aiptx 2.0.7__py3-none-any.whl

aipt_v2/scanners/__init__.py

@@ -0,0 +1,28 @@
+"""
+AIPT Scanners Module
+
+Integrations with popular security scanning tools:
+- Nuclei - Template-based vulnerability scanner
+- Nmap - Network scanner
+- Nikto - Web server scanner
+- SQLMap - SQL injection scanner
+- Dirb/Gobuster - Directory enumeration
+"""
+
+from .base import BaseScanner, ScanResult
+from .nuclei import NucleiScanner, NucleiConfig
+from .nmap import NmapScanner, NmapConfig
+from .nikto import NiktoScanner
+from .web import WebScanner, WebScanConfig
+
+__all__ = [
+    "BaseScanner",
+    "ScanResult",
+    "NucleiScanner",
+    "NucleiConfig",
+    "NmapScanner",
+    "NmapConfig",
+    "NiktoScanner",
+    "WebScanner",
+    "WebScanConfig",
+]

aipt_v2/scanners/base.py

@@ -0,0 +1,273 @@
+"""
+AIPT Base Scanner
+
+Abstract base class for all scanner integrations.
+"""
+from __future__ import annotations
+
+import asyncio
+import logging
+import shutil
+from abc import ABC, abstractmethod
+from dataclasses import dataclass, field
+from datetime import datetime
+from enum import Enum
+from typing import Any, AsyncIterator, Optional
+
+logger = logging.getLogger(__name__)
+
+
+class ScanSeverity(Enum):
+    """Vulnerability severity levels"""
+    INFO = "info"
+    LOW = "low"
+    MEDIUM = "medium"
+    HIGH = "high"
+    CRITICAL = "critical"
+
+
+@dataclass
+class ScanFinding:
+    """Individual scan finding"""
+    title: str
+    severity: ScanSeverity
+    description: str = ""
+    url: str = ""
+    host: str = ""
+    port: int = 0
+
+    # Details
+    evidence: str = ""
+    request: str = ""
+    response: str = ""
+
+    # Classification
+    cve: Optional[str] = None
+    cwe: Optional[str] = None
+    cvss: Optional[float] = None
+
+    # Scanner metadata
+    scanner: str = ""
+    template: str = ""
+    tags: list[str] = field(default_factory=list)
+
+    # Timestamps
+    found_at: datetime = field(default_factory=datetime.utcnow)
+
+    def to_dict(self) -> dict:
+        return {
+            "title": self.title,
+            "severity": self.severity.value,
+            "description": self.description,
+            "url": self.url,
+            "host": self.host,
+            "port": self.port,
+            "evidence": self.evidence[:500] if self.evidence else "",
+            "cve": self.cve,
+            "cwe": self.cwe,
+            "cvss": self.cvss,
+            "scanner": self.scanner,
+            "template": self.template,
+            "tags": self.tags,
+            "found_at": self.found_at.isoformat(),
+        }
+
+
+@dataclass
+class ScanResult:
+    """Complete scan result"""
+    scanner: str
+    target: str
+    status: str = "pending"  # pending, running, completed, failed
+    findings: list[ScanFinding] = field(default_factory=list)
+
+    # Timing
+    start_time: Optional[datetime] = None
+    end_time: Optional[datetime] = None
+    duration_seconds: float = 0.0
+
+    # Statistics
+    requests_made: int = 0
+    errors: list[str] = field(default_factory=list)
+
+    # Raw output
+    raw_output: str = ""
+
+    def add_finding(self, finding: ScanFinding) -> None:
+        """Add a finding"""
+        finding.scanner = self.scanner
+        self.findings.append(finding)
+
+    def get_findings_by_severity(self, severity: ScanSeverity) -> list[ScanFinding]:
+        """Get findings of a specific severity"""
+        return [f for f in self.findings if f.severity == severity]
+
+    def get_critical_and_high(self) -> list[ScanFinding]:
+        """Get critical and high severity findings"""
+        return [
+            f for f in self.findings
+            if f.severity in [ScanSeverity.CRITICAL, ScanSeverity.HIGH]
+        ]
+
+    def severity_counts(self) -> dict[str, int]:
+        """Get count by severity"""
+        counts = {s.value: 0 for s in ScanSeverity}
+        for finding in self.findings:
+            counts[finding.severity.value] += 1
+        return counts
+
+    def to_dict(self) -> dict:
+        return {
+            "scanner": self.scanner,
+            "target": self.target,
+            "status": self.status,
+            "findings_count": len(self.findings),
+            "severity_counts": self.severity_counts(),
+            "duration_seconds": self.duration_seconds,
+            "requests_made": self.requests_made,
+            "errors": self.errors,
+            "start_time": self.start_time.isoformat() if self.start_time else None,
+            "end_time": self.end_time.isoformat() if self.end_time else None,
+        }
+
+
+class BaseScanner(ABC):
+    """
+    Abstract base class for scanner integrations.
+
+    Subclasses must implement:
+    - scan(): Perform the scan
+    - is_available(): Check if scanner is installed
+    - parse_output(): Parse scanner output
+
+    Example:
+        class MyScanner(BaseScanner):
+            async def scan(self, target):
+                result = ScanResult(scanner="my_scanner", target=target)
+                # Run scan...
+                return result
+    """
+
+    def __init__(self):
+        self._running = False
+        self._process: Optional[asyncio.subprocess.Process] = None
+
+    @abstractmethod
+    async def scan(self, target: str, **kwargs) -> ScanResult:
+        """Perform scan on target"""
+        pass
+
+    @abstractmethod
+    def is_available(self) -> bool:
+        """Check if scanner is available/installed"""
+        pass
+
+    @abstractmethod
+    def parse_output(self, output: str) -> list[ScanFinding]:
+        """Parse scanner output into findings"""
+        pass
+
+    async def stream_scan(self, target: str, **kwargs) -> AsyncIterator[str]:
+        """Stream scan output (if supported)"""
+        yield "Streaming not implemented for this scanner"
+
+    async def stop(self) -> bool:
+        """Stop running scan"""
+        if self._process:
+            try:
+                self._process.terminate()
+                await asyncio.wait_for(self._process.wait(), timeout=5.0)
+                return True
+            except asyncio.TimeoutError:
+                self._process.kill()
+                return True
+            except Exception:
+                return False
+        return True
+
+    def _check_tool(self, tool_name: str) -> bool:
+        """Check if a tool is available in PATH"""
+        return shutil.which(tool_name) is not None
+
+    async def _run_command(
+        self,
+        command: list[str],
+        timeout: float = 300.0,
+    ) -> tuple[int, str, str]:
+        """
+        Run a command and return exit code, stdout, stderr.
+
+        Args:
+            command: Command and arguments
+            timeout: Timeout in seconds
+
+        Returns:
+            Tuple of (exit_code, stdout, stderr)
+        """
+        try:
+            self._running = True
+            self._process = await asyncio.create_subprocess_exec(
+                *command,
+                stdout=asyncio.subprocess.PIPE,
+                stderr=asyncio.subprocess.PIPE,
+            )
+
+            try:
+                stdout, stderr = await asyncio.wait_for(
+                    self._process.communicate(),
+                    timeout=timeout,
+                )
+                return (
+                    self._process.returncode or 0,
+                    stdout.decode("utf-8", errors="replace"),
+                    stderr.decode("utf-8", errors="replace"),
+                )
+            except asyncio.TimeoutError:
+                self._process.kill()
+                await self._process.wait()
+                return -1, "", "Command timed out"
+
+        except FileNotFoundError:
+            return -1, "", f"Command not found: {command[0]}"
+        except Exception as e:
+            return -1, "", str(e)
+        finally:
+            self._running = False
+            self._process = None
+
+    async def _stream_command(
+        self,
+        command: list[str],
+        timeout: float = 300.0,
+    ) -> AsyncIterator[str]:
+        """Stream command output line by line"""
+        try:
+            self._running = True
+            self._process = await asyncio.create_subprocess_exec(
+                *command,
+                stdout=asyncio.subprocess.PIPE,
+                stderr=asyncio.subprocess.STDOUT,
+            )
+
+            start_time = asyncio.get_event_loop().time()
+
+            async for line in self._process.stdout:
+                # Check timeout
+                if asyncio.get_event_loop().time() - start_time > timeout:
+                    self._process.kill()
+                    yield "[TIMEOUT]"
+                    break
+
+                yield line.decode("utf-8", errors="replace").rstrip()
+
+            await self._process.wait()
+
+        except Exception as e:
+            yield f"[ERROR] {str(e)}"
+        finally:
+            self._running = False
+            self._process = None
+
+    @property
+    def is_running(self) -> bool:
+        return self._running

aipt_v2/scanners/nikto.py

@@ -0,0 +1,244 @@
+"""
+AIPT Nikto Scanner Integration
+
+Web server vulnerability scanning using Nikto.
+"""
+from __future__ import annotations
+
+import logging
+import re
+from dataclasses import dataclass, field
+from datetime import datetime
+from typing import Optional
+
+from .base import BaseScanner, ScanFinding, ScanResult, ScanSeverity
+
+logger = logging.getLogger(__name__)
+
+
+class NiktoScanner(BaseScanner):
+    """
+    Nikto web server scanner integration.
+
+    Nikto scans for:
+    - Dangerous files/programs
+    - Outdated server versions
+    - Version-specific vulnerabilities
+    - Server configuration issues
+    - Default files
+
+    Example:
+        scanner = NiktoScanner()
+        result = await scanner.scan("https://target.com")
+
+        for finding in result.findings:
+            print(f"{finding.severity}: {finding.title}")
+    """
+
+    def __init__(
+        self,
+        timeout: int = 10,
+        tuning: str = "",  # Scan tuning: 1-9,a,b,c,x
+        plugins: list[str] = None,
+        no_ssl: bool = False,
+    ):
+        super().__init__()
+        self.timeout = timeout
+        self.tuning = tuning
+        self.plugins = plugins or []
+        self.no_ssl = no_ssl
+
+    def is_available(self) -> bool:
+        """Check if Nikto is installed"""
+        return self._check_tool("nikto")
+
+    async def scan(self, target: str, **kwargs) -> ScanResult:
+        """
+        Run Nikto scan on target.
+
+        Args:
+            target: URL to scan
+            **kwargs: Additional options
+
+        Returns:
+            ScanResult with findings
+        """
+        result = ScanResult(scanner="nikto", target=target)
+        result.start_time = datetime.utcnow()
+        result.status = "running"
+
+        if not self.is_available():
+            result.status = "failed"
+            result.errors.append("Nikto is not installed")
+            return result
+
+        # Build command
+        command = self._build_command(target, **kwargs)
+        logger.info(f"Running Nikto: {' '.join(command)}")
+
+        # Execute
+        exit_code, stdout, stderr = await self._run_command(
+            command,
+            timeout=kwargs.get("timeout", 1200.0),  # 20 min default
+        )
+
+        result.end_time = datetime.utcnow()
+        result.duration_seconds = (result.end_time - result.start_time).total_seconds()
+        result.raw_output = stdout
+
+        if exit_code != 0 and "0 error(s)" not in stdout:
+            if "OSVDB" in stdout or "vulnerability" in stdout.lower():
+                # Nikto found something, not a failure
+                result.status = "completed"
+            else:
+                result.status = "failed"
+                result.errors.append(stderr)
+        else:
+            result.status = "completed"
+
+        # Parse output
+        result.findings = self.parse_output(stdout)
+
+        logger.info(
+            f"Nikto scan complete: {len(result.findings)} findings in {result.duration_seconds:.1f}s"
+        )
+
+        return result
+
+    def parse_output(self, output: str) -> list[ScanFinding]:
+        """Parse Nikto output"""
+        findings = []
+
+        # Pattern for Nikto findings
+        # Format: + OSVDB-XXXX: /path: Description
+        # Or: + /path: Description
+        finding_pattern = r"\+ (?:OSVDB-(\d+): )?([^:]+): (.+)"
+
+        for line in output.split("\n"):
+            line = line.strip()
+            if not line.startswith("+"):
+                continue
+
+            match = re.match(finding_pattern, line)
+            if match:
+                osvdb, path, description = match.groups()
+
+                # Determine severity
+                severity = self._determine_severity(description, path)
+
+                finding = ScanFinding(
+                    title=self._clean_title(description),
+                    severity=severity,
+                    description=description,
+                    url=path,
+                    scanner="nikto",
+                )
+
+                if osvdb:
+                    finding.template = f"OSVDB-{osvdb}"
+                    finding.evidence = f"OSVDB-{osvdb}"
+
+                findings.append(finding)
+
+        return findings
+
+    def _determine_severity(self, description: str, path: str) -> ScanSeverity:
+        """Determine severity from finding description"""
+        desc_lower = description.lower()
+        path_lower = path.lower()
+
+        # Critical
+        if any(kw in desc_lower for kw in ["rce", "remote code execution", "backdoor", "shell"]):
+            return ScanSeverity.CRITICAL
+
+        # High
+        if any(kw in desc_lower for kw in [
+            "sql injection", "sqli",
+            "command injection",
+            "file inclusion", "lfi", "rfi",
+            "authentication bypass",
+            "default password",
+            "admin access",
+        ]):
+            return ScanSeverity.HIGH
+
+        # Medium
+        if any(kw in desc_lower for kw in [
+            "xss", "cross-site",
+            "information disclosure",
+            "directory listing",
+            "source code",
+            "backup file",
+            "config file",
+            "outdated",
+        ]):
+            return ScanSeverity.MEDIUM
+
+        # Path-based severity
+        if any(p in path_lower for p in [
+            "/admin", "/manager", "/phpmyadmin",
+            ".bak", ".old", ".sql", ".zip",
+            "phpinfo", "test.php",
+        ]):
+            return ScanSeverity.MEDIUM
+
+        # Low
+        if any(kw in desc_lower for kw in [
+            "cookie", "header",
+            "version", "banner",
+            "allowed method",
+        ]):
+            return ScanSeverity.LOW
+
+        return ScanSeverity.INFO
+
+    def _clean_title(self, description: str) -> str:
+        """Create clean title from description"""
+        # Truncate long descriptions
+        if len(description) > 100:
+            return description[:97] + "..."
+        return description
+
+    def _build_command(self, target: str, **kwargs) -> list[str]:
+        """Build Nikto command"""
+        command = ["nikto", "-h", target]
+
+        # Timeout
+        command.extend(["-timeout", str(self.timeout)])
+
+        # Output format
+        command.extend(["-Format", "txt"])
+
+        # Tuning
+        if self.tuning:
+            command.extend(["-Tuning", self.tuning])
+
+        # Plugins
+        if self.plugins:
+            command.extend(["-Plugins", ",".join(self.plugins)])
+
+        # SSL
+        if self.no_ssl:
+            command.append("-nossl")
+
+        # Disable interactive mode
+        command.append("-ask")
+        command.append("no")
+
+        return command
+
+
+# Convenience functions
+async def quick_nikto_scan(target: str) -> ScanResult:
+    """Quick Nikto scan"""
+    scanner = NiktoScanner(timeout=5)
+    return await scanner.scan(target, timeout=300.0)
+
+
+async def full_nikto_scan(target: str) -> ScanResult:
+    """Comprehensive Nikto scan"""
+    scanner = NiktoScanner(
+        timeout=15,
+        tuning="123456789abc",  # All checks
+    )
+    return await scanner.scan(target, timeout=3600.0)