crabguard 1.0.0__tar.gz

crabguard-1.0.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 CrabGuard Security
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

crabguard-1.0.0/PKG-INFO

@@ -0,0 +1,206 @@
+Metadata-Version: 2.4
+Name: crabguard
+Version: 1.0.0
+Summary: Enterprise web security scanner - Burp Suite + OWASP ZAP alternative with beautiful reports
+License: MIT License
+        
+        Copyright (c) 2026 CrabGuard Security
+        
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+        
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE.
+        
+Project-URL: Homepage, https://crabguard.io
+Project-URL: Documentation, https://docs.crabguard.io
+Project-URL: Repository, https://github.com/crabguard/crabguard
+Project-URL: Bug Tracker, https://github.com/crabguard/crabguard/issues
+Project-URL: Changelog, https://github.com/crabguard/crabguard/blob/main/CHANGELOG.md
+Keywords: security,web security,penetration testing,vulnerability scanner,owasp,burp suite,zap,sqli,xss,pentest,appsec
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: System Administrators
+Classifier: Topic :: Security
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: requests>=2.31.0
+Requires-Dist: beautifulsoup4>=4.12.0
+Requires-Dist: click>=8.1.0
+Requires-Dist: urllib3>=2.0.0
+Provides-Extra: pdf
+Requires-Dist: weasyprint>=60.0; extra == "pdf"
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: pytest-cov; extra == "dev"
+Requires-Dist: build; extra == "dev"
+Requires-Dist: twine; extra == "dev"
+Requires-Dist: black; extra == "dev"
+Requires-Dist: ruff; extra == "dev"
+Provides-Extra: all
+Requires-Dist: crabguard[dev,pdf]; extra == "all"
+Dynamic: license-file
+
+# 🦀 CrabGuard
+
+**Enterprise web security scanner. Burp Suite + OWASP ZAP — without the $400/year license.**
+
+[![PyPI version](https://badge.fury.io/py/crabguard.svg)](https://badge.fury.io/py/crabguard)
+[![Python](https://img.shields.io/pypi/pyversions/crabguard)](https://pypi.org/project/crabguard/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
+[![Product Hunt](https://img.shields.io/badge/Product%20Hunt-Featured-%23DA552F)](https://producthunt.com)
+
+```bash
+pip install crabguard
+crabguard scan https://your-site.com
+```
+
+> Scans for OWASP Top 10 vulnerabilities and generates a beautiful, branded security report in seconds.
+
+---
+
+## What it checks
+
+| Category | Free (Passive) | Pro (Active) |
+|---|:---:|:---:|
+| Security Headers (CSP, HSTS, XFO...) | ✅ | ✅ |
+| Cookie Security (HttpOnly, Secure, SameSite) | ✅ | ✅ |
+| TLS/HTTPS + Certificate Expiry | ✅ | ✅ |
+| Mixed Content | ✅ | ✅ |
+| Subresource Integrity (SRI) | ✅ | ✅ |
+| Vulnerable JS Libraries | ✅ | ✅ |
+| CORS Misconfiguration | ✅ | ✅ |
+| Information Disclosure | ✅ | ✅ |
+| SQL Injection (error + time-based blind) | — | ✅ |
+| Reflected XSS | — | ✅ |
+| Sensitive File Discovery (.env, .git, ...) | — | ✅ |
+| SSRF | — | ✅ |
+| Open Redirect | — | ✅ |
+| Default Credentials | — | ✅ |
+| **PDF Reports** | — | ✅ |
+| **White-label Reports** | — | ✅ |
+
+---
+
+## Quick Start
+
+```bash
+# Install
+pip install crabguard
+
+# Passive scan (free, no account needed)
+crabguard scan https://example.com
+
+# Full active scan (Pro — requires API key)
+crabguard scan https://example.com --mode full --api-key YOUR_KEY --consent
+
+# Save as PDF
+crabguard scan https://example.com --format pdf --api-key YOUR_KEY
+
+# Route through Burp Suite / OWASP ZAP
+crabguard scan https://example.com --proxy http://127.0.0.1:8080
+
+# JSON output for CI/CD
+crabguard scan https://example.com --format json --quiet
+echo $?  # exit 1 if critical/high findings, 0 if clean
+```
+
+---
+
+## Python API
+
+```python
+from crabguard import CrabGuardScanner, CrabGuardConfig, ScanMode
+
+# Free passive scan
+scanner = CrabGuardScanner("https://example.com", verbose=True)
+report  = scanner.scan()
+scanner.save_report(report, "report.html")
+
+# Pro active scan
+config  = CrabGuardConfig(api_key="YOUR_KEY", active_consent=True)
+scanner = CrabGuardScanner("https://example.com", mode=ScanMode.FULL, config=config)
+report  = scanner.scan()
+scanner.save_report(report, "report.html")
+scanner.save_report(report, "report.pdf", fmt="pdf")
+
+# Access findings programmatically
+for finding in report.all_findings:
+    print(f"[{finding.severity.value.upper()}] {finding.title}")
+    if finding.remediation:
+        print(f"  Fix: {finding.remediation}")
+```
+
+---
+
+## CI/CD Integration (GitHub Actions)
+
+```yaml
+- name: Security scan
+  run: |
+    pip install crabguard
+    crabguard scan ${{ env.STAGING_URL }} --format json --quiet
+  # Fails the build automatically if critical/high findings are found
+```
+
+---
+
+## Report Sample
+
+CrabGuard generates a full HTML or PDF report with:
+- Overall security score (0–100)
+- Per-category scores and OWASP Top 10 mapping
+- Detailed findings with remediation steps and code snippets
+- CrabGuard branded watermark (white-label available on Pro)
+
+---
+
+## Pricing
+
+| | Free | Pro | Enterprise |
+|---|:---:|:---:|:---:|
+| Passive scan | ✅ | ✅ | ✅ |
+| Active scan (SQLi, XSS, SSRF...) | — | ✅ | ✅ |
+| PDF reports + white-label | — | ✅ | ✅ |
+| Scan history & dashboard | — | — | ✅ |
+| Team seats | — | — | ✅ |
+| SLA + priority support | — | — | ✅ |
+| Price | Free | $49/mo | Contact us |
+
+Get your API key at **[crabguard.io](https://crabguard.io)**
+
+---
+
+## ⚠️ Responsible Use
+
+Active scanning sends real payloads to the target server. **Only scan systems you own or have explicit written permission to test.** Unauthorized scanning may be illegal under the CFAA and similar laws. Always pass `--consent` to confirm you have permission.
+
+---
+
+## License
+
+MIT — free to use, modify, and distribute. See [LICENSE](LICENSE).
+
+Built with ❤️ by [CrabGuard Security](https://crabguard.io)

crabguard-1.0.0/README.md

@@ -0,0 +1,141 @@
+# 🦀 CrabGuard
+
+**Enterprise web security scanner. Burp Suite + OWASP ZAP — without the $400/year license.**
+
+[![PyPI version](https://badge.fury.io/py/crabguard.svg)](https://badge.fury.io/py/crabguard)
+[![Python](https://img.shields.io/pypi/pyversions/crabguard)](https://pypi.org/project/crabguard/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
+[![Product Hunt](https://img.shields.io/badge/Product%20Hunt-Featured-%23DA552F)](https://producthunt.com)
+
+```bash
+pip install crabguard
+crabguard scan https://your-site.com
+```
+
+> Scans for OWASP Top 10 vulnerabilities and generates a beautiful, branded security report in seconds.
+
+---
+
+## What it checks
+
+| Category | Free (Passive) | Pro (Active) |
+|---|:---:|:---:|
+| Security Headers (CSP, HSTS, XFO...) | ✅ | ✅ |
+| Cookie Security (HttpOnly, Secure, SameSite) | ✅ | ✅ |
+| TLS/HTTPS + Certificate Expiry | ✅ | ✅ |
+| Mixed Content | ✅ | ✅ |
+| Subresource Integrity (SRI) | ✅ | ✅ |
+| Vulnerable JS Libraries | ✅ | ✅ |
+| CORS Misconfiguration | ✅ | ✅ |
+| Information Disclosure | ✅ | ✅ |
+| SQL Injection (error + time-based blind) | — | ✅ |
+| Reflected XSS | — | ✅ |
+| Sensitive File Discovery (.env, .git, ...) | — | ✅ |
+| SSRF | — | ✅ |
+| Open Redirect | — | ✅ |
+| Default Credentials | — | ✅ |
+| **PDF Reports** | — | ✅ |
+| **White-label Reports** | — | ✅ |
+
+---
+
+## Quick Start
+
+```bash
+# Install
+pip install crabguard
+
+# Passive scan (free, no account needed)
+crabguard scan https://example.com
+
+# Full active scan (Pro — requires API key)
+crabguard scan https://example.com --mode full --api-key YOUR_KEY --consent
+
+# Save as PDF
+crabguard scan https://example.com --format pdf --api-key YOUR_KEY
+
+# Route through Burp Suite / OWASP ZAP
+crabguard scan https://example.com --proxy http://127.0.0.1:8080
+
+# JSON output for CI/CD
+crabguard scan https://example.com --format json --quiet
+echo $?  # exit 1 if critical/high findings, 0 if clean
+```
+
+---
+
+## Python API
+
+```python
+from crabguard import CrabGuardScanner, CrabGuardConfig, ScanMode
+
+# Free passive scan
+scanner = CrabGuardScanner("https://example.com", verbose=True)
+report  = scanner.scan()
+scanner.save_report(report, "report.html")
+
+# Pro active scan
+config  = CrabGuardConfig(api_key="YOUR_KEY", active_consent=True)
+scanner = CrabGuardScanner("https://example.com", mode=ScanMode.FULL, config=config)
+report  = scanner.scan()
+scanner.save_report(report, "report.html")
+scanner.save_report(report, "report.pdf", fmt="pdf")
+
+# Access findings programmatically
+for finding in report.all_findings:
+    print(f"[{finding.severity.value.upper()}] {finding.title}")
+    if finding.remediation:
+        print(f"  Fix: {finding.remediation}")
+```
+
+---
+
+## CI/CD Integration (GitHub Actions)
+
+```yaml
+- name: Security scan
+  run: |
+    pip install crabguard
+    crabguard scan ${{ env.STAGING_URL }} --format json --quiet
+  # Fails the build automatically if critical/high findings are found
+```
+
+---
+
+## Report Sample
+
+CrabGuard generates a full HTML or PDF report with:
+- Overall security score (0–100)
+- Per-category scores and OWASP Top 10 mapping
+- Detailed findings with remediation steps and code snippets
+- CrabGuard branded watermark (white-label available on Pro)
+
+---
+
+## Pricing
+
+| | Free | Pro | Enterprise |
+|---|:---:|:---:|:---:|
+| Passive scan | ✅ | ✅ | ✅ |
+| Active scan (SQLi, XSS, SSRF...) | — | ✅ | ✅ |
+| PDF reports + white-label | — | ✅ | ✅ |
+| Scan history & dashboard | — | — | ✅ |
+| Team seats | — | — | ✅ |
+| SLA + priority support | — | — | ✅ |
+| Price | Free | $49/mo | Contact us |
+
+Get your API key at **[crabguard.io](https://crabguard.io)**
+
+---
+
+## ⚠️ Responsible Use
+
+Active scanning sends real payloads to the target server. **Only scan systems you own or have explicit written permission to test.** Unauthorized scanning may be illegal under the CFAA and similar laws. Always pass `--consent` to confirm you have permission.
+
+---
+
+## License
+
+MIT — free to use, modify, and distribute. See [LICENSE](LICENSE).
+
+Built with ❤️ by [CrabGuard Security](https://crabguard.io)

crabguard-1.0.0/crabguard/__init__.py

@@ -0,0 +1,38 @@
+"""
+CrabGuard — Enterprise Web Security Scanner
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+A Burp Suite + OWASP ZAP alternative that does passive AND active scanning
+and generates beautiful branded reports.
+
+Quick start:
+    from crabguard import CrabGuardScanner, CrabGuardConfig, ScanMode
+
+    scanner = CrabGuardScanner("https://example.com", verbose=True)
+    report  = scanner.scan()
+    scanner.save_report(report, "report.html")
+
+Active scanning (you must own / have permission to scan the target):
+    config  = CrabGuardConfig(active_consent=True)
+    scanner = CrabGuardScanner("https://example.com", mode=ScanMode.FULL, config=config)
+    report  = scanner.scan()
+    scanner.save_report(report, "report.html", fmt="html")
+    scanner.save_report(report, "report.pdf",  fmt="pdf")
+    scanner.save_report(report, "report.json", fmt="json")
+"""
+
+from .scanner import CrabGuardScanner
+from .config  import CrabGuardConfig
+from .models  import ScanMode, ScanReport, Finding, Severity, CategoryResult
+
+__version__ = "1.0.0"
+__author__  = "CrabGuard Security"
+
+__all__ = [
+    "CrabGuardScanner",
+    "CrabGuardConfig",
+    "ScanMode",
+    "ScanReport",
+    "Finding",
+    "Severity",
+    "CategoryResult",
+]

crabguard-1.0.0/crabguard/cli.py

@@ -0,0 +1,137 @@
+"""
+CrabGuard - CLI Entry Point
+Usage: crabguard scan https://example.com [OPTIONS]
+"""
+from __future__ import annotations
+import sys
+from datetime import datetime
+from pathlib import Path
+
+try:
+    import click
+except ImportError:
+    print("Install click: pip install click", file=sys.stderr)
+    sys.exit(1)
+
+from .config import CrabGuardConfig
+from .models import ScanMode
+from .scanner import CrabGuardScanner
+
+BANNER = """
+  CrabGuard - Enterprise Web Security Scanner v1.0.0
+  https://crabguard.io
+  ----------------------------------------------------------
+"""
+
+
+@click.group()
+def cli():
+    """CrabGuard - Enterprise Web Security Scanner"""
+    pass
+
+
+@cli.command()
+@click.argument("target")
+@click.option("--mode", "-m", default="passive",
+              type=click.Choice(["passive", "active", "full"]),
+              help="Scan mode. 'active'/'full' probe the target (requires --consent).")
+@click.option("--output", "-o", default=None,
+              help="Output file path (auto-named if omitted).")
+@click.option("--format", "-f", default="html",
+              type=click.Choice(["html", "pdf", "json"]),
+              help="Report format.")
+@click.option("--consent", is_flag=True, default=False,
+              help="Confirm you have permission to actively scan this target.")
+@click.option("--api-key", "-k", default=None, envvar="CRABGUARD_API_KEY",
+              help="CrabGuard Pro API key. Or set env var CRABGUARD_API_KEY.")
+@click.option("--proxy", default=None,
+              help="HTTP proxy (e.g. http://127.0.0.1:8080 for Burp Suite).")
+@click.option("--timeout", default=10, type=int, help="Request timeout in seconds.")
+@click.option("--author", default="", help="Company/author name for the report.")
+@click.option("--quiet", "-q", is_flag=True, default=False, help="Suppress progress output.")
+def scan(target, mode, output, format, consent, api_key, proxy, timeout, author, quiet):
+    """
+    Scan a target URL for security vulnerabilities.
+
+    \b
+    Examples:
+      crabguard scan https://example.com
+      crabguard scan https://example.com --mode full --consent --api-key cg_live_...
+      crabguard scan https://example.com --format json --quiet
+      crabguard scan https://example.com --proxy http://127.0.0.1:8080
+    """
+    if not quiet:
+        click.echo(BANNER)
+
+    if mode in ("active", "full") and not consent:
+        click.echo(click.style(
+            "  Warning: Active scan requires --consent flag.\n"
+            "  Only scan targets you own or have written permission to test.\n"
+            "  Add --consent to proceed.",
+            fg="yellow"
+        ))
+        sys.exit(1)
+
+    config = CrabGuardConfig(
+        api_key=api_key,
+        active_consent=consent,
+        proxy=proxy,
+        timeout=timeout,
+        report_author=author,
+    )
+
+    scanner = CrabGuardScanner(
+        target=target,
+        mode=ScanMode(mode),
+        config=config,
+        verbose=not quiet,
+    )
+
+    if not quiet:
+        click.echo(f"  Target : {target}")
+        click.echo(f"  Mode   : {mode}")
+        click.echo(f"  Format : {format}")
+        click.echo()
+
+    report = scanner.scan()
+
+    if not output:
+        from urllib.parse import urlparse
+        hostname = urlparse(target).hostname or "scan"
+        ts = datetime.utcnow().strftime("%Y%m%d-%H%M%S")
+        ext = {"html": ".html", "pdf": ".pdf", "json": ".json"}[format]
+        output = f"crabguard-{hostname}-{ts}{ext}"
+
+    saved = scanner.save_report(report, output, fmt=format)
+
+    if not quiet:
+        score = report.overall_score
+        color = "green" if score >= 75 else "yellow" if score >= 50 else "red"
+        click.echo()
+        click.echo(f"  Score    : " + click.style(f"{score}/100  {report.score_label}", fg=color))
+        click.echo(f"  Critical : {report.critical_count}  High : {report.high_count}  "
+                   f"Medium : {report.medium_count}  Low : {report.low_count}")
+        click.echo(f"  Report   : {Path(saved).name}")
+        click.echo()
+
+    sys.exit(0 if report.critical_count == 0 and report.high_count == 0 else 1)
+
+
+@cli.command()
+@click.argument("target")
+@click.option("--output", "-o", default="crabguard-report.html")
+@click.option("--author", default="")
+def quick(target, output, author):
+    """Quick passive scan - no active probing, fastest option."""
+    ctx = click.get_current_context()
+    ctx.invoke(scan, target=target, mode="passive", output=output,
+               format="html", consent=False, api_key=None,
+               proxy=None, timeout=10, author=author, quiet=False)
+
+
+def main():
+    cli()
+
+
+if __name__ == "__main__":
+    main()

crabguard-1.0.0/crabguard/config.py

@@ -0,0 +1,39 @@
+"""
+CrabGuard - Configuration
+"""
+from __future__ import annotations
+import os
+from dataclasses import dataclass, field
+from typing import Optional
+
+
+@dataclass
+class CrabGuardConfig:
+    api_key: Optional[str] = None
+    timeout:             int   = 10
+    max_redirects:       int   = 5
+    user_agent:          str   = "CrabGuard/1.0 Security Scanner (https://crabguard.io)"
+    verify_ssl:          bool  = True
+    requests_per_second: float = 5.0
+    max_concurrent:      int   = 3
+    active_consent:      bool  = False
+    sqli_depth:          int   = 2
+    xss_depth:           int   = 2
+    discovery_wordlist:  str   = "default"
+    brand_name:          str   = "CrabGuard"
+    brand_tagline:       str   = "Enterprise Web Security Scanner"
+    report_author:       str   = ""
+    proxy:               Optional[str] = None
+    exclude_paths:       list  = field(default_factory=list)
+    exclude_params:      list  = field(default_factory=list)
+
+    def __post_init__(self):
+        if self.api_key is None:
+            self.api_key = os.environ.get("CRABGUARD_API_KEY")
+
+    @property
+    def is_pro(self) -> bool:
+        return bool(self.api_key and self.api_key.startswith("cg_"))
+
+
+DEFAULT_CONFIG = CrabGuardConfig()