argus-panoptes 1.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (95) hide show
  1. argus_panoptes-1.1.0/LICENSE +21 -0
  2. argus_panoptes-1.1.0/PKG-INFO +495 -0
  3. argus_panoptes-1.1.0/README.md +447 -0
  4. argus_panoptes-1.1.0/argus/__init__.py +18 -0
  5. argus_panoptes-1.1.0/argus/agents/__init__.py +9 -0
  6. argus_panoptes-1.1.0/argus/agents/authbreaker.py +198 -0
  7. argus_panoptes-1.1.0/argus/agents/authztester.py +159 -0
  8. argus_panoptes-1.1.0/argus/agents/base.py +219 -0
  9. argus_panoptes-1.1.0/argus/agents/businesslogic.py +175 -0
  10. argus_panoptes-1.1.0/argus/agents/crawlerbot.py +135 -0
  11. argus_panoptes-1.1.0/argus/agents/csrfhunter.py +90 -0
  12. argus_panoptes-1.1.0/argus/agents/domxss.py +121 -0
  13. argus_panoptes-1.1.0/argus/agents/fileattacker.py +112 -0
  14. argus_panoptes-1.1.0/argus/agents/fuzzer.py +111 -0
  15. argus_panoptes-1.1.0/argus/agents/graphqlagent.py +70 -0
  16. argus_panoptes-1.1.0/argus/agents/headerpoker.py +90 -0
  17. argus_panoptes-1.1.0/argus/agents/idorhunter.py +143 -0
  18. argus_panoptes-1.1.0/argus/agents/injector.py +183 -0
  19. argus_panoptes-1.1.0/argus/agents/mcpsecurity.py +266 -0
  20. argus_panoptes-1.1.0/argus/agents/promptinjection.py +130 -0
  21. argus_panoptes-1.1.0/argus/agents/racecondition.py +88 -0
  22. argus_panoptes-1.1.0/argus/agents/reconbot.py +284 -0
  23. argus_panoptes-1.1.0/argus/agents/ssrfprober.py +131 -0
  24. argus_panoptes-1.1.0/argus/agents/websocketagent.py +91 -0
  25. argus_panoptes-1.1.0/argus/agents/xsshunter.py +93 -0
  26. argus_panoptes-1.1.0/argus/apispec.py +275 -0
  27. argus_panoptes-1.1.0/argus/auth.py +279 -0
  28. argus_panoptes-1.1.0/argus/baseline.py +59 -0
  29. argus_panoptes-1.1.0/argus/benchmark.py +383 -0
  30. argus_panoptes-1.1.0/argus/chains.py +136 -0
  31. argus_panoptes-1.1.0/argus/cli/__init__.py +1 -0
  32. argus_panoptes-1.1.0/argus/cli/main.py +403 -0
  33. argus_panoptes-1.1.0/argus/cli/output.py +180 -0
  34. argus_panoptes-1.1.0/argus/commands/__init__.py +1 -0
  35. argus_panoptes-1.1.0/argus/commands/compare_cmd.py +86 -0
  36. argus_panoptes-1.1.0/argus/commands/config_cmd.py +66 -0
  37. argus_panoptes-1.1.0/argus/commands/demo_cmd.py +56 -0
  38. argus_panoptes-1.1.0/argus/commands/history_cmd.py +44 -0
  39. argus_panoptes-1.1.0/argus/commands/setup_cmd.py +72 -0
  40. argus_panoptes-1.1.0/argus/commands/status_cmd.py +77 -0
  41. argus_panoptes-1.1.0/argus/commands/suppress_cmd.py +82 -0
  42. argus_panoptes-1.1.0/argus/commands/surface_cmd.py +51 -0
  43. argus_panoptes-1.1.0/argus/compare.py +46 -0
  44. argus_panoptes-1.1.0/argus/compliance.py +80 -0
  45. argus_panoptes-1.1.0/argus/config/__init__.py +5 -0
  46. argus_panoptes-1.1.0/argus/config/defaults.py +112 -0
  47. argus_panoptes-1.1.0/argus/config/settings.py +153 -0
  48. argus_panoptes-1.1.0/argus/demo/__init__.py +11 -0
  49. argus_panoptes-1.1.0/argus/demo/target.py +196 -0
  50. argus_panoptes-1.1.0/argus/fix.py +154 -0
  51. argus_panoptes-1.1.0/argus/fixpr.py +156 -0
  52. argus_panoptes-1.1.0/argus/gitutil.py +59 -0
  53. argus_panoptes-1.1.0/argus/llm/__init__.py +1 -0
  54. argus_panoptes-1.1.0/argus/llm/detector.py +97 -0
  55. argus_panoptes-1.1.0/argus/llm/orchestrator.py +188 -0
  56. argus_panoptes-1.1.0/argus/llm/prompts.py +209 -0
  57. argus_panoptes-1.1.0/argus/llm/provider.py +218 -0
  58. argus_panoptes-1.1.0/argus/llm/reasoning.py +263 -0
  59. argus_panoptes-1.1.0/argus/mcp_server.py +153 -0
  60. argus_panoptes-1.1.0/argus/models.py +276 -0
  61. argus_panoptes-1.1.0/argus/notify.py +45 -0
  62. argus_panoptes-1.1.0/argus/pipeline.py +719 -0
  63. argus_panoptes-1.1.0/argus/policy.py +162 -0
  64. argus_panoptes-1.1.0/argus/prcomments.py +199 -0
  65. argus_panoptes-1.1.0/argus/precommit.py +91 -0
  66. argus_panoptes-1.1.0/argus/reachability.py +109 -0
  67. argus_panoptes-1.1.0/argus/report/__init__.py +5 -0
  68. argus_panoptes-1.1.0/argus/report/exporters.py +378 -0
  69. argus_panoptes-1.1.0/argus/report/templates/report.html.j2 +144 -0
  70. argus_panoptes-1.1.0/argus/sandbox/__init__.py +5 -0
  71. argus_panoptes-1.1.0/argus/sandbox/callback_server.py +91 -0
  72. argus_panoptes-1.1.0/argus/sandbox/docker_manager.py +238 -0
  73. argus_panoptes-1.1.0/argus/sandbox/dockerfile_gen.py +264 -0
  74. argus_panoptes-1.1.0/argus/sbom.py +86 -0
  75. argus_panoptes-1.1.0/argus/scanner/__init__.py +1 -0
  76. argus_panoptes-1.1.0/argus/scanner/dependencies.py +136 -0
  77. argus_panoptes-1.1.0/argus/scanner/iac.py +150 -0
  78. argus_panoptes-1.1.0/argus/scanner/image_cve.py +123 -0
  79. argus_panoptes-1.1.0/argus/scanner/ingestion.py +184 -0
  80. argus_panoptes-1.1.0/argus/scanner/popular_packages.py +42 -0
  81. argus_panoptes-1.1.0/argus/scanner/rules_builtin.py +293 -0
  82. argus_panoptes-1.1.0/argus/scanner/secrets.py +267 -0
  83. argus_panoptes-1.1.0/argus/scanner/semgrep_runner.py +75 -0
  84. argus_panoptes-1.1.0/argus/scanner/supplychain.py +301 -0
  85. argus_panoptes-1.1.0/argus/state.py +173 -0
  86. argus_panoptes-1.1.0/argus/suppressions.py +118 -0
  87. argus_panoptes-1.1.0/argus/surface.py +90 -0
  88. argus_panoptes-1.1.0/argus_panoptes.egg-info/PKG-INFO +495 -0
  89. argus_panoptes-1.1.0/argus_panoptes.egg-info/SOURCES.txt +93 -0
  90. argus_panoptes-1.1.0/argus_panoptes.egg-info/dependency_links.txt +1 -0
  91. argus_panoptes-1.1.0/argus_panoptes.egg-info/entry_points.txt +2 -0
  92. argus_panoptes-1.1.0/argus_panoptes.egg-info/requires.txt +32 -0
  93. argus_panoptes-1.1.0/argus_panoptes.egg-info/top_level.txt +1 -0
  94. argus_panoptes-1.1.0/pyproject.toml +73 -0
  95. argus_panoptes-1.1.0/setup.cfg +4 -0
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Sarthak-47
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,495 @@
1
+ Metadata-Version: 2.4
2
+ Name: argus-panoptes
3
+ Version: 1.1.0
4
+ Summary: Argus — AI-powered security audit agent. Point it at a repo. It reads the code, spins up the app, and attacks it.
5
+ Author-email: Sarthak-47 <0906sarthak@gmail.com>
6
+ License: MIT
7
+ Project-URL: Homepage, https://github.com/Sarthak-47/ARGUS
8
+ Project-URL: Repository, https://github.com/Sarthak-47/ARGUS.git
9
+ Keywords: security,audit,sast,pentest,llm,vulnerability,scanner
10
+ Classifier: Development Status :: 4 - Beta
11
+ Classifier: Environment :: Console
12
+ Classifier: Intended Audience :: Developers
13
+ Classifier: Topic :: Security
14
+ Classifier: Programming Language :: Python :: 3
15
+ Classifier: Programming Language :: Python :: 3.10
16
+ Classifier: Programming Language :: Python :: 3.11
17
+ Classifier: Programming Language :: Python :: 3.12
18
+ Classifier: License :: OSI Approved :: MIT License
19
+ Classifier: Operating System :: OS Independent
20
+ Requires-Python: >=3.10
21
+ Description-Content-Type: text/markdown
22
+ License-File: LICENSE
23
+ Requires-Dist: typer>=0.26.8
24
+ Requires-Dist: rich>=15.0.0
25
+ Requires-Dist: httpx>=0.27
26
+ Requires-Dist: platformdirs>=4.2
27
+ Requires-Dist: jinja2>=3.1
28
+ Requires-Dist: psutil>=7.2.2
29
+ Requires-Dist: GitPython>=3.1
30
+ Requires-Dist: PyYAML>=6.0
31
+ Requires-Dist: tomli-w>=1.0
32
+ Requires-Dist: tomli>=2.0; python_version < "3.11"
33
+ Provides-Extra: semgrep
34
+ Requires-Dist: semgrep>=1.50; extra == "semgrep"
35
+ Provides-Extra: audit
36
+ Requires-Dist: pip-audit>=2.10.1; extra == "audit"
37
+ Provides-Extra: browser
38
+ Requires-Dist: playwright>=1.45; extra == "browser"
39
+ Provides-Extra: sandbox
40
+ Requires-Dist: docker>=7.0; extra == "sandbox"
41
+ Provides-Extra: mcp
42
+ Requires-Dist: mcp>=1.28.1; extra == "mcp"
43
+ Provides-Extra: dev
44
+ Requires-Dist: pytest>=8.0; extra == "dev"
45
+ Requires-Dist: pytest-asyncio>=0.23; extra == "dev"
46
+ Requires-Dist: ruff>=0.4; extra == "dev"
47
+ Dynamic: license-file
48
+
49
+ <div align="center">
50
+
51
+ <img src="docs/assets/hero-banner.svg" alt="ARGUS — the security tool built for the vibe-coding era" width="100%"/>
52
+
53
+ [![CI](https://github.com/Sarthak-47/ARGUS/actions/workflows/ci.yml/badge.svg)](https://github.com/Sarthak-47/ARGUS/actions/workflows/ci.yml)
54
+ [![Latest release](https://img.shields.io/github/v/release/Sarthak-47/ARGUS?label=release&color=B8860B)](https://github.com/Sarthak-47/ARGUS/releases/latest)
55
+ [![PyPI](https://img.shields.io/pypi/v/argus-panoptes?color=B8860B)](https://pypi.org/project/argus-panoptes/)
56
+ [![License: MIT](https://img.shields.io/badge/License-MIT-B8860B.svg)](LICENSE)
57
+ [![Python 3.10+](https://img.shields.io/badge/python-3.10+-B8860B.svg)](https://www.python.org)
58
+ [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-B8860B.svg)](CONTRIBUTING.md)
59
+
60
+ </div>
61
+
62
+ ---
63
+
64
+ **Argus** is an AI-powered security audit agent for developers. Named after **Argus Panoptes** —
65
+ the hundred-eyed giant of Greek myth who never slept and saw everything.
66
+
67
+ Static scanners tell you what *looks* wrong. Argus **proves** it: it reads your code, then spins
68
+ your app up and actually attacks it — dumping data via SQLi, forging admin JWTs, reaching cloud
69
+ metadata via SSRF — and explains every finding in plain English, tailored to your codebase.
70
+
71
+ **Built for the AI-agent era, not just the AI-code era:** shipping an MCP server or an in-app
72
+ chatbot? Argus tests those too — `MCPSecurityAgent` catches tool poisoning and dangerous
73
+ unauthenticated capabilities in exposed MCP servers, and `PromptInjectionAgent` fires a canary
74
+ token at your app's own AI features to prove whether untrusted input can override system
75
+ instructions. Same swarm, same PoC-or-it-didn't-happen standard.
76
+
77
+ <details>
78
+ <summary><b>Table of contents</b></summary>
79
+
80
+ - [See it in 30 seconds](#-see-it-in-30-seconds)
81
+ - [How it works](#how-it-works--two-phases)
82
+ - [Install & use](#install--use)
83
+ - [Works on any machine — local or BYOK](#works-on-any-machine--local-or-byok)
84
+ - [Put it in CI](#put-it-in-ci)
85
+ - [Send findings to DefectDojo or Jira](#send-findings-to-defectdojo-or-jira)
86
+ - [Attack behind a login](#attack-behind-a-login-authenticated-scanning)
87
+ - [Show it off — the badge](#show-it-off--the-scanned-by-argus-badge)
88
+ - [Run it from your editor (MCP)](#run-it-from-your-editor-mcp-server)
89
+ - [Catch it before it commits](#catch-it-before-it-commits-pre-commit-hook)
90
+ - [Auto-fix pull requests](#auto-fix-pull-requests)
91
+ - [Desktop GUI](#desktop-gui)
92
+ - [Why Argus](#why-argus)
93
+ - [Status](#status)
94
+ - [Proof, not vibes — the benchmark suite](#proof-not-vibes--the-benchmark-suite)
95
+ - [Roadmap](#roadmap)
96
+ - [Contributing](#contributing)
97
+
98
+ </details>
99
+
100
+ ## ⚡ See it in 30 seconds
101
+
102
+ ```bash
103
+ pip install argus-panoptes # or: pipx install argus-panoptes
104
+ argus demo
105
+ ```
106
+
107
+ `argus demo` scans and attacks a **bundled, intentionally-vulnerable app** (nothing external is
108
+ touched) so you can watch the full flow immediately:
109
+
110
+ ```
111
+ ◈ ARGUS — STATIC SCAN
112
+ Risk Score 98/100 [CRITICAL]
113
+ ■ HIGH SQL injection · command injection · unsafe yaml.load
114
+
115
+ ◈ ARGUS — ATTACK AGENT
116
+ [INJECTOR:SQLI-ERROR] ✓ SQL injection (error-based)
117
+ [AUTHBREAKER:JWT-WEAK-SECRET] ✓ JWT signed with a weak secret
118
+ [XSSHUNTER:REFLECTED] ✓ Reflected XSS
119
+ [SSRFPROBER:CALLBACK] ✓ Server-Side Request Forgery (blind)
120
+ [IDORHUNTER] ✓ Insecure Direct Object Reference
121
+ [FILEATTACKER:TRAVERSAL] ✓ Path traversal (arbitrary file read)
122
+ ```
123
+
124
+ ## How it works — two phases
125
+
126
+ | Phase | What it does |
127
+ |---|---|
128
+ | **1 · Static Analysis** | Reads the codebase without running it: built-in rules, dependency CVEs (`npm/pip audit`), secret detection (regex + Shannon entropy + git history), then an LLM layer that validates, explains and re-rates each finding for *your* code. |
129
+ | **2 · Attack Agent** | Points a swarm of **18 specialised agents** at the running app — orchestrated in a loop, with an out-of-band callback server to confirm *blind* vulnerabilities, and every confirmed finding carries a runnable proof-of-concept (curl command + real request/response), not just a description. |
130
+
131
+ ### The attack swarm
132
+
133
+ `ReconBot` · `CrawlerBot` · `Injector` (SQLi/NoSQL/command) · `AuthBreaker` (JWT/session/MFA) ·
134
+ `IDORHunter` · `XSSHunter` · `SSRFProber` · `HeaderPoker` (CORS) · `CSRFHunter` · `FileAttacker`
135
+ (upload/traversal) · `Fuzzer` · `RaceCondition` · `GraphQLAgent` · `WebSocketAgent` ·
136
+ `MCPSecurityAgent` (exposed MCP servers & AI-infra leaks — incl. tool poisoning,
137
+ dangerous-capability tools, and resource/prompt disclosure) · `PromptInjectionAgent` (probes the
138
+ app's own chatbot/AI features for prompt injection — sends a unique canary token wrapped in an
139
+ instruction-override payload and only reports a finding if that exact token comes back verbatim,
140
+ proving untrusted input reached the model without isolation from system instructions) ·
141
+ **`BusinessLogicAgent`** — reasons
142
+ over the discovered endpoints with an LLM to propose coupon-stacking/negative-quantity/workflow-
143
+ bypass abuse, then *executes* it and confirms behaviorally. This targets the gap the rest of the
144
+ industry hasn't solved: ~70% of critical web vulnerabilities are business logic flaws, and no
145
+ autonomous agent reliably detects them. Auto-enables the moment an LLM provider is configured —
146
+ no flag needed — and stays silent otherwise.
147
+
148
+ Opt-in: **`DomXSSHunter`** — a real headless-browser agent (`--agents domxss`) that catches DOM
149
+ XSS in React/Vue/Next apps the HTTP-only agents can't see. Needs `pip install
150
+ 'argus-panoptes[browser]' && playwright install chromium`.
151
+
152
+ The same browser dependency also upgrades ReconBot itself: when installed, ReconBot renders the
153
+ root page in a real headless browser (no flag needed) and mines both the post-JS DOM and every
154
+ XHR/fetch call it fires — the endpoints an Angular/React/Vue SPA's client-side router and API
155
+ calls hide from a regex-over-server-HTML crawl. Silently skipped, zero cost, when the `browser`
156
+ extra isn't installed.
157
+
158
+ ## Install & use
159
+
160
+ ```bash
161
+ pip install argus-panoptes
162
+
163
+ argus demo # zero-setup showcase — see it work in 30s
164
+ argus setup # first-time wizard (detects GPU, picks an LLM)
165
+ argus scan <repo-url|path> # Phase 1 — static analysis
166
+ argus scan <path> --deep # + full LLM free-form review of high-risk files
167
+ argus scan <path> --taint # + LLM taint-tracing: only complete source-to-sink flows
168
+ argus attack --url http://localhost:3000 # Phase 2 — attack a running app
169
+ argus audit <repo-url> # Phase 1 + Phase 2
170
+ argus fix <path> # generate patches for fixable findings (dry-run)
171
+ argus fix <path> --apply # write the patches to disk
172
+ argus fix <path> --apply --pr # + commit to a branch, push, and open a GitHub PR
173
+ argus report --format html # export the last scan (html|json|markdown|sarif|sbom|vex|jira|pdf)
174
+ argus history # risk-score trend across past scans
175
+ argus compare # what's new/fixed since the last scan
176
+ argus suppress "<finding title>" # mark a finding ignored — stops it recurring
177
+ argus surface # endpoints remembered across attack runs
178
+ argus config --show
179
+ ```
180
+
181
+ ### Run in Docker (bundles Semgrep + auditors)
182
+
183
+ ```bash
184
+ docker build -t argus .
185
+ docker run --rm -v "$PWD:/src" argus scan /src --no-llm
186
+ ```
187
+
188
+ ## Works on any machine — local or BYOK
189
+
190
+ Argus needs no hosted service. Pick a **local model** (Ollama — private, offline) or **bring your
191
+ own key** for Groq / Gemini / Claude / OpenRouter. On `argus setup` it detects your GPU and
192
+ recommends a model that fits your VRAM. **With no LLM configured it still runs the full
193
+ deterministic scan** (rules + dependency audit + secret detection).
194
+
195
+ ## Put it in CI
196
+
197
+ Add Argus to any repo and publish findings to GitHub's **Security tab**:
198
+
199
+ ```yaml
200
+ - uses: Sarthak-47/ARGUS@main
201
+ id: argus
202
+ with:
203
+ target: "."
204
+ fail-on: "critical" # fail the build on critical findings
205
+ - uses: github/codeql-action/upload-sarif@v3
206
+ with:
207
+ sarif_file: ${{ steps.argus.outputs.sarif-file }}
208
+ ```
209
+
210
+ `argus scan --format sarif` and `argus scan --fail-on high` also work standalone in any pipeline.
211
+ For finer control than a single severity threshold, drop a `.argus-policy.toml` at your repo root
212
+ (or pass `--policy <file>`) to fail/warn/ignore per category, detector, or confirmed status — e.g.
213
+ fail on any confirmed SQLi but only warn on missing headers. See
214
+ [`.argus-policy.example.toml`](.argus-policy.example.toml). And `argus scan --diff-base main` (or
215
+ the Action's `diff-base` input) reports only findings in files the PR changed, so a pre-existing
216
+ backlog doesn't fail the build.
217
+
218
+ Adopting Argus on a repo that already has a backlog? Snapshot it once with `argus scan --write-baseline
219
+ .argus-baseline.json`, commit that file, then scan with `--baseline .argus-baseline.json` — every
220
+ finding that existed at adoption is treated as accepted and only genuinely new ones are reported and
221
+ gated on (survives line-number shifts, needs no git — unlike `--diff-base`).
222
+
223
+ Want findings inline on the PR itself, not just in the Security tab? Add `pr-comments: "true"` (needs
224
+ `permissions: pull-requests: write` on the job) and Argus posts each new finding as a review comment
225
+ right on the changed line — idempotent, so re-runs on the same commit don't double-post. A no-op
226
+ outside a `pull_request` event, so it's safe to leave on unconditionally.
227
+
228
+ ## Send findings to DefectDojo or Jira
229
+
230
+ - **DefectDojo**: no new format needed — `argus scan --format sarif` (already
231
+ built for GitHub code scanning) is DefectDojo-compatible as-is via its
232
+ built-in **SARIF** import type.
233
+ - **Jira**: `argus report --format jira` writes `jira-import.csv`, ready for
234
+ Jira's built-in CSV importer (*Project settings → External System Import →
235
+ CSV*) — one issue per finding (Summary, Description with evidence/fix/CWE/
236
+ compliance, Priority mapped from severity, Labels). No Jira API or
237
+ credentials needed; it's a manual upload.
238
+ - **VEX**: `argus report --format vex` writes `vex.cdx.json`, a CycloneDX 1.5
239
+ VEX document — a per-CVE exploitability statement (`exploitable` /
240
+ `not_affected`) for every dependency finding, driven by the same
241
+ reachability analysis that already downgrades unimported packages: a
242
+ vulnerable package never imported in your first-party code is
243
+ `not_affected` (`code_not_reachable`), consumable by any VEX-aware scanner
244
+ or supply-chain dashboard alongside the plain SBOM (`--format sbom`).
245
+
246
+ ## Attack behind a login (authenticated scanning)
247
+
248
+ Most real apps hide their interesting surface behind a login, so an
249
+ unauthenticated scan only sees the doormat. Give Argus a session and the whole
250
+ 18-agent swarm — including ReconBot's crawl — acts as the logged-in user:
251
+
252
+ ```bash
253
+ argus attack --url http://localhost:3000 --auth .argus-auth.toml
254
+ ```
255
+
256
+ A `.argus-auth.toml` (auto-discovered in the working directory, or passed with
257
+ `--auth`) supports a **bearer token**, arbitrary **headers**, session
258
+ **cookies**, **HTTP basic**, a **form login** (reuses the session cookie it sets,
259
+ or extracts a token from the JSON response), and **OAuth2 client-credentials**.
260
+ The form login is **CSRF-aware** too — many real login forms (DVWA's included)
261
+ embed a rotating hidden token that must be echoed back; set `csrf_field` and
262
+ Argus scrapes it from the login page first. See
263
+ [`.argus-auth.example.toml`](.argus-auth.example.toml). Credentials are never
264
+ echoed into a captured proof-of-concept. (Keep `.argus-auth.toml` out of git.)
265
+
266
+ Add a **second identity** with `--auth-b <file>` (ideally a low-privilege account)
267
+ and Argus tests **broken object- and function-level authorization** (BOLA/BFLA —
268
+ the #1 API risk): it flags any endpoint that rejects anonymous access but that a
269
+ *different* authenticated user, or an ordinary user hitting an admin route, can
270
+ still reach. Only that "protected-from-anonymous yet reachable-cross-user"
271
+ pattern is reported, so public endpoints don't cause false positives.
272
+
273
+ ### Feed it your API spec
274
+
275
+ Modern APIs are stateful and spec-defined — a link-following crawler misses most
276
+ of the surface. Hand Argus the spec and it seeds every declared endpoint directly:
277
+
278
+ ```bash
279
+ argus attack --url http://localhost:3000 --api-spec openapi.yaml
280
+ ```
281
+
282
+ Accepts **OpenAPI 3.x**, **Swagger 2.0**, **Postman v2** collections, and a
283
+ **GraphQL introspection** dump — as a file or URL. Spec paths are resolved against
284
+ your target's URL, so a spec written for production still points at localhost.
285
+
286
+ No flag? ReconBot also **auto-discovers** a spec on its own — it probes the usual
287
+ paths (`/openapi.json`, `/swagger.json`, `/.well-known/openapi.json`, …) and
288
+ seeds anything it finds, so an API-only target with no crawlable HTML still gets
289
+ its full surface tested.
290
+
291
+ ## Show it off — the "Scanned by Argus" badge
292
+
293
+ Running Argus on your repo? Let people know — drop this in your own README:
294
+
295
+ ```markdown
296
+ [![Scanned by Argus](https://img.shields.io/badge/security-scanned%20by%20Argus-B8860B)](https://github.com/Sarthak-47/ARGUS)
297
+ ```
298
+
299
+ [![Scanned by Argus](https://img.shields.io/badge/security-scanned%20by%20Argus-B8860B)](https://github.com/Sarthak-47/ARGUS)
300
+
301
+ It's a static badge (Argus has no hosted backend to poll for live status), so it
302
+ signals "we run Argus here," not a real-time pass/fail — pair it with the
303
+ [GitHub Action](#put-it-in-ci) or the [pre-commit hook](#catch-it-before-it-commits-pre-commit-hook)
304
+ below if you want the claim to actually be enforced.
305
+
306
+ ## Run it from your editor (MCP server)
307
+
308
+ ```bash
309
+ pip install 'argus-panoptes[mcp]'
310
+ argus mcp-server
311
+ ```
312
+
313
+ Exposes `argus_scan`, `argus_attack`, and `argus_fix` as MCP tools, so Copilot,
314
+ Cursor, or Claude Code can run a real security scan/attack/fix directly instead
315
+ of you shelling out and pasting results back in. Point your MCP client's config
316
+ at the `argus mcp-server` command (stdio transport) the same way you'd add any
317
+ other MCP server.
318
+
319
+ ## Catch it before it commits (pre-commit hook)
320
+
321
+ The cheapest way to use Argus is on every commit — block a hardcoded secret or
322
+ an obvious vulnerable pattern *before* it ever lands in git history. Add to your
323
+ `.pre-commit-config.yaml`:
324
+
325
+ ```yaml
326
+ repos:
327
+ - repo: https://github.com/Sarthak-47/ARGUS
328
+ rev: v1.1.0
329
+ hooks:
330
+ - id: argus # blocks on HIGH+ findings (use `argus-strict` for MEDIUM+)
331
+ ```
332
+
333
+ Then `pre-commit install`. It runs the deterministic passes only (secrets +
334
+ built-in rules) — no LLM, no network — so it's fast enough for every commit.
335
+ Standalone: `argus precommit` scans your currently-staged files.
336
+
337
+ ## Auto-fix pull requests
338
+
339
+ `argus fix --apply` already writes safe, reverified patches to disk. Add `--pr`
340
+ and it goes one step further: commits them to a new branch, pushes it, and opens
341
+ a real GitHub pull request with each finding's explanation in the description —
342
+ so remediation lands where developers actually work, not in a local diff nobody
343
+ sees.
344
+
345
+ ```bash
346
+ argus fix <path> --apply --pr
347
+ ```
348
+
349
+ This touches real, shared state (a branch and a PR), so it's opt-in and requires
350
+ you to already have GitHub authentication set up — Argus never tries to obtain
351
+ credentials on your behalf. Either works:
352
+
353
+ - **`gh` CLI** (recommended): `gh auth login`, then just run the command above.
354
+ - **A token**: set `GH_TOKEN` or `GITHUB_TOKEN` in your environment. Create one at
355
+ [github.com/settings/tokens](https://github.com/settings/tokens) → *Generate new
356
+ token (classic)* → scope **`repo`** (or, for a fine-grained token, **Contents:
357
+ Read & write** + **Pull requests: Read & write** on the target repo) → copy it
358
+ once, then `export GH_TOKEN=ghp_...` (or set it in CI as a secret).
359
+
360
+ Your working tree must be clean before running `--pr` — a pre-existing dirty
361
+ state would otherwise get swept into the fix commit, so Argus refuses rather
362
+ than guess what's yours and what's the patch.
363
+
364
+ ## Desktop GUI
365
+
366
+ A React + Vite + Tauri desktop app ("a war room inside the Parthenon") with six screens —
367
+ Dashboard (with a live risk-trend graph), New Scan, Live Attack, Reports, CodeView, Settings.
368
+ Inside the native app it **invokes the Python engine directly** to run real scans; in the browser
369
+ dev build it renders a dropped-in `argus scan --format json` result at `gui/public/report.json`.
370
+
371
+ ```bash
372
+ cd gui
373
+ npm install
374
+ npm run dev # browser dev server, http://localhost:5173
375
+ npm run tauri dev # native window (needs Rust: https://rustup.rs)
376
+ npm run tauri build # produces a real .exe/.dmg/.AppImage in src-tauri/target/release
377
+ ```
378
+
379
+ The native shell is ~9MB and starts in well under a second — a fraction of an Electron equivalent.
380
+
381
+ ## Why Argus
382
+
383
+ | Tool | Static | Active attack | LLM reasoning | Free | Local model | Open source |
384
+ |---|---|---|---|---|---|---|
385
+ | Snyk | ✓ | ✗ | ✗ | Partial | ✗ | ✗ |
386
+ | SonarQube | ✓ | ✗ | ✗ | Partial | ✗ | Partial |
387
+ | Semgrep | ✓ | ✗ | ✗ | ✓ | ✗ | ✓ |
388
+ | Burp Suite | ✗ | ✓ | ✗ | Partial | ✗ | ✗ |
389
+ | OWASP ZAP | ✗ | ✓ | ✗ | ✓ | ✗ | ✓ |
390
+ | **Argus** | **✓** | **✓** | **✓** | **✓** | **✓** | **✓** |
391
+
392
+ Nobody else combines all six. That's the gap Argus owns.
393
+
394
+ ## Status
395
+
396
+ - ✅ **Phase 1 — Static analysis** (`argus scan`): rules, dependency audit, behavioral supply-chain
397
+ manifest analysis (typosquats, unpinned versions, download-then-execute and obfuscated install
398
+ scripts, env-secret exfiltration, sensitive-path writes), secret detection, LLM reasoning
399
+ (`--deep` free-form review, `--taint` source-to-sink taint tracing), reports (HTML/JSON/
400
+ Markdown/SARIF/PDF/Jira CSV), CycloneDX SBOM + VEX export, and OWASP ASVS / PCI-DSS tags per
401
+ finding.
402
+ - ✅ **Phase 2 — Attack swarm** (`argus attack`): **18 agents** (13 original + MCPSecurityAgent,
403
+ PromptInjectionAgent, BusinessLogicAgent, AuthzTester, and the opt-in DomXSSHunter),
404
+ orchestration loop,
405
+ Docker auto-sandboxing when no `--url` is given (Django, Flask, FastAPI, Rails, Node/Express/
406
+ Next/Vite, or a `docker-compose.yml` with a published port — falls back to `--url` otherwise),
407
+ callback server for blind detection,
408
+ **exploit chaining** (compounds confirmed findings into attack paths — e.g. XSS + a
409
+ script-readable session cookie → account takeover, or clickjacking + a missing CSRF token →
410
+ forced state change), deduplicated findings, a persistent
411
+ attack-surface inventory that grows across runs, and a
412
+ reproducible proof-of-concept per confirmed exploit.
413
+ - ✅ **`argus fix`**: LLM-generated patches for fixable findings — dry-run preview or `--apply`,
414
+ with fix-and-reverify (re-scans afterward to confirm each patch actually closed the finding)
415
+ and an AI-assistant regenerate-prompt alongside every diff.
416
+ - ✅ **Workflow**: scan history + trend (`argus history`), scan-to-scan diff (`argus compare`),
417
+ finding lifecycle/suppression (`argus suppress`), Slack/Discord webhook notifications.
418
+ - ✅ **`argus demo`**: zero-setup showcase against a bundled vulnerable app.
419
+ - ✅ **GUI**: six screens (Dashboard with a live risk-trend graph, New Scan, Live Attack, Reports,
420
+ CodeView, Settings) rendering real engine data, including captured PoCs.
421
+ - ✅ **Desktop shell**: Tauri 2.0 wraps the GUI as a real native app that invokes the Python engine
422
+ directly (real scans, not just dropped-in JSON). `desktop-release.yml` builds Windows/macOS
423
+ (universal)/Linux installers on tag; v0.1.0–v1.1.0 published. Ships with no demo
424
+ data — every screen shows real engine output or an honest empty/first-run state.
425
+ - ✅ **CI-ready**: SARIF output, `--fail-on`, per-rule policy gating (`.argus-policy.toml`),
426
+ GitHub Action, Docker image, green test suite (200+ tests).
427
+ - ✅ **Package verified**: `python -m build` + `twine check` pass; the built wheel installs into
428
+ a clean venv and runs. `release.yml` publishes to PyPI on tag via trusted publishing.
429
+
430
+ *Semgrep is optional and layered in when available — it has no native Windows build, so Argus's
431
+ own rules carry the scan there (use the Docker image for full Semgrep).*
432
+
433
+ ## Proof, not vibes — the benchmark suite
434
+
435
+ Every scanner claims to catch things. Argus measures it: `argus benchmark` runs
436
+ the full attack swarm against known-vulnerable apps — OWASP Juice Shop, DVWA,
437
+ VAmPI, plus Argus's own bundled demo target — and reports a real detection rate
438
+ against a hand-curated ground truth of each app's documented vulnerabilities
439
+ (scoped to what Argus's detectors actually target, not a full CVE dump).
440
+
441
+ ```bash
442
+ argus benchmark --case argus_demo # runs locally, no Docker needed
443
+ argus benchmark # the full suite (juice_shop/dvwa/vampi need Docker)
444
+ ```
445
+
446
+ The [`benchmark.yml`](.github/workflows/benchmark.yml) GitHub Action runs the
447
+ full suite (Docker cases included) on every release and publishes the results
448
+ as a job summary + artifact — building this suite already caught and fixed two
449
+ real bugs: `argus demo`'s advertised `INJECTOR:SQLI-ERROR` output wasn't
450
+ actually firing until the ground truth exposed it, and a category mismatch was
451
+ silently hiding a real detection.
452
+
453
+ Numbers as of v1.1.0, run against real Docker targets on GitHub's own runners
454
+ — not smoothed over: `argus_demo` **100%** (14/14 — the fully self-contained
455
+ case), `juice_shop` **14–29%** (1–2/7, varies run to run — see below),
456
+ `dvwa` **33%** (2/6), `vampi` **20%** (1/5). Every gap here is a *known,
457
+ documented* one, not a mystery:
458
+
459
+ - **Juice Shop** is an Angular SPA. ReconBot now renders it in a real headless
460
+ browser to catch client-routed pages and XHR/fetch calls a static crawl
461
+ can't see — verified working, and it moved the real score up — but the
462
+ crawl races Angular's bootstrap time against a network-idle timeout, so it
463
+ wins on a quiet CI runner and silently falls back to the static-only result
464
+ on a busy one. A real, reproducible improvement, not a guaranteed one on
465
+ every single run.
466
+ - **DVWA** needs a rotating CSRF token scraped from the login page (done,
467
+ verified against a real validating server) *and* a per-session
468
+ difficulty-level unlock Argus also now does — the score hasn't moved yet on
469
+ this specific target and the remaining gap is still being root-caused.
470
+ - **VAmPI** is API-only with almost no crawlable HTML; ReconBot now
471
+ auto-discovers and parses its OpenAPI spec with zero flags, which alone
472
+ moved this from 0% to 20%.
473
+
474
+ That's the point of a benchmark: it tells you what's actually true, not what
475
+ sounds good, and the full run-by-run history of what changed and why is in
476
+ [ROADMAP.md](ROADMAP.md#milestone-v10--prove-it-then-ship-it).
477
+
478
+ ## Roadmap
479
+
480
+ Where Argus is headed next — the path from v0.2.0 to a benchmark-proven 1.0
481
+ (authenticated scanning, API-schema awareness, reachability-filtered SCA,
482
+ auto-fix PRs) is laid out in [ROADMAP.md](ROADMAP.md).
483
+
484
+ ## Responsible use
485
+
486
+ Argus is an **offensive** tool. **Only run it against systems you own or are authorized to
487
+ test.** See [SECURITY.md](SECURITY.md). `argus demo` gives you a safe, bundled target to explore.
488
+
489
+ ## Contributing
490
+
491
+ New attack agents, rules and payloads are very welcome — see [CONTRIBUTING.md](CONTRIBUTING.md).
492
+
493
+ ## License
494
+
495
+ MIT © Sarthak-47 · see [LICENSE](LICENSE)