argus-panoptes 1.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- argus_panoptes-1.1.0/LICENSE +21 -0
- argus_panoptes-1.1.0/PKG-INFO +495 -0
- argus_panoptes-1.1.0/README.md +447 -0
- argus_panoptes-1.1.0/argus/__init__.py +18 -0
- argus_panoptes-1.1.0/argus/agents/__init__.py +9 -0
- argus_panoptes-1.1.0/argus/agents/authbreaker.py +198 -0
- argus_panoptes-1.1.0/argus/agents/authztester.py +159 -0
- argus_panoptes-1.1.0/argus/agents/base.py +219 -0
- argus_panoptes-1.1.0/argus/agents/businesslogic.py +175 -0
- argus_panoptes-1.1.0/argus/agents/crawlerbot.py +135 -0
- argus_panoptes-1.1.0/argus/agents/csrfhunter.py +90 -0
- argus_panoptes-1.1.0/argus/agents/domxss.py +121 -0
- argus_panoptes-1.1.0/argus/agents/fileattacker.py +112 -0
- argus_panoptes-1.1.0/argus/agents/fuzzer.py +111 -0
- argus_panoptes-1.1.0/argus/agents/graphqlagent.py +70 -0
- argus_panoptes-1.1.0/argus/agents/headerpoker.py +90 -0
- argus_panoptes-1.1.0/argus/agents/idorhunter.py +143 -0
- argus_panoptes-1.1.0/argus/agents/injector.py +183 -0
- argus_panoptes-1.1.0/argus/agents/mcpsecurity.py +266 -0
- argus_panoptes-1.1.0/argus/agents/promptinjection.py +130 -0
- argus_panoptes-1.1.0/argus/agents/racecondition.py +88 -0
- argus_panoptes-1.1.0/argus/agents/reconbot.py +284 -0
- argus_panoptes-1.1.0/argus/agents/ssrfprober.py +131 -0
- argus_panoptes-1.1.0/argus/agents/websocketagent.py +91 -0
- argus_panoptes-1.1.0/argus/agents/xsshunter.py +93 -0
- argus_panoptes-1.1.0/argus/apispec.py +275 -0
- argus_panoptes-1.1.0/argus/auth.py +279 -0
- argus_panoptes-1.1.0/argus/baseline.py +59 -0
- argus_panoptes-1.1.0/argus/benchmark.py +383 -0
- argus_panoptes-1.1.0/argus/chains.py +136 -0
- argus_panoptes-1.1.0/argus/cli/__init__.py +1 -0
- argus_panoptes-1.1.0/argus/cli/main.py +403 -0
- argus_panoptes-1.1.0/argus/cli/output.py +180 -0
- argus_panoptes-1.1.0/argus/commands/__init__.py +1 -0
- argus_panoptes-1.1.0/argus/commands/compare_cmd.py +86 -0
- argus_panoptes-1.1.0/argus/commands/config_cmd.py +66 -0
- argus_panoptes-1.1.0/argus/commands/demo_cmd.py +56 -0
- argus_panoptes-1.1.0/argus/commands/history_cmd.py +44 -0
- argus_panoptes-1.1.0/argus/commands/setup_cmd.py +72 -0
- argus_panoptes-1.1.0/argus/commands/status_cmd.py +77 -0
- argus_panoptes-1.1.0/argus/commands/suppress_cmd.py +82 -0
- argus_panoptes-1.1.0/argus/commands/surface_cmd.py +51 -0
- argus_panoptes-1.1.0/argus/compare.py +46 -0
- argus_panoptes-1.1.0/argus/compliance.py +80 -0
- argus_panoptes-1.1.0/argus/config/__init__.py +5 -0
- argus_panoptes-1.1.0/argus/config/defaults.py +112 -0
- argus_panoptes-1.1.0/argus/config/settings.py +153 -0
- argus_panoptes-1.1.0/argus/demo/__init__.py +11 -0
- argus_panoptes-1.1.0/argus/demo/target.py +196 -0
- argus_panoptes-1.1.0/argus/fix.py +154 -0
- argus_panoptes-1.1.0/argus/fixpr.py +156 -0
- argus_panoptes-1.1.0/argus/gitutil.py +59 -0
- argus_panoptes-1.1.0/argus/llm/__init__.py +1 -0
- argus_panoptes-1.1.0/argus/llm/detector.py +97 -0
- argus_panoptes-1.1.0/argus/llm/orchestrator.py +188 -0
- argus_panoptes-1.1.0/argus/llm/prompts.py +209 -0
- argus_panoptes-1.1.0/argus/llm/provider.py +218 -0
- argus_panoptes-1.1.0/argus/llm/reasoning.py +263 -0
- argus_panoptes-1.1.0/argus/mcp_server.py +153 -0
- argus_panoptes-1.1.0/argus/models.py +276 -0
- argus_panoptes-1.1.0/argus/notify.py +45 -0
- argus_panoptes-1.1.0/argus/pipeline.py +719 -0
- argus_panoptes-1.1.0/argus/policy.py +162 -0
- argus_panoptes-1.1.0/argus/prcomments.py +199 -0
- argus_panoptes-1.1.0/argus/precommit.py +91 -0
- argus_panoptes-1.1.0/argus/reachability.py +109 -0
- argus_panoptes-1.1.0/argus/report/__init__.py +5 -0
- argus_panoptes-1.1.0/argus/report/exporters.py +378 -0
- argus_panoptes-1.1.0/argus/report/templates/report.html.j2 +144 -0
- argus_panoptes-1.1.0/argus/sandbox/__init__.py +5 -0
- argus_panoptes-1.1.0/argus/sandbox/callback_server.py +91 -0
- argus_panoptes-1.1.0/argus/sandbox/docker_manager.py +238 -0
- argus_panoptes-1.1.0/argus/sandbox/dockerfile_gen.py +264 -0
- argus_panoptes-1.1.0/argus/sbom.py +86 -0
- argus_panoptes-1.1.0/argus/scanner/__init__.py +1 -0
- argus_panoptes-1.1.0/argus/scanner/dependencies.py +136 -0
- argus_panoptes-1.1.0/argus/scanner/iac.py +150 -0
- argus_panoptes-1.1.0/argus/scanner/image_cve.py +123 -0
- argus_panoptes-1.1.0/argus/scanner/ingestion.py +184 -0
- argus_panoptes-1.1.0/argus/scanner/popular_packages.py +42 -0
- argus_panoptes-1.1.0/argus/scanner/rules_builtin.py +293 -0
- argus_panoptes-1.1.0/argus/scanner/secrets.py +267 -0
- argus_panoptes-1.1.0/argus/scanner/semgrep_runner.py +75 -0
- argus_panoptes-1.1.0/argus/scanner/supplychain.py +301 -0
- argus_panoptes-1.1.0/argus/state.py +173 -0
- argus_panoptes-1.1.0/argus/suppressions.py +118 -0
- argus_panoptes-1.1.0/argus/surface.py +90 -0
- argus_panoptes-1.1.0/argus_panoptes.egg-info/PKG-INFO +495 -0
- argus_panoptes-1.1.0/argus_panoptes.egg-info/SOURCES.txt +93 -0
- argus_panoptes-1.1.0/argus_panoptes.egg-info/dependency_links.txt +1 -0
- argus_panoptes-1.1.0/argus_panoptes.egg-info/entry_points.txt +2 -0
- argus_panoptes-1.1.0/argus_panoptes.egg-info/requires.txt +32 -0
- argus_panoptes-1.1.0/argus_panoptes.egg-info/top_level.txt +1 -0
- argus_panoptes-1.1.0/pyproject.toml +73 -0
- argus_panoptes-1.1.0/setup.cfg +4 -0
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Sarthak-47
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
@@ -0,0 +1,495 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: argus-panoptes
|
|
3
|
+
Version: 1.1.0
|
|
4
|
+
Summary: Argus — AI-powered security audit agent. Point it at a repo. It reads the code, spins up the app, and attacks it.
|
|
5
|
+
Author-email: Sarthak-47 <0906sarthak@gmail.com>
|
|
6
|
+
License: MIT
|
|
7
|
+
Project-URL: Homepage, https://github.com/Sarthak-47/ARGUS
|
|
8
|
+
Project-URL: Repository, https://github.com/Sarthak-47/ARGUS.git
|
|
9
|
+
Keywords: security,audit,sast,pentest,llm,vulnerability,scanner
|
|
10
|
+
Classifier: Development Status :: 4 - Beta
|
|
11
|
+
Classifier: Environment :: Console
|
|
12
|
+
Classifier: Intended Audience :: Developers
|
|
13
|
+
Classifier: Topic :: Security
|
|
14
|
+
Classifier: Programming Language :: Python :: 3
|
|
15
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
17
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
18
|
+
Classifier: License :: OSI Approved :: MIT License
|
|
19
|
+
Classifier: Operating System :: OS Independent
|
|
20
|
+
Requires-Python: >=3.10
|
|
21
|
+
Description-Content-Type: text/markdown
|
|
22
|
+
License-File: LICENSE
|
|
23
|
+
Requires-Dist: typer>=0.26.8
|
|
24
|
+
Requires-Dist: rich>=15.0.0
|
|
25
|
+
Requires-Dist: httpx>=0.27
|
|
26
|
+
Requires-Dist: platformdirs>=4.2
|
|
27
|
+
Requires-Dist: jinja2>=3.1
|
|
28
|
+
Requires-Dist: psutil>=7.2.2
|
|
29
|
+
Requires-Dist: GitPython>=3.1
|
|
30
|
+
Requires-Dist: PyYAML>=6.0
|
|
31
|
+
Requires-Dist: tomli-w>=1.0
|
|
32
|
+
Requires-Dist: tomli>=2.0; python_version < "3.11"
|
|
33
|
+
Provides-Extra: semgrep
|
|
34
|
+
Requires-Dist: semgrep>=1.50; extra == "semgrep"
|
|
35
|
+
Provides-Extra: audit
|
|
36
|
+
Requires-Dist: pip-audit>=2.10.1; extra == "audit"
|
|
37
|
+
Provides-Extra: browser
|
|
38
|
+
Requires-Dist: playwright>=1.45; extra == "browser"
|
|
39
|
+
Provides-Extra: sandbox
|
|
40
|
+
Requires-Dist: docker>=7.0; extra == "sandbox"
|
|
41
|
+
Provides-Extra: mcp
|
|
42
|
+
Requires-Dist: mcp>=1.28.1; extra == "mcp"
|
|
43
|
+
Provides-Extra: dev
|
|
44
|
+
Requires-Dist: pytest>=8.0; extra == "dev"
|
|
45
|
+
Requires-Dist: pytest-asyncio>=0.23; extra == "dev"
|
|
46
|
+
Requires-Dist: ruff>=0.4; extra == "dev"
|
|
47
|
+
Dynamic: license-file
|
|
48
|
+
|
|
49
|
+
<div align="center">
|
|
50
|
+
|
|
51
|
+
<img src="docs/assets/hero-banner.svg" alt="ARGUS — the security tool built for the vibe-coding era" width="100%"/>
|
|
52
|
+
|
|
53
|
+
[](https://github.com/Sarthak-47/ARGUS/actions/workflows/ci.yml)
|
|
54
|
+
[](https://github.com/Sarthak-47/ARGUS/releases/latest)
|
|
55
|
+
[](https://pypi.org/project/argus-panoptes/)
|
|
56
|
+
[](LICENSE)
|
|
57
|
+
[](https://www.python.org)
|
|
58
|
+
[](CONTRIBUTING.md)
|
|
59
|
+
|
|
60
|
+
</div>
|
|
61
|
+
|
|
62
|
+
---
|
|
63
|
+
|
|
64
|
+
**Argus** is an AI-powered security audit agent for developers. Named after **Argus Panoptes** —
|
|
65
|
+
the hundred-eyed giant of Greek myth who never slept and saw everything.
|
|
66
|
+
|
|
67
|
+
Static scanners tell you what *looks* wrong. Argus **proves** it: it reads your code, then spins
|
|
68
|
+
your app up and actually attacks it — dumping data via SQLi, forging admin JWTs, reaching cloud
|
|
69
|
+
metadata via SSRF — and explains every finding in plain English, tailored to your codebase.
|
|
70
|
+
|
|
71
|
+
**Built for the AI-agent era, not just the AI-code era:** shipping an MCP server or an in-app
|
|
72
|
+
chatbot? Argus tests those too — `MCPSecurityAgent` catches tool poisoning and dangerous
|
|
73
|
+
unauthenticated capabilities in exposed MCP servers, and `PromptInjectionAgent` fires a canary
|
|
74
|
+
token at your app's own AI features to prove whether untrusted input can override system
|
|
75
|
+
instructions. Same swarm, same PoC-or-it-didn't-happen standard.
|
|
76
|
+
|
|
77
|
+
<details>
|
|
78
|
+
<summary><b>Table of contents</b></summary>
|
|
79
|
+
|
|
80
|
+
- [See it in 30 seconds](#-see-it-in-30-seconds)
|
|
81
|
+
- [How it works](#how-it-works--two-phases)
|
|
82
|
+
- [Install & use](#install--use)
|
|
83
|
+
- [Works on any machine — local or BYOK](#works-on-any-machine--local-or-byok)
|
|
84
|
+
- [Put it in CI](#put-it-in-ci)
|
|
85
|
+
- [Send findings to DefectDojo or Jira](#send-findings-to-defectdojo-or-jira)
|
|
86
|
+
- [Attack behind a login](#attack-behind-a-login-authenticated-scanning)
|
|
87
|
+
- [Show it off — the badge](#show-it-off--the-scanned-by-argus-badge)
|
|
88
|
+
- [Run it from your editor (MCP)](#run-it-from-your-editor-mcp-server)
|
|
89
|
+
- [Catch it before it commits](#catch-it-before-it-commits-pre-commit-hook)
|
|
90
|
+
- [Auto-fix pull requests](#auto-fix-pull-requests)
|
|
91
|
+
- [Desktop GUI](#desktop-gui)
|
|
92
|
+
- [Why Argus](#why-argus)
|
|
93
|
+
- [Status](#status)
|
|
94
|
+
- [Proof, not vibes — the benchmark suite](#proof-not-vibes--the-benchmark-suite)
|
|
95
|
+
- [Roadmap](#roadmap)
|
|
96
|
+
- [Contributing](#contributing)
|
|
97
|
+
|
|
98
|
+
</details>
|
|
99
|
+
|
|
100
|
+
## ⚡ See it in 30 seconds
|
|
101
|
+
|
|
102
|
+
```bash
|
|
103
|
+
pip install argus-panoptes # or: pipx install argus-panoptes
|
|
104
|
+
argus demo
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
`argus demo` scans and attacks a **bundled, intentionally-vulnerable app** (nothing external is
|
|
108
|
+
touched) so you can watch the full flow immediately:
|
|
109
|
+
|
|
110
|
+
```
|
|
111
|
+
◈ ARGUS — STATIC SCAN
|
|
112
|
+
Risk Score 98/100 [CRITICAL]
|
|
113
|
+
■ HIGH SQL injection · command injection · unsafe yaml.load
|
|
114
|
+
|
|
115
|
+
◈ ARGUS — ATTACK AGENT
|
|
116
|
+
[INJECTOR:SQLI-ERROR] ✓ SQL injection (error-based)
|
|
117
|
+
[AUTHBREAKER:JWT-WEAK-SECRET] ✓ JWT signed with a weak secret
|
|
118
|
+
[XSSHUNTER:REFLECTED] ✓ Reflected XSS
|
|
119
|
+
[SSRFPROBER:CALLBACK] ✓ Server-Side Request Forgery (blind)
|
|
120
|
+
[IDORHUNTER] ✓ Insecure Direct Object Reference
|
|
121
|
+
[FILEATTACKER:TRAVERSAL] ✓ Path traversal (arbitrary file read)
|
|
122
|
+
```
|
|
123
|
+
|
|
124
|
+
## How it works — two phases
|
|
125
|
+
|
|
126
|
+
| Phase | What it does |
|
|
127
|
+
|---|---|
|
|
128
|
+
| **1 · Static Analysis** | Reads the codebase without running it: built-in rules, dependency CVEs (`npm/pip audit`), secret detection (regex + Shannon entropy + git history), then an LLM layer that validates, explains and re-rates each finding for *your* code. |
|
|
129
|
+
| **2 · Attack Agent** | Points a swarm of **18 specialised agents** at the running app — orchestrated in a loop, with an out-of-band callback server to confirm *blind* vulnerabilities, and every confirmed finding carries a runnable proof-of-concept (curl command + real request/response), not just a description. |
|
|
130
|
+
|
|
131
|
+
### The attack swarm
|
|
132
|
+
|
|
133
|
+
`ReconBot` · `CrawlerBot` · `Injector` (SQLi/NoSQL/command) · `AuthBreaker` (JWT/session/MFA) ·
|
|
134
|
+
`IDORHunter` · `XSSHunter` · `SSRFProber` · `HeaderPoker` (CORS) · `CSRFHunter` · `FileAttacker`
|
|
135
|
+
(upload/traversal) · `Fuzzer` · `RaceCondition` · `GraphQLAgent` · `WebSocketAgent` ·
|
|
136
|
+
`MCPSecurityAgent` (exposed MCP servers & AI-infra leaks — incl. tool poisoning,
|
|
137
|
+
dangerous-capability tools, and resource/prompt disclosure) · `PromptInjectionAgent` (probes the
|
|
138
|
+
app's own chatbot/AI features for prompt injection — sends a unique canary token wrapped in an
|
|
139
|
+
instruction-override payload and only reports a finding if that exact token comes back verbatim,
|
|
140
|
+
proving untrusted input reached the model without isolation from system instructions) ·
|
|
141
|
+
**`BusinessLogicAgent`** — reasons
|
|
142
|
+
over the discovered endpoints with an LLM to propose coupon-stacking/negative-quantity/workflow-
|
|
143
|
+
bypass abuse, then *executes* it and confirms behaviorally. This targets the gap the rest of the
|
|
144
|
+
industry hasn't solved: ~70% of critical web vulnerabilities are business logic flaws, and no
|
|
145
|
+
autonomous agent reliably detects them. Auto-enables the moment an LLM provider is configured —
|
|
146
|
+
no flag needed — and stays silent otherwise.
|
|
147
|
+
|
|
148
|
+
Opt-in: **`DomXSSHunter`** — a real headless-browser agent (`--agents domxss`) that catches DOM
|
|
149
|
+
XSS in React/Vue/Next apps the HTTP-only agents can't see. Needs `pip install
|
|
150
|
+
'argus-panoptes[browser]' && playwright install chromium`.
|
|
151
|
+
|
|
152
|
+
The same browser dependency also upgrades ReconBot itself: when installed, ReconBot renders the
|
|
153
|
+
root page in a real headless browser (no flag needed) and mines both the post-JS DOM and every
|
|
154
|
+
XHR/fetch call it fires — the endpoints an Angular/React/Vue SPA's client-side router and API
|
|
155
|
+
calls hide from a regex-over-server-HTML crawl. Silently skipped, zero cost, when the `browser`
|
|
156
|
+
extra isn't installed.
|
|
157
|
+
|
|
158
|
+
## Install & use
|
|
159
|
+
|
|
160
|
+
```bash
|
|
161
|
+
pip install argus-panoptes
|
|
162
|
+
|
|
163
|
+
argus demo # zero-setup showcase — see it work in 30s
|
|
164
|
+
argus setup # first-time wizard (detects GPU, picks an LLM)
|
|
165
|
+
argus scan <repo-url|path> # Phase 1 — static analysis
|
|
166
|
+
argus scan <path> --deep # + full LLM free-form review of high-risk files
|
|
167
|
+
argus scan <path> --taint # + LLM taint-tracing: only complete source-to-sink flows
|
|
168
|
+
argus attack --url http://localhost:3000 # Phase 2 — attack a running app
|
|
169
|
+
argus audit <repo-url> # Phase 1 + Phase 2
|
|
170
|
+
argus fix <path> # generate patches for fixable findings (dry-run)
|
|
171
|
+
argus fix <path> --apply # write the patches to disk
|
|
172
|
+
argus fix <path> --apply --pr # + commit to a branch, push, and open a GitHub PR
|
|
173
|
+
argus report --format html # export the last scan (html|json|markdown|sarif|sbom|vex|jira|pdf)
|
|
174
|
+
argus history # risk-score trend across past scans
|
|
175
|
+
argus compare # what's new/fixed since the last scan
|
|
176
|
+
argus suppress "<finding title>" # mark a finding ignored — stops it recurring
|
|
177
|
+
argus surface # endpoints remembered across attack runs
|
|
178
|
+
argus config --show
|
|
179
|
+
```
|
|
180
|
+
|
|
181
|
+
### Run in Docker (bundles Semgrep + auditors)
|
|
182
|
+
|
|
183
|
+
```bash
|
|
184
|
+
docker build -t argus .
|
|
185
|
+
docker run --rm -v "$PWD:/src" argus scan /src --no-llm
|
|
186
|
+
```
|
|
187
|
+
|
|
188
|
+
## Works on any machine — local or BYOK
|
|
189
|
+
|
|
190
|
+
Argus needs no hosted service. Pick a **local model** (Ollama — private, offline) or **bring your
|
|
191
|
+
own key** for Groq / Gemini / Claude / OpenRouter. On `argus setup` it detects your GPU and
|
|
192
|
+
recommends a model that fits your VRAM. **With no LLM configured it still runs the full
|
|
193
|
+
deterministic scan** (rules + dependency audit + secret detection).
|
|
194
|
+
|
|
195
|
+
## Put it in CI
|
|
196
|
+
|
|
197
|
+
Add Argus to any repo and publish findings to GitHub's **Security tab**:
|
|
198
|
+
|
|
199
|
+
```yaml
|
|
200
|
+
- uses: Sarthak-47/ARGUS@main
|
|
201
|
+
id: argus
|
|
202
|
+
with:
|
|
203
|
+
target: "."
|
|
204
|
+
fail-on: "critical" # fail the build on critical findings
|
|
205
|
+
- uses: github/codeql-action/upload-sarif@v3
|
|
206
|
+
with:
|
|
207
|
+
sarif_file: ${{ steps.argus.outputs.sarif-file }}
|
|
208
|
+
```
|
|
209
|
+
|
|
210
|
+
`argus scan --format sarif` and `argus scan --fail-on high` also work standalone in any pipeline.
|
|
211
|
+
For finer control than a single severity threshold, drop a `.argus-policy.toml` at your repo root
|
|
212
|
+
(or pass `--policy <file>`) to fail/warn/ignore per category, detector, or confirmed status — e.g.
|
|
213
|
+
fail on any confirmed SQLi but only warn on missing headers. See
|
|
214
|
+
[`.argus-policy.example.toml`](.argus-policy.example.toml). And `argus scan --diff-base main` (or
|
|
215
|
+
the Action's `diff-base` input) reports only findings in files the PR changed, so a pre-existing
|
|
216
|
+
backlog doesn't fail the build.
|
|
217
|
+
|
|
218
|
+
Adopting Argus on a repo that already has a backlog? Snapshot it once with `argus scan --write-baseline
|
|
219
|
+
.argus-baseline.json`, commit that file, then scan with `--baseline .argus-baseline.json` — every
|
|
220
|
+
finding that existed at adoption is treated as accepted and only genuinely new ones are reported and
|
|
221
|
+
gated on (survives line-number shifts, needs no git — unlike `--diff-base`).
|
|
222
|
+
|
|
223
|
+
Want findings inline on the PR itself, not just in the Security tab? Add `pr-comments: "true"` (needs
|
|
224
|
+
`permissions: pull-requests: write` on the job) and Argus posts each new finding as a review comment
|
|
225
|
+
right on the changed line — idempotent, so re-runs on the same commit don't double-post. A no-op
|
|
226
|
+
outside a `pull_request` event, so it's safe to leave on unconditionally.
|
|
227
|
+
|
|
228
|
+
## Send findings to DefectDojo or Jira
|
|
229
|
+
|
|
230
|
+
- **DefectDojo**: no new format needed — `argus scan --format sarif` (already
|
|
231
|
+
built for GitHub code scanning) is DefectDojo-compatible as-is via its
|
|
232
|
+
built-in **SARIF** import type.
|
|
233
|
+
- **Jira**: `argus report --format jira` writes `jira-import.csv`, ready for
|
|
234
|
+
Jira's built-in CSV importer (*Project settings → External System Import →
|
|
235
|
+
CSV*) — one issue per finding (Summary, Description with evidence/fix/CWE/
|
|
236
|
+
compliance, Priority mapped from severity, Labels). No Jira API or
|
|
237
|
+
credentials needed; it's a manual upload.
|
|
238
|
+
- **VEX**: `argus report --format vex` writes `vex.cdx.json`, a CycloneDX 1.5
|
|
239
|
+
VEX document — a per-CVE exploitability statement (`exploitable` /
|
|
240
|
+
`not_affected`) for every dependency finding, driven by the same
|
|
241
|
+
reachability analysis that already downgrades unimported packages: a
|
|
242
|
+
vulnerable package never imported in your first-party code is
|
|
243
|
+
`not_affected` (`code_not_reachable`), consumable by any VEX-aware scanner
|
|
244
|
+
or supply-chain dashboard alongside the plain SBOM (`--format sbom`).
|
|
245
|
+
|
|
246
|
+
## Attack behind a login (authenticated scanning)
|
|
247
|
+
|
|
248
|
+
Most real apps hide their interesting surface behind a login, so an
|
|
249
|
+
unauthenticated scan only sees the doormat. Give Argus a session and the whole
|
|
250
|
+
18-agent swarm — including ReconBot's crawl — acts as the logged-in user:
|
|
251
|
+
|
|
252
|
+
```bash
|
|
253
|
+
argus attack --url http://localhost:3000 --auth .argus-auth.toml
|
|
254
|
+
```
|
|
255
|
+
|
|
256
|
+
A `.argus-auth.toml` (auto-discovered in the working directory, or passed with
|
|
257
|
+
`--auth`) supports a **bearer token**, arbitrary **headers**, session
|
|
258
|
+
**cookies**, **HTTP basic**, a **form login** (reuses the session cookie it sets,
|
|
259
|
+
or extracts a token from the JSON response), and **OAuth2 client-credentials**.
|
|
260
|
+
The form login is **CSRF-aware** too — many real login forms (DVWA's included)
|
|
261
|
+
embed a rotating hidden token that must be echoed back; set `csrf_field` and
|
|
262
|
+
Argus scrapes it from the login page first. See
|
|
263
|
+
[`.argus-auth.example.toml`](.argus-auth.example.toml). Credentials are never
|
|
264
|
+
echoed into a captured proof-of-concept. (Keep `.argus-auth.toml` out of git.)
|
|
265
|
+
|
|
266
|
+
Add a **second identity** with `--auth-b <file>` (ideally a low-privilege account)
|
|
267
|
+
and Argus tests **broken object- and function-level authorization** (BOLA/BFLA —
|
|
268
|
+
the #1 API risk): it flags any endpoint that rejects anonymous access but that a
|
|
269
|
+
*different* authenticated user, or an ordinary user hitting an admin route, can
|
|
270
|
+
still reach. Only that "protected-from-anonymous yet reachable-cross-user"
|
|
271
|
+
pattern is reported, so public endpoints don't cause false positives.
|
|
272
|
+
|
|
273
|
+
### Feed it your API spec
|
|
274
|
+
|
|
275
|
+
Modern APIs are stateful and spec-defined — a link-following crawler misses most
|
|
276
|
+
of the surface. Hand Argus the spec and it seeds every declared endpoint directly:
|
|
277
|
+
|
|
278
|
+
```bash
|
|
279
|
+
argus attack --url http://localhost:3000 --api-spec openapi.yaml
|
|
280
|
+
```
|
|
281
|
+
|
|
282
|
+
Accepts **OpenAPI 3.x**, **Swagger 2.0**, **Postman v2** collections, and a
|
|
283
|
+
**GraphQL introspection** dump — as a file or URL. Spec paths are resolved against
|
|
284
|
+
your target's URL, so a spec written for production still points at localhost.
|
|
285
|
+
|
|
286
|
+
No flag? ReconBot also **auto-discovers** a spec on its own — it probes the usual
|
|
287
|
+
paths (`/openapi.json`, `/swagger.json`, `/.well-known/openapi.json`, …) and
|
|
288
|
+
seeds anything it finds, so an API-only target with no crawlable HTML still gets
|
|
289
|
+
its full surface tested.
|
|
290
|
+
|
|
291
|
+
## Show it off — the "Scanned by Argus" badge
|
|
292
|
+
|
|
293
|
+
Running Argus on your repo? Let people know — drop this in your own README:
|
|
294
|
+
|
|
295
|
+
```markdown
|
|
296
|
+
[](https://github.com/Sarthak-47/ARGUS)
|
|
297
|
+
```
|
|
298
|
+
|
|
299
|
+
[](https://github.com/Sarthak-47/ARGUS)
|
|
300
|
+
|
|
301
|
+
It's a static badge (Argus has no hosted backend to poll for live status), so it
|
|
302
|
+
signals "we run Argus here," not a real-time pass/fail — pair it with the
|
|
303
|
+
[GitHub Action](#put-it-in-ci) or the [pre-commit hook](#catch-it-before-it-commits-pre-commit-hook)
|
|
304
|
+
below if you want the claim to actually be enforced.
|
|
305
|
+
|
|
306
|
+
## Run it from your editor (MCP server)
|
|
307
|
+
|
|
308
|
+
```bash
|
|
309
|
+
pip install 'argus-panoptes[mcp]'
|
|
310
|
+
argus mcp-server
|
|
311
|
+
```
|
|
312
|
+
|
|
313
|
+
Exposes `argus_scan`, `argus_attack`, and `argus_fix` as MCP tools, so Copilot,
|
|
314
|
+
Cursor, or Claude Code can run a real security scan/attack/fix directly instead
|
|
315
|
+
of you shelling out and pasting results back in. Point your MCP client's config
|
|
316
|
+
at the `argus mcp-server` command (stdio transport) the same way you'd add any
|
|
317
|
+
other MCP server.
|
|
318
|
+
|
|
319
|
+
## Catch it before it commits (pre-commit hook)
|
|
320
|
+
|
|
321
|
+
The cheapest way to use Argus is on every commit — block a hardcoded secret or
|
|
322
|
+
an obvious vulnerable pattern *before* it ever lands in git history. Add to your
|
|
323
|
+
`.pre-commit-config.yaml`:
|
|
324
|
+
|
|
325
|
+
```yaml
|
|
326
|
+
repos:
|
|
327
|
+
- repo: https://github.com/Sarthak-47/ARGUS
|
|
328
|
+
rev: v1.1.0
|
|
329
|
+
hooks:
|
|
330
|
+
- id: argus # blocks on HIGH+ findings (use `argus-strict` for MEDIUM+)
|
|
331
|
+
```
|
|
332
|
+
|
|
333
|
+
Then `pre-commit install`. It runs the deterministic passes only (secrets +
|
|
334
|
+
built-in rules) — no LLM, no network — so it's fast enough for every commit.
|
|
335
|
+
Standalone: `argus precommit` scans your currently-staged files.
|
|
336
|
+
|
|
337
|
+
## Auto-fix pull requests
|
|
338
|
+
|
|
339
|
+
`argus fix --apply` already writes safe, reverified patches to disk. Add `--pr`
|
|
340
|
+
and it goes one step further: commits them to a new branch, pushes it, and opens
|
|
341
|
+
a real GitHub pull request with each finding's explanation in the description —
|
|
342
|
+
so remediation lands where developers actually work, not in a local diff nobody
|
|
343
|
+
sees.
|
|
344
|
+
|
|
345
|
+
```bash
|
|
346
|
+
argus fix <path> --apply --pr
|
|
347
|
+
```
|
|
348
|
+
|
|
349
|
+
This touches real, shared state (a branch and a PR), so it's opt-in and requires
|
|
350
|
+
you to already have GitHub authentication set up — Argus never tries to obtain
|
|
351
|
+
credentials on your behalf. Either works:
|
|
352
|
+
|
|
353
|
+
- **`gh` CLI** (recommended): `gh auth login`, then just run the command above.
|
|
354
|
+
- **A token**: set `GH_TOKEN` or `GITHUB_TOKEN` in your environment. Create one at
|
|
355
|
+
[github.com/settings/tokens](https://github.com/settings/tokens) → *Generate new
|
|
356
|
+
token (classic)* → scope **`repo`** (or, for a fine-grained token, **Contents:
|
|
357
|
+
Read & write** + **Pull requests: Read & write** on the target repo) → copy it
|
|
358
|
+
once, then `export GH_TOKEN=ghp_...` (or set it in CI as a secret).
|
|
359
|
+
|
|
360
|
+
Your working tree must be clean before running `--pr` — a pre-existing dirty
|
|
361
|
+
state would otherwise get swept into the fix commit, so Argus refuses rather
|
|
362
|
+
than guess what's yours and what's the patch.
|
|
363
|
+
|
|
364
|
+
## Desktop GUI
|
|
365
|
+
|
|
366
|
+
A React + Vite + Tauri desktop app ("a war room inside the Parthenon") with six screens —
|
|
367
|
+
Dashboard (with a live risk-trend graph), New Scan, Live Attack, Reports, CodeView, Settings.
|
|
368
|
+
Inside the native app it **invokes the Python engine directly** to run real scans; in the browser
|
|
369
|
+
dev build it renders a dropped-in `argus scan --format json` result at `gui/public/report.json`.
|
|
370
|
+
|
|
371
|
+
```bash
|
|
372
|
+
cd gui
|
|
373
|
+
npm install
|
|
374
|
+
npm run dev # browser dev server, http://localhost:5173
|
|
375
|
+
npm run tauri dev # native window (needs Rust: https://rustup.rs)
|
|
376
|
+
npm run tauri build # produces a real .exe/.dmg/.AppImage in src-tauri/target/release
|
|
377
|
+
```
|
|
378
|
+
|
|
379
|
+
The native shell is ~9MB and starts in well under a second — a fraction of an Electron equivalent.
|
|
380
|
+
|
|
381
|
+
## Why Argus
|
|
382
|
+
|
|
383
|
+
| Tool | Static | Active attack | LLM reasoning | Free | Local model | Open source |
|
|
384
|
+
|---|---|---|---|---|---|---|
|
|
385
|
+
| Snyk | ✓ | ✗ | ✗ | Partial | ✗ | ✗ |
|
|
386
|
+
| SonarQube | ✓ | ✗ | ✗ | Partial | ✗ | Partial |
|
|
387
|
+
| Semgrep | ✓ | ✗ | ✗ | ✓ | ✗ | ✓ |
|
|
388
|
+
| Burp Suite | ✗ | ✓ | ✗ | Partial | ✗ | ✗ |
|
|
389
|
+
| OWASP ZAP | ✗ | ✓ | ✗ | ✓ | ✗ | ✓ |
|
|
390
|
+
| **Argus** | **✓** | **✓** | **✓** | **✓** | **✓** | **✓** |
|
|
391
|
+
|
|
392
|
+
Nobody else combines all six. That's the gap Argus owns.
|
|
393
|
+
|
|
394
|
+
## Status
|
|
395
|
+
|
|
396
|
+
- ✅ **Phase 1 — Static analysis** (`argus scan`): rules, dependency audit, behavioral supply-chain
|
|
397
|
+
manifest analysis (typosquats, unpinned versions, download-then-execute and obfuscated install
|
|
398
|
+
scripts, env-secret exfiltration, sensitive-path writes), secret detection, LLM reasoning
|
|
399
|
+
(`--deep` free-form review, `--taint` source-to-sink taint tracing), reports (HTML/JSON/
|
|
400
|
+
Markdown/SARIF/PDF/Jira CSV), CycloneDX SBOM + VEX export, and OWASP ASVS / PCI-DSS tags per
|
|
401
|
+
finding.
|
|
402
|
+
- ✅ **Phase 2 — Attack swarm** (`argus attack`): **18 agents** (13 original + MCPSecurityAgent,
|
|
403
|
+
PromptInjectionAgent, BusinessLogicAgent, AuthzTester, and the opt-in DomXSSHunter),
|
|
404
|
+
orchestration loop,
|
|
405
|
+
Docker auto-sandboxing when no `--url` is given (Django, Flask, FastAPI, Rails, Node/Express/
|
|
406
|
+
Next/Vite, or a `docker-compose.yml` with a published port — falls back to `--url` otherwise),
|
|
407
|
+
callback server for blind detection,
|
|
408
|
+
**exploit chaining** (compounds confirmed findings into attack paths — e.g. XSS + a
|
|
409
|
+
script-readable session cookie → account takeover, or clickjacking + a missing CSRF token →
|
|
410
|
+
forced state change), deduplicated findings, a persistent
|
|
411
|
+
attack-surface inventory that grows across runs, and a
|
|
412
|
+
reproducible proof-of-concept per confirmed exploit.
|
|
413
|
+
- ✅ **`argus fix`**: LLM-generated patches for fixable findings — dry-run preview or `--apply`,
|
|
414
|
+
with fix-and-reverify (re-scans afterward to confirm each patch actually closed the finding)
|
|
415
|
+
and an AI-assistant regenerate-prompt alongside every diff.
|
|
416
|
+
- ✅ **Workflow**: scan history + trend (`argus history`), scan-to-scan diff (`argus compare`),
|
|
417
|
+
finding lifecycle/suppression (`argus suppress`), Slack/Discord webhook notifications.
|
|
418
|
+
- ✅ **`argus demo`**: zero-setup showcase against a bundled vulnerable app.
|
|
419
|
+
- ✅ **GUI**: six screens (Dashboard with a live risk-trend graph, New Scan, Live Attack, Reports,
|
|
420
|
+
CodeView, Settings) rendering real engine data, including captured PoCs.
|
|
421
|
+
- ✅ **Desktop shell**: Tauri 2.0 wraps the GUI as a real native app that invokes the Python engine
|
|
422
|
+
directly (real scans, not just dropped-in JSON). `desktop-release.yml` builds Windows/macOS
|
|
423
|
+
(universal)/Linux installers on tag; v0.1.0–v1.1.0 published. Ships with no demo
|
|
424
|
+
data — every screen shows real engine output or an honest empty/first-run state.
|
|
425
|
+
- ✅ **CI-ready**: SARIF output, `--fail-on`, per-rule policy gating (`.argus-policy.toml`),
|
|
426
|
+
GitHub Action, Docker image, green test suite (200+ tests).
|
|
427
|
+
- ✅ **Package verified**: `python -m build` + `twine check` pass; the built wheel installs into
|
|
428
|
+
a clean venv and runs. `release.yml` publishes to PyPI on tag via trusted publishing.
|
|
429
|
+
|
|
430
|
+
*Semgrep is optional and layered in when available — it has no native Windows build, so Argus's
|
|
431
|
+
own rules carry the scan there (use the Docker image for full Semgrep).*
|
|
432
|
+
|
|
433
|
+
## Proof, not vibes — the benchmark suite
|
|
434
|
+
|
|
435
|
+
Every scanner claims to catch things. Argus measures it: `argus benchmark` runs
|
|
436
|
+
the full attack swarm against known-vulnerable apps — OWASP Juice Shop, DVWA,
|
|
437
|
+
VAmPI, plus Argus's own bundled demo target — and reports a real detection rate
|
|
438
|
+
against a hand-curated ground truth of each app's documented vulnerabilities
|
|
439
|
+
(scoped to what Argus's detectors actually target, not a full CVE dump).
|
|
440
|
+
|
|
441
|
+
```bash
|
|
442
|
+
argus benchmark --case argus_demo # runs locally, no Docker needed
|
|
443
|
+
argus benchmark # the full suite (juice_shop/dvwa/vampi need Docker)
|
|
444
|
+
```
|
|
445
|
+
|
|
446
|
+
The [`benchmark.yml`](.github/workflows/benchmark.yml) GitHub Action runs the
|
|
447
|
+
full suite (Docker cases included) on every release and publishes the results
|
|
448
|
+
as a job summary + artifact — building this suite already caught and fixed two
|
|
449
|
+
real bugs: `argus demo`'s advertised `INJECTOR:SQLI-ERROR` output wasn't
|
|
450
|
+
actually firing until the ground truth exposed it, and a category mismatch was
|
|
451
|
+
silently hiding a real detection.
|
|
452
|
+
|
|
453
|
+
Numbers as of v1.1.0, run against real Docker targets on GitHub's own runners
|
|
454
|
+
— not smoothed over: `argus_demo` **100%** (14/14 — the fully self-contained
|
|
455
|
+
case), `juice_shop` **14–29%** (1–2/7, varies run to run — see below),
|
|
456
|
+
`dvwa` **33%** (2/6), `vampi` **20%** (1/5). Every gap here is a *known,
|
|
457
|
+
documented* one, not a mystery:
|
|
458
|
+
|
|
459
|
+
- **Juice Shop** is an Angular SPA. ReconBot now renders it in a real headless
|
|
460
|
+
browser to catch client-routed pages and XHR/fetch calls a static crawl
|
|
461
|
+
can't see — verified working, and it moved the real score up — but the
|
|
462
|
+
crawl races Angular's bootstrap time against a network-idle timeout, so it
|
|
463
|
+
wins on a quiet CI runner and silently falls back to the static-only result
|
|
464
|
+
on a busy one. A real, reproducible improvement, not a guaranteed one on
|
|
465
|
+
every single run.
|
|
466
|
+
- **DVWA** needs a rotating CSRF token scraped from the login page (done,
|
|
467
|
+
verified against a real validating server) *and* a per-session
|
|
468
|
+
difficulty-level unlock Argus also now does — the score hasn't moved yet on
|
|
469
|
+
this specific target and the remaining gap is still being root-caused.
|
|
470
|
+
- **VAmPI** is API-only with almost no crawlable HTML; ReconBot now
|
|
471
|
+
auto-discovers and parses its OpenAPI spec with zero flags, which alone
|
|
472
|
+
moved this from 0% to 20%.
|
|
473
|
+
|
|
474
|
+
That's the point of a benchmark: it tells you what's actually true, not what
|
|
475
|
+
sounds good, and the full run-by-run history of what changed and why is in
|
|
476
|
+
[ROADMAP.md](ROADMAP.md#milestone-v10--prove-it-then-ship-it).
|
|
477
|
+
|
|
478
|
+
## Roadmap
|
|
479
|
+
|
|
480
|
+
Where Argus is headed next — the path from v0.2.0 to a benchmark-proven 1.0
|
|
481
|
+
(authenticated scanning, API-schema awareness, reachability-filtered SCA,
|
|
482
|
+
auto-fix PRs) is laid out in [ROADMAP.md](ROADMAP.md).
|
|
483
|
+
|
|
484
|
+
## Responsible use
|
|
485
|
+
|
|
486
|
+
Argus is an **offensive** tool. **Only run it against systems you own or are authorized to
|
|
487
|
+
test.** See [SECURITY.md](SECURITY.md). `argus demo` gives you a safe, bundled target to explore.
|
|
488
|
+
|
|
489
|
+
## Contributing
|
|
490
|
+
|
|
491
|
+
New attack agents, rules and payloads are very welcome — see [CONTRIBUTING.md](CONTRIBUTING.md).
|
|
492
|
+
|
|
493
|
+
## License
|
|
494
|
+
|
|
495
|
+
MIT © Sarthak-47 · see [LICENSE](LICENSE)
|