badges (PyPI, Downloads, Python, License, Code Style, Security)
+  - Added "Why AIPTX?" comparison table
+  - Added detailed tool coverage tables by phase
+  - Added architecture diagram
+  - Added use case examples (Bug Bounty, Pentest, DevSecOps, Red Team)
+  - Added competitor comparison table
+  - Added keyword section for search indexing
+- **pyproject.toml** - Enhanced metadata
+  - License now references LICENSE file
+  - Added Python 3.13 support classifier
+  - Added Framework :: FastAPI classifier
+  - Added multiple OS platform classifiers
+
+### Fixed
+- **Python 3.9 compatibility** - Added `from __future__ import annotations` to 16 modules for union type syntax support
+- **Import path fixes** - Fixed 15+ incorrect relative imports to use full `aipt_v2.` package prefix
+  - `from telemetry.tracer` → `from aipt_v2.telemetry.tracer` (8 locations)
+  - `from tools.agents_graph` → `from aipt_v2.tools.agents_graph` (5 locations)
+  - `from database.models` → `from aipt_v2.database.models` (1 location)
+- **Test imports** - Fixed sys.path configuration in test files
+- **Package structure** - Ensured proper src layout packaging
+
+## [2.0.0] - 2024-12-14
+
+### Added
+- **AI Intelligence Layer**
+  - LLM-guided scanning with LiteLLM (100+ providers)
+  - Smart triage based on real-world exploitability
+  - Attack chain detection for vulnerability chaining
+  - RAG-based tool selection using BGE embeddings
+
+- **36+ Security Tools Integration**
+  - Phase 1 RECON: subfinder, assetfinder, amass, httpx, nmap, waybackurls, theHarvester, dnsrecon, wafw00f, whatweb
+  - Phase 2 SCAN: nuclei, nikto, wpscan, ffuf, gobuster, dirsearch, sslscan, testssl, gitleaks, trufflehog, trivy
+  - Phase 3 EXPLOIT: sqlmap, commix, xsstrike, hydra, searchsploit
+  - Phase 4 POST-EXPLOIT: linpeas, winpeas, pspy, lazagne
+
+- **Enterprise Scanner Integration**
+  - Acunetix API integration (24KB wrapper)
+  - Burp Suite Professional API integration (21KB wrapper)
+  - Nessus API integration (18KB wrapper)
+  - OWASP ZAP API integration (18KB wrapper)
+
+- **Intelligence Module**
+  - CVE scoring and analysis (42KB)
+  - Attack chain generation (27KB)
+  - Finding triage and prioritization (24KB)
+  - Authenticated scanning support (17KB)
+  - Scope enforcement (16KB)
+  - RAG tool selection (8KB)
+  - ExploitDB, GitHub, Google searchers
+
+- **Professional Output**
+  - HTML vulnerability reports
+  - JSON export for CI/CD
+  - REST API server (FastAPI)
+  - Rich TUI with real-time progress
+
+- **Runtime Options**
+  - Docker container execution
+  - Local execution
+  - VPS remote execution via SSH
+
+### Architecture
+- Modular design with clear separation of concerns
+- Async-first implementation for performance
+- Plugin system for future extensibility
+- Database persistence with SQLAlchemy
+
+## [1.0.0] - 2024-11-01
+
+### Added
+- Initial release
+- Basic scanning functionality
+- Database integration
+- REST API
+
+---
+
+## Roadmap
+
+### Planned for v2.1.0
+- [ ] Cloud security scanning (AWS, Azure, GCP)
+- [ ] Active Directory attack module
+- [ ] API security testing suite
+- [ ] Compliance reporting (PCI-DSS, HIPAA, SOC2)
+
+### Planned for v2.2.0
+- [ ] Web-based dashboard
+- [ ] Team collaboration features
+- [ ] Scheduled scanning
+- [ ] Notification integrations (Slack, Teams, Discord)
+
+---
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+## License
+
+MIT License - see [LICENSE](LICENSE) for details.

aiptx-2.0.1/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Satyam Rastogi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

aiptx-2.0.1/MANIFEST.in

@@ -0,0 +1,20 @@
+include LICENSE
+include README.md
+include requirements.txt
+include CHANGELOG.md
+include ARCHITECTURE.md
+
+recursive-include src/aipt_v2 *.json *.yaml *.yml *.jinja *.jinja2 *.html *.css
+recursive-include src/aipt_v2/prompts *.txt *.md
+
+prune tests
+prune htmlcov
+prune .venv
+prune __pycache__
+prune *.egg-info
+
+global-exclude *.pyc
+global-exclude *.pyo
+global-exclude .DS_Store
+global-exclude .coverage
+global-exclude *.log

aiptx-2.0.1/PKG-INFO

@@ -0,0 +1,420 @@
+Metadata-Version: 2.4
+Name: aiptx
+Version: 2.0.1
+Summary: AI-Powered Penetration Testing Framework - Zero-click security scanning with LLM intelligence
+Author-email: Satyam Rastogi <satyam@aiptx.io>
+Maintainer-email: Satyam Rastogi <satyam@aiptx.io>
+License: MIT License
+        
+        Copyright (c) 2025 Satyam Rastogi
+        
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+        
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE.
+        
+Project-URL: Homepage, https://github.com/satyamrastogi/aiptx
+Project-URL: Documentation, https://aiptx.io/docs
+Project-URL: Repository, https://github.com/satyamrastogi/aiptx
+Project-URL: Issues, https://github.com/satyamrastogi/aiptx/issues
+Project-URL: Changelog, https://github.com/satyamrastogi/aiptx/blob/main/CHANGELOG.md
+Keywords: security,penetration-testing,pentest,vulnerability-scanner,vulnerability-assessment,security-scanner,security-tools,security-automation,ai,llm,artificial-intelligence,machine-learning,gpt,claude,cybersecurity,infosec,appsec,devsecops,vapt,dast,sast,bug-bounty,ethical-hacking,red-team,offensive-security,web-security,owasp,cve,exploit,nmap,nuclei,sqlmap,burp-suite,acunetix,nessus,zap,reconnaissance,recon,scanning,exploitation,automation,cli,api
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: System Administrators
+Classifier: Intended Audience :: Science/Research
+Classifier: Topic :: Security
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Software Development :: Testing
+Classifier: Topic :: Software Development :: Testing :: Acceptance
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Internet :: WWW/HTTP :: HTTP Servers
+Classifier: Topic :: System :: Networking
+Classifier: Topic :: System :: Systems Administration
+Classifier: Topic :: System :: Monitoring
+Classifier: Topic :: Utilities
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Operating System :: MacOS
+Classifier: Operating System :: Microsoft :: Windows
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Typing :: Typed
+Classifier: Framework :: FastAPI
+Classifier: Natural Language :: English
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: litellm>=1.50.0
+Requires-Dist: jinja2>=3.1.0
+Requires-Dist: tiktoken>=0.5.0
+Requires-Dist: requests>=2.31.0
+Requires-Dist: httpx>=0.25.0
+Requires-Dist: aiohttp>=3.9.0
+Requires-Dist: fastapi>=0.104.0
+Requires-Dist: uvicorn[standard]>=0.24.0
+Requires-Dist: pydantic>=2.5.0
+Requires-Dist: pydantic-settings>=2.0.0
+Requires-Dist: slowapi>=0.1.9
+Requires-Dist: sqlalchemy>=2.0.0
+Requires-Dist: alembic>=1.13.0
+Requires-Dist: textual>=0.44.0
+Requires-Dist: rich>=13.7.0
+Requires-Dist: click>=8.1.0
+Requires-Dist: typer>=0.9.0
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: aiofiles>=23.0.0
+Requires-Dist: structlog>=23.0.0
+Requires-Dist: psutil>=5.9.0
+Provides-Extra: full
+Requires-Dist: sentence-transformers>=2.2.0; extra == "full"
+Requires-Dist: numpy>=1.24.0; extra == "full"
+Requires-Dist: torch>=2.0.0; extra == "full"
+Requires-Dist: playwright>=1.40.0; extra == "full"
+Requires-Dist: mitmproxy>=10.0.0; extra == "full"
+Requires-Dist: docker>=7.0.0; extra == "full"
+Requires-Dist: pexpect>=4.8.0; extra == "full"
+Requires-Dist: paramiko>=3.4.0; extra == "full"
+Requires-Dist: langchain-core>=0.1.0; extra == "full"
+Requires-Dist: scikit-learn>=1.3.0; extra == "full"
+Requires-Dist: scipy>=1.11.0; extra == "full"
+Requires-Dist: pandas>=2.0.0; extra == "full"
+Provides-Extra: dev
+Requires-Dist: pytest>=7.4.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.21.0; extra == "dev"
+Requires-Dist: pytest-cov>=4.1.0; extra == "dev"
+Requires-Dist: pytest-mock>=3.12.0; extra == "dev"
+Requires-Dist: black>=23.0.0; extra == "dev"
+Requires-Dist: ruff>=0.1.0; extra == "dev"
+Requires-Dist: mypy>=1.7.0; extra == "dev"
+Requires-Dist: bandit>=1.7.0; extra == "dev"
+Requires-Dist: pre-commit>=3.5.0; extra == "dev"
+Requires-Dist: safety>=2.3.0; extra == "dev"
+Dynamic: license-file
+
+# AIPTX - AI-Powered Penetration Testing Framework
+
+[![PyPI version](https://badge.fury.io/py/aiptx.svg)](https://badge.fury.io/py/aiptx)
+[![Downloads](https://static.pepy.tech/badge/aiptx)](https://pepy.tech/project/aiptx)
+[![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
+[![Security: bandit](https://img.shields.io/badge/security-bandit-yellow.svg)](https://github.com/PyCQA/bandit)
+
+> **The Ultimate AI-Powered Penetration Testing & Vulnerability Assessment Tool**
+
+**AIPTX** is a comprehensive **penetration testing framework** that combines **36+ security tools** with **AI/LLM intelligence** for automated vulnerability discovery. Perfect for **security researchers**, **bug bounty hunters**, **penetration testers**, and **red team** professionals.
+
+## Why AIPTX?
+
+| Feature | AIPTX | Traditional Tools |
+|---------|-------|-------------------|
+| AI-Guided Scanning | ✅ LLM decides next steps | ❌ Manual decisions |
+| Tool Integration | ✅ 36+ tools unified | ❌ Run separately |
+| Enterprise Scanners | ✅ Acunetix, Burp, Nessus, ZAP | ❌ Separate licenses |
+| Auto Exploitation | ✅ SQLMap, Hydra, XSStrike | ❌ Manual chaining |
+| Professional Reports | ✅ HTML, JSON, Executive | ❌ Copy-paste results |
+| One Command | ✅ `aiptx scan target.com` | ❌ Multiple scripts |
+
+## Key Features
+
+### AI-Powered Intelligence
+- **LLM-Guided Scanning** - Claude, GPT-4, or 100+ models via LiteLLM decide which tools to run based on findings
+- **Smart Triage** - AI prioritizes vulnerabilities by real-world exploitability, not just CVSS
+- **Attack Chain Detection** - Identifies how medium findings combine into critical risks
+- **RAG-Based Tool Selection** - Semantic search matches objectives to optimal tools
+
+### Comprehensive Tool Coverage
+- **36+ Security Tools** - Unified interface for reconnaissance, scanning, exploitation, and post-exploitation
+- **Enterprise Scanner Integration** - Native API support for Acunetix, Burp Suite Professional, Nessus, and OWASP ZAP
+- **Automated Reconnaissance** - Subdomain enumeration, port scanning, technology fingerprinting
+- **Active Exploitation** - SQL injection, XSS, command injection testing (opt-in)
+- **Post-Exploitation** - Privilege escalation detection with LinPEAS/WinPEAS
+
+### Professional Output
+- **HTML Reports** - Executive-ready vulnerability reports
+- **JSON Export** - CI/CD integration and programmatic access
+- **REST API** - Integrate AIPTX into your security pipeline
+- **Rich TUI** - Beautiful terminal interface with real-time progress
+
+## Installation
+
+```bash
+# Recommended: Zero-click install with pipx
+pipx install aiptx
+
+# Or with pip
+pip install aiptx
+
+# Full installation (ML, browser automation, proxy)
+pip install aiptx[full]
+```
+
+**Requirements:** Python 3.10+ | External tools auto-detected (nmap, nuclei, etc.)
+
+## Quick Start
+
+```bash
+# Basic vulnerability scan
+aiptx scan example.com
+
+# AI-guided intelligent scanning (requires API key)
+aiptx scan example.com --ai
+
+# Full comprehensive scan (all tools + exploitation)
+aiptx scan example.com --full
+
+# Container security scanning
+aiptx scan example.com --container
+
+# Secret/credential detection
+aiptx scan example.com --secrets
+
+# With enterprise scanners
+aiptx scan example.com --acunetix --burp --nessus --zap
+
+# Check configuration and installed tools
+aiptx status
+
+# Start REST API server
+aiptx api
+```
+
+## Tool Coverage
+
+### Phase 1: Reconnaissance (10 Tools)
+
+| Tool | Purpose | Category |
+|------|---------|----------|
+| **subfinder** | Fast passive subdomain enumeration | Subdomain Discovery |
+| **assetfinder** | Find related domains and assets | Subdomain Discovery |
+| **amass** | In-depth DNS enumeration | Subdomain Discovery |
+| **httpx** | HTTP probing and fingerprinting | HTTP Analysis |
+| **nmap** | Port scanning and service detection | Network Scanning |
+| **waybackurls** | Historical URL discovery via Wayback Machine | OSINT |
+| **theHarvester** | Email and subdomain OSINT gathering | OSINT |
+| **dnsrecon** | DNS enumeration and zone transfers | DNS Analysis |
+| **wafw00f** | Web Application Firewall detection | WAF Detection |
+| **whatweb** | Technology stack fingerprinting | Tech Detection |
+
+### Phase 2: Vulnerability Scanning (15+ Tools)
+
+| Tool | Purpose | Category |
+|------|---------|----------|
+| **nuclei** | Template-based vulnerability scanning | Vuln Scanner |
+| **nikto** | Web server vulnerability scanner | Web Scanner |
+| **wpscan** | WordPress security scanner | CMS Scanner |
+| **ffuf** | Fast web fuzzer for directories/files | Fuzzing |
+| **gobuster** | Directory and vhost brute-forcing | Fuzzing |
+| **dirsearch** | Web path discovery | Fuzzing |
+| **sslscan** | SSL/TLS configuration analysis | SSL Testing |
+| **testssl** | Comprehensive TLS/SSL testing | SSL Testing |
+| **gitleaks** | Secret detection in git repositories | Secret Scanning |
+| **trufflehog** | Deep credential scanning | Secret Scanning |
+| **trivy** | Container vulnerability scanning | Container Security |
+| **Acunetix** | Enterprise DAST scanner | Enterprise |
+| **Burp Suite** | Professional web security scanner | Enterprise |
+| **Nessus** | Network vulnerability assessment | Enterprise |
+| **OWASP ZAP** | Open-source DAST | Enterprise |
+
+### Phase 3: Exploitation (5 Tools - Opt-in Full Mode)
+
+| Tool | Purpose | Attack Type |
+|------|---------|-------------|
+| **sqlmap** | Automated SQL injection exploitation | SQLi |
+| **commix** | Command injection testing | Command Injection |
+| **xsstrike** | Advanced XSS detection and exploitation | XSS |
+| **hydra** | Network login brute-forcing | Credential Attack |
+| **searchsploit** | Exploit database search | Exploit Research |
+
+### Phase 4: Post-Exploitation (4 Tools)
+
+| Tool | Purpose | Platform |
+|------|---------|----------|
+| **linpeas** | Linux privilege escalation enumeration | Linux |
+| **winpeas** | Windows privilege escalation enumeration | Windows |
+| **pspy** | Process monitoring without root | Linux |
+| **lazagne** | Credential extraction from memory | Cross-platform |
+
+## Enterprise Scanner Integration
+
+AIPTX provides **native API integration** with enterprise security scanners:
+
+```bash
+# Configure enterprise scanners
+export ACUNETIX_URL="https://your-acunetix:3443"
+export ACUNETIX_API_KEY="your-api-key"
+
+export BURP_URL="http://your-burp:1337"
+export BURP_API_KEY="your-api-key"
+
+export NESSUS_URL="https://your-nessus:8834"
+export NESSUS_ACCESS_KEY="your-access-key"
+export NESSUS_SECRET_KEY="your-secret-key"
+
+export ZAP_URL="http://localhost:8080"
+export ZAP_API_KEY="your-api-key"
+```
+
+## AI/LLM Configuration
+
+AIPTX supports **100+ LLM providers** via LiteLLM:
+
+```bash
+# Anthropic Claude (recommended)
+export ANTHROPIC_API_KEY="your-key"
+
+# OpenAI GPT-4
+export OPENAI_API_KEY="your-key"
+
+# Azure OpenAI
+export AZURE_API_KEY="your-key"
+export AZURE_API_BASE="your-endpoint"
+
+# Local models (Ollama, LM Studio)
+export OLLAMA_API_BASE="http://localhost:11434"
+```
+
+## Architecture
+
+```
+┌─────────────────────────────────────────────────────────────────┐
+│                         AIPTX v2.0                              │
+├─────────────────────────────────────────────────────────────────┤
+│                     AI INTELLIGENCE LAYER                       │
+│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐            │
+│  │ LLM Engine  │  │ CVE Scoring │  │Attack Chain │            │
+│  │ (LiteLLM)   │  │   Engine    │  │  Detection  │            │
+│  └─────────────┘  └─────────────┘  └─────────────┘            │
+├─────────────────────────────────────────────────────────────────┤
+│                      SCANNING PIPELINE                          │
+│  RECON ──────► SCAN ──────► EXPLOIT ──────► POST-EXPLOIT       │
+│  10 tools      15 tools     5 tools         4 tools            │
+├─────────────────────────────────────────────────────────────────┤
+│                    ENTERPRISE INTEGRATIONS                      │
+│  Acunetix  │  Burp Suite  │  Nessus  │  OWASP ZAP             │
+├─────────────────────────────────────────────────────────────────┤
+│                         OUTPUT                                  │
+│  HTML Reports  │  JSON Export  │  REST API  │  TUI             │
+└─────────────────────────────────────────────────────────────────┘
+```
+
+## Command Reference
+
+| Command | Description |
+|---------|-------------|
+| `aiptx scan <target>` | Run security scan against target |
+| `aiptx scan <target> --ai` | Enable AI-guided intelligent scanning |
+| `aiptx scan <target> --full` | Comprehensive scan with all tools |
+| `aiptx scan <target> --quick` | Fast scan with essential tools only |
+| `aiptx scan <target> --exploit` | Enable exploitation tools |
+| `aiptx scan <target> --container` | Enable container/Docker scanning |
+| `aiptx scan <target> --secrets` | Enable secret/credential detection |
+| `aiptx scan <target> --acunetix` | Include Acunetix enterprise scan |
+| `aiptx scan <target> --burp` | Include Burp Suite scan |
+| `aiptx scan <target> --nessus` | Include Nessus vulnerability scan |
+| `aiptx scan <target> --zap` | Include OWASP ZAP scan |
+| `aiptx status` | Check configuration and tool availability |
+| `aiptx version` | Show version information |
+| `aiptx api` | Start REST API server |
+
+## Use Cases
+
+### Bug Bounty Hunting
+```bash
+# Comprehensive recon + scanning for bug bounty
+aiptx scan target.com --ai --full
+```
+
+### Penetration Testing
+```bash
+# Professional pentest with enterprise tools
+aiptx scan client-app.com --acunetix --nessus --full
+```
+
+### DevSecOps Pipeline
+```bash
+# Automated security scanning in CI/CD
+aiptx scan staging.app.com --container --secrets --json > results.json
+```
+
+### Red Team Operations
+```bash
+# Full attack chain with exploitation
+aiptx scan target.corp --ai --exploit --full
+```
+
+## Comparison with Alternatives
+
+| Feature | AIPTX | Nuclei | Nmap | Manual Testing |
+|---------|-------|--------|------|----------------|
+| AI Intelligence | ✅ | ❌ | ❌ | ❌ |
+| Unified Interface | ✅ | ❌ | ❌ | ❌ |
+| 36+ Tools | ✅ | ❌ | ❌ | ✅ (manual) |
+| Enterprise Scanners | ✅ | ❌ | ❌ | ✅ (separate) |
+| Auto Reports | ✅ | ✅ | ❌ | ❌ |
+| Attack Chaining | ✅ | ❌ | ❌ | ✅ (manual) |
+| REST API | ✅ | ❌ | ❌ | ❌ |
+| Zero Config | ✅ | ✅ | ✅ | ❌ |
+
+## Requirements
+
+- **Python**: 3.10 or higher
+- **OS**: Linux, macOS, Windows (WSL recommended)
+- **Optional**: Docker, SSH access for remote execution
+- **External Tools**: Auto-detected (nmap, nuclei, sqlmap, etc.)
+
+## License
+
+MIT License - see [LICENSE](LICENSE) for details.
+
+## Author
+
+**Satyam Rastogi** - Security Researcher & Developer
+
+- GitHub: [@satyamrastogi](https://github.com/satyamrastogi)
+- Website: [aiptx.io](https://aiptx.io)
+
+## Links
+
+- [Documentation](https://aiptx.io/docs)
+- [PyPI Package](https://pypi.org/project/aiptx/)
+- [GitHub Repository](https://github.com/satyamrastogi/aiptx)
+- [Issue Tracker](https://github.com/satyamrastogi/aiptx/issues)
+- [Changelog](https://github.com/satyamrastogi/aiptx/blob/main/CHANGELOG.md)
+
+## Keywords
+
+`penetration-testing` `pentest` `vulnerability-scanner` `security-tools` `bug-bounty` `ethical-hacking` `red-team` `offensive-security` `web-security` `OWASP` `CVE` `exploit` `reconnaissance` `nmap` `nuclei` `sqlmap` `burp-suite` `acunetix` `nessus` `zap` `AI` `LLM` `automation` `VAPT` `DAST` `appsec` `infosec` `cybersecurity`
+
+---
+
+<p align="center">
+  <b>Star this repo if AIPTX helps your security testing!</b><br>
+  <a href="https://github.com/satyamrastogi/aiptx">⭐ GitHub</a> •
+  <a href="https://pypi.org/project/aiptx/">📦 PyPI</a> •
+  <a href="https://aiptx.io/docs">📚 Docs</a>
+</p>