aiptx 2.0.2__py3-none-any.whl

aipt_v2/utils/searchers/__init__.py

@@ -0,0 +1,269 @@
+"""
+Searcher Utilities for AIPT v2
+==============================
+
+Provides utility functions for intelligence searchers:
+- Domain filtering
+- File extension filtering
+- Repository filtering
+- Directory cleanup
+
+These are stub implementations for compatibility with
+intelligence/searchers modules.
+"""
+
+import os
+import re
+from typing import List, Set
+from pathlib import Path
+
+from aipt_v2.utils.logging import logger
+
+
+# Blocked domains for security/ethical reasons
+BLOCKED_DOMAINS: Set[str] = {
+    ".gov",
+    ".mil",
+    ".edu",
+    ".bank",
+    ".police",
+}
+
+# Allowed web page extensions
+WEB_EXTENSIONS: Set[str] = {
+    ".html",
+    ".htm",
+    ".php",
+    ".asp",
+    ".aspx",
+    ".jsp",
+    ".do",
+    "",  # No extension
+}
+
+# Blocked file patterns for GitHub
+BLOCKED_GITHUB_PATTERNS: Set[str] = {
+    "README",
+    "LICENSE",
+    "CHANGELOG",
+    "CONTRIBUTING",
+    ".md",
+    ".txt",
+    ".rst",
+    ".lock",
+}
+
+
+class DomainFilter:
+    """Filter domains based on security/ethical rules."""
+
+    def __init__(self, blocked: Set[str] = None, allowed: Set[str] = None):
+        self.blocked = blocked or BLOCKED_DOMAINS
+        self.allowed = allowed or set()
+
+    def __call__(self, domain: str) -> bool:
+        return self.is_allowed(domain)
+
+    def is_allowed(self, domain: str) -> bool:
+        """
+        Check if domain is allowed for scanning.
+
+        Args:
+            domain: Domain to check
+
+        Returns:
+            True if domain is allowed
+        """
+        domain_lower = domain.lower()
+
+        # Check blocked list
+        for blocked in self.blocked:
+            if domain_lower.endswith(blocked):
+                logger.debug("Domain blocked", domain=domain, reason=f"ends with {blocked}")
+                return False
+
+        # If allowed list exists, check it
+        if self.allowed:
+            for allowed in self.allowed:
+                if domain_lower.endswith(allowed):
+                    return True
+            return False
+
+        return True
+
+
+class ExtensionFilter:
+    """Filter files/URLs by extension."""
+
+    def __init__(self, allowed: Set[str] = None, blocked: Set[str] = None):
+        self.allowed = allowed or set()
+        self.blocked = blocked or set()
+
+    def __call__(self, filename: str) -> bool:
+        return self.is_allowed(filename)
+
+    def is_allowed(self, filename: str) -> bool:
+        """Check if file extension is allowed."""
+        ext = Path(filename).suffix.lower()
+
+        if self.blocked and ext in self.blocked:
+            return False
+
+        if self.allowed:
+            return ext in self.allowed
+
+        return True
+
+
+class RepositoryFilter:
+    """Filter GitHub repositories."""
+
+    def __init__(self, blocked_patterns: Set[str] = None):
+        self.blocked = blocked_patterns or set()
+
+    def __call__(self, repo: str) -> bool:
+        return self.is_allowed(repo)
+
+    def is_allowed(self, repo: str) -> bool:
+        """Check if repository name is allowed."""
+        repo_lower = repo.lower()
+
+        for pattern in self.blocked:
+            if pattern.lower() in repo_lower:
+                return False
+
+        return True
+
+
+# Pre-configured filter instances
+domain_filter = DomainFilter()
+repository_filter = RepositoryFilter()
+
+
+def for_google_webpage(extension: str) -> bool:
+    """
+    Check if extension is valid for web pages.
+
+    Args:
+        extension: File extension (with or without dot)
+
+    Returns:
+        True if valid web page extension
+    """
+    ext = extension.lower()
+    if not ext.startswith("."):
+        ext = f".{ext}" if ext else ""
+
+    return ext in WEB_EXTENSIONS
+
+
+def for_github_repo_file(filename: str) -> bool:
+    """
+    Check if file should be included from GitHub repo.
+
+    Args:
+        filename: File name to check
+
+    Returns:
+        True if file should be included
+    """
+    filename_upper = filename.upper()
+
+    for pattern in BLOCKED_GITHUB_PATTERNS:
+        if pattern.upper() in filename_upper or filename.endswith(pattern):
+            return False
+
+    return True
+
+
+def remove_empty_directories(path: str) -> int:
+    """
+    Remove empty directories recursively.
+
+    Args:
+        path: Root path to clean
+
+    Returns:
+        Number of directories removed
+    """
+    removed = 0
+    path_obj = Path(path)
+
+    if not path_obj.exists():
+        return 0
+
+    for dirpath in sorted(path_obj.rglob("*"), reverse=True):
+        if dirpath.is_dir():
+            try:
+                # Check if directory is empty
+                if not any(dirpath.iterdir()):
+                    dirpath.rmdir()
+                    removed += 1
+                    logger.debug("Removed empty directory", path=str(dirpath))
+            except OSError as e:
+                logger.warning("Failed to remove directory", path=str(dirpath), error=str(e))
+
+    return removed
+
+
+def sanitize_filename(filename: str) -> str:
+    """
+    Sanitize filename for safe filesystem use.
+
+    Args:
+        filename: Original filename
+
+    Returns:
+        Sanitized filename
+    """
+    # Remove or replace dangerous characters
+    sanitized = re.sub(r'[<>:"/\\|?*]', '_', filename)
+    sanitized = re.sub(r'\s+', '_', sanitized)
+    sanitized = sanitized.strip('._')
+
+    # Limit length
+    if len(sanitized) > 200:
+        sanitized = sanitized[:200]
+
+    return sanitized or "unnamed"
+
+
+def validate_cve_id(cve_id: str) -> bool:
+    """
+    Validate CVE ID format.
+
+    Args:
+        cve_id: CVE identifier to validate
+
+    Returns:
+        True if valid CVE format
+    """
+    pattern = r'^CVE-\d{4}-\d{4,}$'
+    return bool(re.match(pattern, cve_id.upper()))
+
+
+def extract_cve_ids(text: str) -> List[str]:
+    """
+    Extract CVE IDs from text.
+
+    Args:
+        text: Text to search
+
+    Returns:
+        List of CVE IDs found
+    """
+    pattern = r'CVE-\d{4}-\d{4,}'
+    matches = re.findall(pattern, text.upper())
+    return list(set(matches))
+
+
+# GitHub configuration compatibility
+class GitHubConfig:
+    """GitHub API configuration."""
+    API_URL = "https://api.github.com"
+    SEARCH_URL = f"{API_URL}/search"
+    RATE_LIMIT = 30  # requests per minute for unauthenticated
+
+
+# Alias for backwards compatibility
+c = GitHubConfig

aiptx-2.0.2.dist-info/METADATA

@@ -0,0 +1,324 @@
+Metadata-Version: 2.4
+Name: aiptx
+Version: 2.0.2
+Summary: AI-Powered Penetration Testing Framework - Autonomous security assessment with LLM intelligence
+Author-email: Satyam Rastogi <satyam@aiptx.io>
+Maintainer-email: Satyam Rastogi <satyam@aiptx.io>
+License: MIT License
+        
+        Copyright (c) 2025 Satyam Rastogi
+        
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+        
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE.
+        
+Project-URL: Homepage, https://github.com/satyamrastogi/aiptx
+Project-URL: Documentation, https://aiptx.io/docs
+Project-URL: Repository, https://github.com/satyamrastogi/aiptx
+Project-URL: Issues, https://github.com/satyamrastogi/aiptx/issues
+Project-URL: Changelog, https://github.com/satyamrastogi/aiptx/blob/main/CHANGELOG.md
+Keywords: security,penetration-testing,pentest,vulnerability-scanner,vulnerability-assessment,security-scanner,security-tools,security-automation,ai,llm,artificial-intelligence,machine-learning,gpt,claude,cybersecurity,infosec,appsec,devsecops,vapt,dast,sast,bug-bounty,ethical-hacking,red-team,offensive-security,web-security,owasp,cve,exploit,nmap,nuclei,sqlmap,burp-suite,acunetix,nessus,zap,reconnaissance,recon,scanning,exploitation,automation,cli,api
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: System Administrators
+Classifier: Intended Audience :: Science/Research
+Classifier: Topic :: Security
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Software Development :: Testing
+Classifier: Topic :: Software Development :: Testing :: Acceptance
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Internet :: WWW/HTTP :: HTTP Servers
+Classifier: Topic :: System :: Networking
+Classifier: Topic :: System :: Systems Administration
+Classifier: Topic :: System :: Monitoring
+Classifier: Topic :: Utilities
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Operating System :: MacOS
+Classifier: Operating System :: Microsoft :: Windows
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Typing :: Typed
+Classifier: Framework :: FastAPI
+Classifier: Natural Language :: English
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: litellm>=1.50.0
+Requires-Dist: jinja2>=3.1.0
+Requires-Dist: tiktoken>=0.5.0
+Requires-Dist: requests>=2.31.0
+Requires-Dist: httpx>=0.25.0
+Requires-Dist: aiohttp>=3.9.0
+Requires-Dist: fastapi>=0.104.0
+Requires-Dist: uvicorn[standard]>=0.24.0
+Requires-Dist: pydantic>=2.5.0
+Requires-Dist: pydantic-settings>=2.0.0
+Requires-Dist: slowapi>=0.1.9
+Requires-Dist: sqlalchemy>=2.0.0
+Requires-Dist: alembic>=1.13.0
+Requires-Dist: textual>=0.44.0
+Requires-Dist: rich>=13.7.0
+Requires-Dist: click>=8.1.0
+Requires-Dist: typer>=0.9.0
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: aiofiles>=23.0.0
+Requires-Dist: structlog>=23.0.0
+Requires-Dist: psutil>=5.9.0
+Provides-Extra: full
+Requires-Dist: sentence-transformers>=2.2.0; extra == "full"
+Requires-Dist: numpy>=1.24.0; extra == "full"
+Requires-Dist: torch>=2.0.0; extra == "full"
+Requires-Dist: playwright>=1.40.0; extra == "full"
+Requires-Dist: mitmproxy>=10.0.0; extra == "full"
+Requires-Dist: docker>=7.0.0; extra == "full"
+Requires-Dist: pexpect>=4.8.0; extra == "full"
+Requires-Dist: paramiko>=3.4.0; extra == "full"
+Requires-Dist: langchain-core>=0.1.0; extra == "full"
+Requires-Dist: scikit-learn>=1.3.0; extra == "full"
+Requires-Dist: scipy>=1.11.0; extra == "full"
+Requires-Dist: pandas>=2.0.0; extra == "full"
+Provides-Extra: dev
+Requires-Dist: pytest>=7.4.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.21.0; extra == "dev"
+Requires-Dist: pytest-cov>=4.1.0; extra == "dev"
+Requires-Dist: pytest-mock>=3.12.0; extra == "dev"
+Requires-Dist: black>=23.0.0; extra == "dev"
+Requires-Dist: ruff>=0.1.0; extra == "dev"
+Requires-Dist: mypy>=1.7.0; extra == "dev"
+Requires-Dist: bandit>=1.7.0; extra == "dev"
+Requires-Dist: pre-commit>=3.5.0; extra == "dev"
+Requires-Dist: safety>=2.3.0; extra == "dev"
+Dynamic: license-file
+
+# AIPTX - AI-Powered Penetration Testing Framework
+
+[![PyPI version](https://badge.fury.io/py/aiptx.svg)](https://badge.fury.io/py/aiptx)
+[![Downloads](https://static.pepy.tech/badge/aiptx)](https://pepy.tech/project/aiptx)
+[![Python 3.9+](https://img.shields.io/badge/python-3.9+-blue.svg)](https://www.python.org/downloads/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
+
+> **AI-Powered Security Assessment & Vulnerability Discovery Platform**
+
+**AIPTX** is an intelligent penetration testing framework that leverages Large Language Models (LLMs) to autonomously conduct security assessments. It orchestrates comprehensive vulnerability discovery through AI-guided decision making, smart prioritization, and automated reporting.
+
+---
+
+## Key Features
+
+### AI Intelligence Layer
+- **LLM-Guided Scanning** — AI decides which techniques to apply based on discovered information
+- **Smart Vulnerability Triage** — Prioritizes findings by real-world exploitability, not just severity scores
+- **Attack Chain Detection** — Identifies how multiple findings combine into critical attack paths
+- **Semantic Tool Selection** — RAG-based matching of objectives to optimal assessment techniques
+
+### Comprehensive Assessment Capabilities
+- **Reconnaissance** — Subdomain discovery, DNS enumeration, technology fingerprinting, historical data analysis
+- **Vulnerability Scanning** — Web application testing, configuration analysis, secret detection, container security
+- **Exploitation Testing** — SQL injection, XSS, command injection, credential testing (opt-in)
+- **Post-Exploitation** — Privilege escalation detection, credential extraction, process monitoring
+
+### Enterprise Integration
+- Native API support for leading commercial security platforms
+- Unified interface for both open-source and enterprise scanning solutions
+- Seamless integration into existing security workflows
+
+### Professional Output
+- **HTML Reports** — Executive-ready vulnerability documentation
+- **JSON Export** — CI/CD pipeline integration
+- **REST API** — Programmatic access for automation
+- **Terminal UI** — Real-time progress monitoring
+
+---
+
+## Installation
+
+```bash
+# Recommended: Install with pipx
+pipx install aiptx
+
+# Or with pip
+pip install aiptx
+
+# Full installation (ML features, browser automation, proxy)
+pip install aiptx[full]
+```
+
+**Requirements:** Python 3.9+
+
+---
+
+## Quick Start
+
+```bash
+# Basic security scan
+aiptx scan example.com
+
+# AI-guided intelligent scanning
+aiptx scan example.com --ai
+
+# Comprehensive assessment (all capabilities)
+aiptx scan example.com --full
+
+# Container security assessment
+aiptx scan example.com --container
+
+# Secret and credential detection
+aiptx scan example.com --secrets
+
+# Check configuration
+aiptx status
+
+# Start REST API server
+aiptx api
+```
+
+---
+
+## How It Works
+
+AIPTX operates on a **Think → Select → Execute → Learn** loop:
+
+```
+┌─────────────────────────────────────────────────────────────────┐
+│                         AIPTX Framework                         │
+├─────────────────────────────────────────────────────────────────┤
+│                     AI INTELLIGENCE LAYER                       │
+│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐             │
+│  │ LLM Engine  │  │   Scoring   │  │Attack Chain │             │
+│  │ (100+ LLMs) │  │   Engine    │  │  Detection  │             │
+│  └─────────────┘  └─────────────┘  └─────────────┘             │
+├─────────────────────────────────────────────────────────────────┤
+│                    ASSESSMENT PIPELINE                          │
+│  RECON ──────► SCAN ──────► EXPLOIT ──────► POST-EXPLOIT       │
+├─────────────────────────────────────────────────────────────────┤
+│                         OUTPUT                                  │
+│     HTML Reports  │  JSON Export  │  REST API  │  TUI          │
+└─────────────────────────────────────────────────────────────────┘
+```
+
+1. **Think** — AI analyzes target and current findings
+2. **Select** — Chooses appropriate assessment techniques via semantic search
+3. **Execute** — Runs assessments in isolated environments
+4. **Learn** — Extracts findings and determines next steps
+
+---
+
+## LLM Configuration
+
+AIPTX supports **100+ LLM providers** for AI-guided scanning:
+
+```bash
+# Anthropic Claude
+export ANTHROPIC_API_KEY="your-key"
+
+# OpenAI
+export OPENAI_API_KEY="your-key"
+
+# Azure OpenAI
+export AZURE_API_KEY="your-key"
+export AZURE_API_BASE="your-endpoint"
+
+# Local models (for offline/private use)
+export OLLAMA_API_BASE="http://localhost:11434"
+```
+
+---
+
+## Use Cases
+
+| Scenario | Command |
+|----------|---------|
+| **Bug Bounty** | `aiptx scan target.com --ai --full` |
+| **Penetration Testing** | `aiptx scan client.com --full` |
+| **DevSecOps Pipeline** | `aiptx scan app.com --container --secrets --json` |
+| **Red Team Operations** | `aiptx scan target.corp --ai --exploit --full` |
+
+---
+
+## Command Reference
+
+| Command | Description |
+|---------|-------------|
+| `aiptx scan <target>` | Run security assessment |
+| `aiptx scan <target> --ai` | Enable AI-guided scanning |
+| `aiptx scan <target> --full` | Comprehensive assessment |
+| `aiptx scan <target> --quick` | Fast essential checks only |
+| `aiptx scan <target> --exploit` | Enable exploitation testing |
+| `aiptx scan <target> --container` | Container security scanning |
+| `aiptx scan <target> --secrets` | Credential/secret detection |
+| `aiptx status` | Check configuration |
+| `aiptx version` | Show version |
+| `aiptx api` | Start REST API server |
+
+---
+
+## Why AIPTX?
+
+| Capability | AIPTX | Traditional Approach |
+|------------|-------|---------------------|
+| AI-Guided Decisions | ✅ | ❌ Manual |
+| Unified Interface | ✅ | ❌ Multiple tools |
+| Attack Chain Analysis | ✅ | ❌ Manual correlation |
+| Smart Prioritization | ✅ | ❌ CVSS only |
+| Professional Reports | ✅ | ❌ Manual documentation |
+| Single Command | ✅ | ❌ Complex scripts |
+
+---
+
+## Requirements
+
+- **Python**: 3.9 or higher
+- **OS**: Linux, macOS, Windows (WSL recommended)
+- **Optional**: Docker for isolated execution
+
+---
+
+## License
+
+MIT License — Free for commercial and personal use.
+
+---
+
+## Author
+
+**Satyam Rastogi** — Security Researcher & Developer
+
+---
+
+## Links
+
+- [PyPI Package](https://pypi.org/project/aiptx/)
+- [GitHub Repository](https://github.com/satyamrastogi/aiptx)
+- [Changelog](https://github.com/satyamrastogi/aiptx/blob/main/CHANGELOG.md)
+
+---
+
+<p align="center">
+  <b>Intelligent Security Assessment, Simplified.</b>
+</p>