aiptx 2.0.7__py3-none-any.whl

aipt_v2/models/__init__.py

@@ -0,0 +1,15 @@
+"""AIPT Data Models"""
+
+from .findings import Finding, Severity, VulnerabilityType
+from .scan_config import ScanConfig, ScanMode
+from .phase_result import PhaseResult, Phase
+
+__all__ = [
+    "Finding",
+    "Severity",
+    "VulnerabilityType",
+    "ScanConfig",
+    "ScanMode",
+    "PhaseResult",
+    "Phase",
+]

aipt_v2/models/findings.py

@@ -0,0 +1,295 @@
+"""
+AIPT Finding Model - Unified vulnerability representation
+
+This model represents vulnerabilities discovered by ANY tool in the pipeline:
+- Traditional scanners (Acunetix, Burp, Nuclei, ZAP)
+- AI-autonomous agents (Strix)
+- Manual exploitation attempts
+"""
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from datetime import datetime
+from enum import Enum
+from typing import Any
+import hashlib
+import json
+
+
+class Severity(Enum):
+    """CVSS-aligned severity levels"""
+    CRITICAL = "critical"  # CVSS 9.0-10.0
+    HIGH = "high"          # CVSS 7.0-8.9
+    MEDIUM = "medium"      # CVSS 4.0-6.9
+    LOW = "low"            # CVSS 0.1-3.9
+    INFO = "info"          # CVSS 0.0 / Informational
+
+    @classmethod
+    def from_cvss(cls, score: float) -> "Severity":
+        """Convert CVSS score to severity level"""
+        if score >= 9.0:
+            return cls.CRITICAL
+        elif score >= 7.0:
+            return cls.HIGH
+        elif score >= 4.0:
+            return cls.MEDIUM
+        elif score > 0:
+            return cls.LOW
+        return cls.INFO
+
+    def __lt__(self, other: "Severity") -> bool:
+        order = [self.INFO, self.LOW, self.MEDIUM, self.HIGH, self.CRITICAL]
+        return order.index(self) < order.index(other)
+
+
+class VulnerabilityType(Enum):
+    """OWASP Top 10 aligned vulnerability categories"""
+    # A01:2021 - Broken Access Control
+    IDOR = "idor"
+    BROKEN_ACCESS_CONTROL = "broken_access_control"
+    PRIVILEGE_ESCALATION = "privilege_escalation"
+
+    # A02:2021 - Cryptographic Failures
+    WEAK_CRYPTO = "weak_crypto"
+    SENSITIVE_DATA_EXPOSURE = "sensitive_data_exposure"
+
+    # A03:2021 - Injection
+    SQL_INJECTION = "sql_injection"
+    COMMAND_INJECTION = "command_injection"
+    LDAP_INJECTION = "ldap_injection"
+    XPATH_INJECTION = "xpath_injection"
+    NOSQL_INJECTION = "nosql_injection"
+
+    # A04:2021 - Insecure Design
+    BUSINESS_LOGIC_FLAW = "business_logic_flaw"
+
+    # A05:2021 - Security Misconfiguration
+    MISCONFIGURATION = "misconfiguration"
+    DEFAULT_CREDENTIALS = "default_credentials"
+    DIRECTORY_LISTING = "directory_listing"
+
+    # A06:2021 - Vulnerable Components
+    OUTDATED_COMPONENT = "outdated_component"
+    KNOWN_CVE = "known_cve"
+
+    # A07:2021 - Authentication Failures
+    AUTH_BYPASS = "auth_bypass"
+    WEAK_PASSWORD = "weak_password"
+    SESSION_FIXATION = "session_fixation"
+
+    # A08:2021 - Software Integrity Failures
+    INSECURE_DESERIALIZATION = "insecure_deserialization"
+
+    # A09:2021 - Logging & Monitoring Failures
+    INSUFFICIENT_LOGGING = "insufficient_logging"
+
+    # A10:2021 - SSRF
+    SSRF = "ssrf"
+
+    # Cross-Site Scripting (separate category)
+    XSS_REFLECTED = "xss_reflected"
+    XSS_STORED = "xss_stored"
+    XSS_DOM = "xss_dom"
+
+    # Other
+    OPEN_REDIRECT = "open_redirect"
+    FILE_INCLUSION = "file_inclusion"
+    FILE_UPLOAD = "file_upload"
+    XXE = "xxe"
+    CORS_MISCONFIGURATION = "cors_misconfiguration"
+    CSRF = "csrf"
+    INFORMATION_DISCLOSURE = "information_disclosure"
+    RCE = "rce"
+
+    # Catch-all
+    OTHER = "other"
+
+
+@dataclass
+class Finding:
+    """
+    Unified vulnerability finding from any source
+
+    This is the core data structure that normalizes findings from:
+    - Acunetix (JSON API responses)
+    - Burp Suite (XML/JSON exports)
+    - Nuclei (JSON output)
+    - ZAP (JSON API responses)
+    - Strix (AI agent reports)
+    """
+
+    # Core identification
+    title: str
+    severity: Severity
+    vuln_type: VulnerabilityType
+
+    # Location
+    url: str
+    parameter: str | None = None
+    method: str = "GET"
+
+    # Evidence
+    description: str = ""
+    evidence: str = ""
+    request: str | None = None
+    response: str | None = None
+
+    # Source tracking
+    source: str = "unknown"  # acunetix, burp, nuclei, zap, aipt, manual
+    source_id: str | None = None  # Original ID from source scanner
+
+    # Validation
+    confirmed: bool = False
+    exploited: bool = False
+    poc_command: str | None = None
+
+    # Metadata
+    cvss_score: float | None = None
+    cwe_id: str | None = None
+    cve_ids: list[str] = field(default_factory=list)
+    references: list[str] = field(default_factory=list)
+
+    # Remediation
+    remediation: str = ""
+
+    # Timestamps
+    discovered_at: datetime = field(default_factory=datetime.utcnow)
+
+    # AI-specific fields (for Strix findings)
+    ai_reasoning: str | None = None
+    ai_confidence: float | None = None  # 0.0 to 1.0
+
+    def __post_init__(self):
+        """Generate unique fingerprint for deduplication"""
+        self._fingerprint = self._generate_fingerprint()
+
+    def _generate_fingerprint(self) -> str:
+        """
+        Generate a unique fingerprint for finding deduplication.
+
+        Two findings are considered duplicates if they have the same:
+        - URL (normalized)
+        - Parameter
+        - Vulnerability type
+        """
+        normalized_url = self.url.rstrip("/").lower()
+        data = f"{normalized_url}:{self.parameter}:{self.vuln_type.value}"
+        return hashlib.sha256(data.encode()).hexdigest()[:16]
+
+    @property
+    def fingerprint(self) -> str:
+        return self._fingerprint
+
+    def is_duplicate_of(self, other: "Finding") -> bool:
+        """Check if this finding is a duplicate of another"""
+        return self.fingerprint == other.fingerprint
+
+    def merge_with(self, other: "Finding") -> "Finding":
+        """
+        Merge two duplicate findings, keeping the best evidence from both.
+        Prefers confirmed/exploited findings, higher confidence, more details.
+        """
+        # Prefer the confirmed/exploited finding
+        if other.confirmed and not self.confirmed:
+            base, supplement = other, self
+        elif other.exploited and not self.exploited:
+            base, supplement = other, self
+        else:
+            base, supplement = self, other
+
+        # Merge evidence
+        merged_evidence = base.evidence
+        if supplement.evidence and supplement.evidence not in merged_evidence:
+            merged_evidence = f"{merged_evidence}\n\n--- Additional Evidence ---\n{supplement.evidence}"
+
+        # Merge sources
+        sources = set([base.source, supplement.source])
+        merged_source = ", ".join(sorted(sources))
+
+        # Take highest confidence
+        confidence = max(
+            base.ai_confidence or 0,
+            supplement.ai_confidence or 0
+        ) or None
+
+        return Finding(
+            title=base.title,
+            severity=max(base.severity, other.severity),  # Take highest severity
+            vuln_type=base.vuln_type,
+            url=base.url,
+            parameter=base.parameter,
+            method=base.method,
+            description=base.description or supplement.description,
+            evidence=merged_evidence,
+            request=base.request or supplement.request,
+            response=base.response or supplement.response,
+            source=merged_source,
+            confirmed=base.confirmed or supplement.confirmed,
+            exploited=base.exploited or supplement.exploited,
+            poc_command=base.poc_command or supplement.poc_command,
+            cvss_score=base.cvss_score or supplement.cvss_score,
+            cwe_id=base.cwe_id or supplement.cwe_id,
+            cve_ids=list(set(base.cve_ids + supplement.cve_ids)),
+            references=list(set(base.references + supplement.references)),
+            remediation=base.remediation or supplement.remediation,
+            ai_reasoning=base.ai_reasoning or supplement.ai_reasoning,
+            ai_confidence=confidence,
+        )
+
+    def to_dict(self) -> dict[str, Any]:
+        """Convert to dictionary for JSON serialization"""
+        return {
+            "fingerprint": self.fingerprint,
+            "title": self.title,
+            "severity": self.severity.value,
+            "vuln_type": self.vuln_type.value,
+            "url": self.url,
+            "parameter": self.parameter,
+            "method": self.method,
+            "description": self.description,
+            "evidence": self.evidence,
+            "request": self.request,
+            "response": self.response,
+            "source": self.source,
+            "source_id": self.source_id,
+            "confirmed": self.confirmed,
+            "exploited": self.exploited,
+            "poc_command": self.poc_command,
+            "cvss_score": self.cvss_score,
+            "cwe_id": self.cwe_id,
+            "cve_ids": self.cve_ids,
+            "references": self.references,
+            "remediation": self.remediation,
+            "discovered_at": self.discovered_at.isoformat(),
+            "ai_reasoning": self.ai_reasoning,
+            "ai_confidence": self.ai_confidence,
+        }
+
+    @classmethod
+    def from_dict(cls, data: dict[str, Any]) -> "Finding":
+        """Create Finding from dictionary"""
+        return cls(
+            title=data["title"],
+            severity=Severity(data["severity"]),
+            vuln_type=VulnerabilityType(data.get("vuln_type", "other")),
+            url=data["url"],
+            parameter=data.get("parameter"),
+            method=data.get("method", "GET"),
+            description=data.get("description", ""),
+            evidence=data.get("evidence", ""),
+            request=data.get("request"),
+            response=data.get("response"),
+            source=data.get("source", "unknown"),
+            source_id=data.get("source_id"),
+            confirmed=data.get("confirmed", False),
+            exploited=data.get("exploited", False),
+            poc_command=data.get("poc_command"),
+            cvss_score=data.get("cvss_score"),
+            cwe_id=data.get("cwe_id"),
+            cve_ids=data.get("cve_ids", []),
+            references=data.get("references", []),
+            remediation=data.get("remediation", ""),
+            discovered_at=datetime.fromisoformat(data["discovered_at"]) if "discovered_at" in data else datetime.utcnow(),
+            ai_reasoning=data.get("ai_reasoning"),
+            ai_confidence=data.get("ai_confidence"),
+        )

aipt_v2/models/phase_result.py

@@ -0,0 +1,224 @@
+"""
+AIPT Phase Result Model
+
+Tracks results and status for each phase of the scanning pipeline.
+"""
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from datetime import datetime
+from enum import Enum
+from typing import Any
+
+from .findings import Finding
+
+
+class Phase(Enum):
+    """
+    AIPT Pipeline Phases
+
+    The pipeline executes in order:
+    1. RECON - Asset discovery and reconnaissance
+    2. SCAN - Traditional vulnerability scanning (Acunetix, Burp, Nuclei, ZAP)
+    3. AI_PENTEST - AI-autonomous penetration testing (Strix)
+    4. EXPLOIT - Exploitation and validation of findings
+    5. REPORT - Report generation and delivery
+    """
+    RECON = "recon"
+    SCAN = "scan"
+    AI_PENTEST = "ai_pentest"  # NEW: Strix integration
+    EXPLOIT = "exploit"
+    REPORT = "report"
+
+
+class PhaseStatus(Enum):
+    """Status of a pipeline phase"""
+    PENDING = "pending"
+    RUNNING = "running"
+    COMPLETED = "completed"
+    FAILED = "failed"
+    SKIPPED = "skipped"
+    TIMEOUT = "timeout"
+
+
+@dataclass
+class PhaseResult:
+    """
+    Result of a single pipeline phase
+
+    Contains all findings, errors, and metadata from phase execution.
+    """
+
+    phase: Phase
+    status: PhaseStatus = PhaseStatus.PENDING
+
+    # Findings discovered in this phase
+    findings: list[Finding] = field(default_factory=list)
+
+    # Timing
+    started_at: datetime | None = None
+    completed_at: datetime | None = None
+
+    # Error tracking
+    errors: list[str] = field(default_factory=list)
+    warnings: list[str] = field(default_factory=list)
+
+    # Phase-specific data
+    metadata: dict[str, Any] = field(default_factory=dict)
+
+    # Scanner results (for SCAN phase)
+    scanner_results: dict[str, Any] = field(default_factory=dict)
+
+    # AI agent traces (for AI_PENTEST phase)
+    agent_traces: list[dict[str, Any]] = field(default_factory=list)
+
+    def start(self) -> None:
+        """Mark phase as started"""
+        self.status = PhaseStatus.RUNNING
+        self.started_at = datetime.utcnow()
+
+    def complete(self) -> None:
+        """Mark phase as completed"""
+        self.status = PhaseStatus.COMPLETED
+        self.completed_at = datetime.utcnow()
+
+    def fail(self, error: str) -> None:
+        """Mark phase as failed"""
+        self.status = PhaseStatus.FAILED
+        self.completed_at = datetime.utcnow()
+        self.errors.append(error)
+
+    def skip(self, reason: str) -> None:
+        """Mark phase as skipped"""
+        self.status = PhaseStatus.SKIPPED
+        self.completed_at = datetime.utcnow()
+        self.metadata["skip_reason"] = reason
+
+    def add_finding(self, finding: Finding) -> None:
+        """Add a finding to this phase"""
+        self.findings.append(finding)
+
+    def add_findings(self, findings: list[Finding]) -> None:
+        """Add multiple findings"""
+        self.findings.extend(findings)
+
+    @property
+    def duration_seconds(self) -> float | None:
+        """Get phase duration in seconds"""
+        if self.started_at and self.completed_at:
+            return (self.completed_at - self.started_at).total_seconds()
+        return None
+
+    @property
+    def finding_counts(self) -> dict[str, int]:
+        """Get finding counts by severity"""
+        from .findings import Severity
+        counts = {s.value: 0 for s in Severity}
+        for finding in self.findings:
+            counts[finding.severity.value] += 1
+        return counts
+
+    def to_dict(self) -> dict[str, Any]:
+        """Convert to dictionary for JSON serialization"""
+        return {
+            "phase": self.phase.value,
+            "status": self.status.value,
+            "findings": [f.to_dict() for f in self.findings],
+            "finding_counts": self.finding_counts,
+            "started_at": self.started_at.isoformat() if self.started_at else None,
+            "completed_at": self.completed_at.isoformat() if self.completed_at else None,
+            "duration_seconds": self.duration_seconds,
+            "errors": self.errors,
+            "warnings": self.warnings,
+            "metadata": self.metadata,
+        }
+
+
+@dataclass
+class PipelineResult:
+    """
+    Complete result of an AIPT scan pipeline
+
+    Aggregates results from all phases with deduplication.
+    """
+
+    scan_id: str
+    target: str
+    started_at: datetime = field(default_factory=datetime.utcnow)
+    completed_at: datetime | None = None
+
+    # Phase results
+    phases: dict[Phase, PhaseResult] = field(default_factory=dict)
+
+    # Aggregated and deduplicated findings
+    _all_findings: list[Finding] = field(default_factory=list)
+
+    def add_phase_result(self, result: PhaseResult) -> None:
+        """Add a phase result and merge findings"""
+        self.phases[result.phase] = result
+
+    def get_all_findings(self, deduplicate: bool = True) -> list[Finding]:
+        """
+        Get all findings across all phases.
+
+        If deduplicate=True, merges duplicate findings from different sources.
+        """
+        all_findings: list[Finding] = []
+        for phase_result in self.phases.values():
+            all_findings.extend(phase_result.findings)
+
+        if not deduplicate:
+            return all_findings
+
+        # Deduplicate by fingerprint
+        unique_findings: dict[str, Finding] = {}
+        for finding in all_findings:
+            if finding.fingerprint in unique_findings:
+                # Merge with existing finding
+                existing = unique_findings[finding.fingerprint]
+                unique_findings[finding.fingerprint] = existing.merge_with(finding)
+            else:
+                unique_findings[finding.fingerprint] = finding
+
+        return list(unique_findings.values())
+
+    def get_findings_by_severity(self) -> dict[str, list[Finding]]:
+        """Group findings by severity"""
+        from .findings import Severity
+        grouped = {s.value: [] for s in Severity}
+        for finding in self.get_all_findings():
+            grouped[finding.severity.value].append(finding)
+        return grouped
+
+    def get_summary(self) -> dict[str, Any]:
+        """Get executive summary of the scan"""
+        findings = self.get_all_findings()
+        from .findings import Severity
+
+        return {
+            "scan_id": self.scan_id,
+            "target": self.target,
+            "total_findings": len(findings),
+            "critical": len([f for f in findings if f.severity == Severity.CRITICAL]),
+            "high": len([f for f in findings if f.severity == Severity.HIGH]),
+            "medium": len([f for f in findings if f.severity == Severity.MEDIUM]),
+            "low": len([f for f in findings if f.severity == Severity.LOW]),
+            "info": len([f for f in findings if f.severity == Severity.INFO]),
+            "confirmed_findings": len([f for f in findings if f.confirmed]),
+            "exploited_findings": len([f for f in findings if f.exploited]),
+            "ai_findings": len([f for f in findings if f.source == "aipt"]),
+            "phases_completed": len([p for p in self.phases.values() if p.status == PhaseStatus.COMPLETED]),
+            "phases_failed": len([p for p in self.phases.values() if p.status == PhaseStatus.FAILED]),
+        }
+
+    def to_dict(self) -> dict[str, Any]:
+        """Convert to dictionary for JSON serialization"""
+        return {
+            "scan_id": self.scan_id,
+            "target": self.target,
+            "started_at": self.started_at.isoformat(),
+            "completed_at": self.completed_at.isoformat() if self.completed_at else None,
+            "summary": self.get_summary(),
+            "phases": {p.value: r.to_dict() for p, r in self.phases.items()},
+            "all_findings": [f.to_dict() for f in self.get_all_findings()],
+        }