PyPI - exaai-agent - Versions diffs - 2.0.5__py3-none-any.whl → 2.0.6__py3-none-any.whl - Mend

exaai-agent 2.0.5py3-none-any.whl → 2.0.6py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

{exaai_agent-2.0.5.dist-info → exaai_agent-2.0.6.dist-info}/METADATA +1 -1
{exaai_agent-2.0.5.dist-info → exaai_agent-2.0.6.dist-info}/RECORD +18 -10
exaaiagnt/interface/tui.py +16 -2
exaaiagnt/llm/__init__.py +13 -0
exaaiagnt/llm/llm.py +14 -3
exaaiagnt/llm/llm_traffic_controller.py +351 -0
exaaiagnt/prompts/auto_loader.py +104 -0
exaaiagnt/prompts/cloud/aws_cloud_security.jinja +235 -0
exaaiagnt/prompts/frameworks/modern_js_frameworks.jinja +194 -0
exaaiagnt/prompts/vulnerabilities/react2shell.jinja +187 -0
exaaiagnt/tools/__init__.py +58 -0
exaaiagnt/tools/response_analyzer.py +294 -0
exaaiagnt/tools/smart_fuzzer.py +286 -0
exaaiagnt/tools/tool_prompts.py +210 -0
exaaiagnt/tools/vuln_validator.py +412 -0
{exaai_agent-2.0.5.dist-info → exaai_agent-2.0.6.dist-info}/WHEEL +0 -0
{exaai_agent-2.0.5.dist-info → exaai_agent-2.0.6.dist-info}/entry_points.txt +0 -0
{exaai_agent-2.0.5.dist-info → exaai_agent-2.0.6.dist-info}/licenses/LICENSE +0 -0

exaaiagnt/tools/response_analyzer.py ADDED Viewed

@@ -0,0 +1,294 @@
+"""
+Response Analyzer - Intelligent response analysis for vulnerability detection.
+Features:
+- Error message detection
+- Sensitive data leakage detection
+- Response comparison for blind testing
+- Timing analysis
+"""
+import logging
+import re
+import hashlib
+from dataclasses import dataclass, field
+from enum import Enum
+from typing import Any, Optional
+from difflib import SequenceMatcher
+logger = logging.getLogger(__name__)
+class DetectionType(Enum):
+    """Types of detections."""
+    SQL_ERROR = "sql_error"
+    PATH_DISCLOSURE = "path_disclosure"
+    STACK_TRACE = "stack_trace"
+    VERSION_DISCLOSURE = "version_disclosure"
+    SENSITIVE_DATA = "sensitive_data"
+    DEBUG_INFO = "debug_info"
+    CONFIG_LEAK = "config_leak"
+    REFLECTION = "reflection"
+    TIMING_ANOMALY = "timing_anomaly"
+@dataclass
+class Detection:
+    """A detection finding."""
+    detection_type: DetectionType
+    confidence: float  # 0.0 - 1.0
+    evidence: str
+    location: str = ""
+    severity: int = 5  # 1-10
+@dataclass
+class AnalysisResult:
+    """Result of response analysis."""
+    detections: list[Detection] = field(default_factory=list)
+    response_hash: str = ""
+    response_length: int = 0
+    response_time_ms: float = 0.0
+    is_error: bool = False
+    status_code: int = 0
+class ResponseAnalyzer:
+    """
+    Intelligent response analyzer for vulnerability detection.
+    Detects:
+    - SQL/Database errors
+    - Path disclosures
+    - Stack traces
+    - Sensitive data leakage
+    - Version information
+    - Debug/config information
+    """
+    _instance: Optional["ResponseAnalyzer"] = None
+    def __new__(cls) -> "ResponseAnalyzer":
+        if cls._instance is None:
+            cls._instance = super().__new__(cls)
+            cls._instance._initialized = False
+        return cls._instance
+    def __init__(self):
+        if self._initialized:
+            return
+        self._patterns = self._load_patterns()
+        self._baseline_responses: dict[str, str] = {}
+        self._initialized = True
+        logger.info("ResponseAnalyzer initialized")
+    def _load_patterns(self) -> dict[DetectionType, list[tuple[str, float]]]:
+        """Load detection patterns with confidence scores."""
+        return {
+            DetectionType.SQL_ERROR: [
+                (r"SQL syntax.*MySQL", 0.95),
+                (r"Warning.*mysql_", 0.9),
+                (r"PostgreSQL.*ERROR", 0.95),
+                (r"ORA-[0-9]{5}", 0.95),
+                (r"Microsoft.*ODBC.*SQL Server", 0.95),
+                (r"SQLite3?.*error", 0.9),
+                (r"Unclosed quotation mark", 0.85),
+                (r"syntax error at or near", 0.85),
+                (r"mysql_fetch", 0.8),
+                (r"pg_query", 0.8),
+                (r"SQLSTATE\[", 0.9),
+            ],
+            DetectionType.PATH_DISCLOSURE: [
+                (r"/var/www/", 0.9),
+                (r"C:\\[Ii]netpub\\", 0.9),
+                (r"/home/\w+/", 0.85),
+                (r"/usr/local/", 0.7),
+                (r"DocumentRoot", 0.8),
+                (r"DOCUMENT_ROOT", 0.8),
+                (r"in\s+/\w+/.+\.php", 0.9),
+                (r"at\s+\w+\.py", 0.85),
+            ],
+            DetectionType.STACK_TRACE: [
+                (r"Traceback \(most recent call last\)", 0.95),
+                (r"at\s+\S+\.\S+\(\S+\.java:\d+\)", 0.95),
+                (r"File\s+\".*\",\s+line\s+\d+", 0.9),
+                (r"#\d+\s+\S+\.\S+\s+called at", 0.85),
+                (r"Stack trace:", 0.9),
+                (r"Exception in thread", 0.9),
+            ],
+            DetectionType.VERSION_DISCLOSURE: [
+                (r"Apache/[\d.]+", 0.8),
+                (r"nginx/[\d.]+", 0.8),
+                (r"PHP/[\d.]+", 0.85),
+                (r"Python/[\d.]+", 0.85),
+                (r"ASP\.NET\s+Version:[\d.]+", 0.9),
+                (r"X-Powered-By:\s*\S+", 0.7),
+                (r"Server:\s*\S+", 0.6),
+            ],
+            DetectionType.SENSITIVE_DATA: [
+                (r"password\s*[=:]\s*['\"]?\w+", 0.9),
+                (r"api[_-]?key\s*[=:]\s*['\"]?\w+", 0.95),
+                (r"secret[_-]?key\s*[=:]\s*['\"]?\w+", 0.95),
+                (r"aws[_-]?access[_-]?key", 0.95),
+                (r"sk_live_\w+", 0.95),  # Stripe
+                (r"ghp_\w+", 0.95),  # GitHub
+                (r"eyJ[A-Za-z0-9_-]+\.eyJ", 0.9),  # JWT
+                (r"\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b", 0.6),  # Email
+            ],
+            DetectionType.DEBUG_INFO: [
+                (r"DEBUG\s*=\s*True", 0.95),
+                (r"debug mode is on", 0.9),
+                (r"Xdebug", 0.85),
+                (r"GLOBALS\[", 0.8),
+                (r"var_dump\(", 0.85),
+                (r"print_r\(", 0.8),
+                (r"console\.log\(", 0.5),
+            ],
+            DetectionType.CONFIG_LEAK: [
+                (r"DB_HOST\s*=", 0.9),
+                (r"DATABASE_URL\s*=", 0.9),
+                (r"REDIS_URL\s*=", 0.85),
+                (r"mongodb://", 0.85),
+                (r"mysql://\w+:\w+@", 0.95),
+                (r"SECRET_KEY\s*=", 0.95),
+            ],
+            DetectionType.REFLECTION: [
+                # Patterns for reflected input
+                (r"<script[^>]*>.*alert.*</script>", 0.95),
+                (r"onerror\s*=", 0.9),
+                (r"onload\s*=", 0.85),
+                (r"javascript:", 0.8),
+            ],
+        }
+    def analyze(
+        self,
+        response_body: str,
+        status_code: int = 200,
+        response_time_ms: float = 0.0,
+        headers: Optional[dict[str, str]] = None
+    ) -> AnalysisResult:
+        """Analyze a response for vulnerabilities and information leakage."""
+        result = AnalysisResult(
+            response_hash=self._hash_response(response_body),
+            response_length=len(response_body),
+            response_time_ms=response_time_ms,
+            status_code=status_code,
+            is_error=status_code >= 400
+        )
+        # Check response body
+        for detection_type, patterns in self._patterns.items():
+            for pattern, confidence in patterns:
+                matches = re.findall(pattern, response_body, re.IGNORECASE)
+                if matches:
+                    result.detections.append(Detection(
+                        detection_type=detection_type,
+                        confidence=confidence,
+                        evidence=matches[0] if isinstance(matches[0], str) else str(matches[0]),
+                        severity=self._get_severity(detection_type)
+                    ))
+        # Check headers
+        if headers:
+            header_str = "\n".join(f"{k}: {v}" for k, v in headers.items())
+            for pattern, confidence in self._patterns.get(DetectionType.VERSION_DISCLOSURE, []):
+                matches = re.findall(pattern, header_str, re.IGNORECASE)
+                if matches:
+                    result.detections.append(Detection(
+                        detection_type=DetectionType.VERSION_DISCLOSURE,
+                        confidence=confidence,
+                        evidence=matches[0],
+                        location="headers"
+                    ))
+        # Timing analysis
+        if response_time_ms > 5000:  # 5 seconds
+            result.detections.append(Detection(
+                detection_type=DetectionType.TIMING_ANOMALY,
+                confidence=0.7,
+                evidence=f"Response time: {response_time_ms}ms",
+                severity=6
+            ))
+        return result
+    def compare_responses(
+        self,
+        response1: str,
+        response2: str,
+        threshold: float = 0.9
+    ) -> tuple[bool, float]:
+        """
+        Compare two responses to detect differences.
+        Returns: (are_similar, similarity_ratio)
+        """
+        ratio = SequenceMatcher(None, response1, response2).ratio()
+        return ratio >= threshold, ratio
+    def set_baseline(self, endpoint: str, response: str):
+        """Set a baseline response for an endpoint."""
+        self._baseline_responses[endpoint] = self._hash_response(response)
+    def is_different_from_baseline(self, endpoint: str, response: str) -> bool:
+        """Check if response differs from baseline."""
+        if endpoint not in self._baseline_responses:
+            return False
+        current_hash = self._hash_response(response)
+        return current_hash != self._baseline_responses[endpoint]
+    def _hash_response(self, response: str) -> str:
+        """Create a hash of the response."""
+        # Normalize whitespace
+        normalized = re.sub(r'\s+', ' ', response.strip())
+        return hashlib.md5(normalized.encode()).hexdigest()
+    def _get_severity(self, detection_type: DetectionType) -> int:
+        """Get severity level for a detection type."""
+        severity_map = {
+            DetectionType.SQL_ERROR: 8,
+            DetectionType.PATH_DISCLOSURE: 5,
+            DetectionType.STACK_TRACE: 6,
+            DetectionType.VERSION_DISCLOSURE: 4,
+            DetectionType.SENSITIVE_DATA: 9,
+            DetectionType.DEBUG_INFO: 7,
+            DetectionType.CONFIG_LEAK: 9,
+            DetectionType.REFLECTION: 8,
+            DetectionType.TIMING_ANOMALY: 6,
+        }
+        return severity_map.get(detection_type, 5)
+    def get_stats(self) -> dict[str, Any]:
+        """Get analyzer statistics."""
+        return {
+            "pattern_count": sum(len(p) for p in self._patterns.values()),
+            "detection_types": [t.value for t in DetectionType],
+            "baselines_set": len(self._baseline_responses),
+        }
+# Global instance
+_analyzer: Optional[ResponseAnalyzer] = None
+def get_response_analyzer() -> ResponseAnalyzer:
+    """Get or create the global analyzer instance."""
+    global _analyzer
+    if _analyzer is None:
+        _analyzer = ResponseAnalyzer()
+    return _analyzer
+def analyze_response(
+    response_body: str,
+    status_code: int = 200,
+    response_time_ms: float = 0.0,
+    headers: Optional[dict[str, str]] = None
+) -> AnalysisResult:
+    """Convenience function to analyze a response."""
+    analyzer = get_response_analyzer()
+    return analyzer.analyze(response_body, status_code, response_time_ms, headers)

exaaiagnt/tools/smart_fuzzer.py ADDED Viewed

@@ -0,0 +1,286 @@
+"""
+Smart Fuzzer - Intelligent fuzzing with context-aware payloads.
+Features:
+- Context-aware payload generation
+- Parameter type detection
+- Adaptive fuzzing based on responses
+- Built-in payload database
+"""
+import logging
+import re
+from dataclasses import dataclass, field
+from enum import Enum
+from typing import Any, Optional
+logger = logging.getLogger(__name__)
+class ParamType(Enum):
+    """Detected parameter types."""
+    NUMERIC = "numeric"
+    STRING = "string"
+    EMAIL = "email"
+    URL = "url"
+    JSON = "json"
+    BOOLEAN = "boolean"
+    DATE = "date"
+    FILE = "file"
+    UNKNOWN = "unknown"
+class VulnCategory(Enum):
+    """Vulnerability categories for fuzzing."""
+    SQLI = "sql_injection"
+    XSS = "xss"
+    SSRF = "ssrf"
+    SSTI = "ssti"
+    PATH_TRAVERSAL = "path_traversal"
+    COMMAND_INJECTION = "command_injection"
+    IDOR = "idor"
+    XXE = "xxe"
+    OPEN_REDIRECT = "open_redirect"
+@dataclass
+class FuzzPayload:
+    """A fuzzing payload with metadata."""
+    payload: str
+    category: VulnCategory
+    description: str
+    detection_pattern: Optional[str] = None
+    risk_level: int = 5  # 1-10
+@dataclass
+class FuzzResult:
+    """Result of a fuzzing attempt."""
+    payload: FuzzPayload
+    success: bool
+    response_code: int = 0
+    response_body: str = ""
+    detection_matched: bool = False
+    notes: str = ""
+class SmartFuzzer:
+    """
+    Intelligent fuzzing engine with context-aware payloads.
+    Features:
+    - Detects parameter type automatically
+    - Selects appropriate payloads
+    - Tracks successful patterns
+    - Adapts based on responses
+    """
+    _instance: Optional["SmartFuzzer"] = None
+    def __new__(cls) -> "SmartFuzzer":
+        if cls._instance is None:
+            cls._instance = super().__new__(cls)
+            cls._instance._initialized = False
+        return cls._instance
+    def __init__(self):
+        if self._initialized:
+            return
+        self._payloads: dict[VulnCategory, list[FuzzPayload]] = {}
+        self._successful_patterns: list[str] = []
+        self._load_payloads()
+        self._initialized = True
+        logger.info("SmartFuzzer initialized")
+    def _load_payloads(self):
+        """Load built-in payload database."""
+        # SQL Injection payloads
+        self._payloads[VulnCategory.SQLI] = [
+            FuzzPayload("'", VulnCategory.SQLI, "Single quote test", r"(sql|syntax|error|mysql|postgres|oracle)", 3),
+            FuzzPayload("' OR '1'='1", VulnCategory.SQLI, "Classic OR bypass", None, 5),
+            FuzzPayload("' OR 1=1--", VulnCategory.SQLI, "Comment bypass", None, 5),
+            FuzzPayload("' UNION SELECT NULL--", VulnCategory.SQLI, "UNION test", None, 6),
+            FuzzPayload("1' AND SLEEP(5)--", VulnCategory.SQLI, "Time-based blind", None, 7),
+            FuzzPayload("1; WAITFOR DELAY '0:0:5'--", VulnCategory.SQLI, "MSSQL time-based", None, 7),
+            FuzzPayload("' AND '1'='1", VulnCategory.SQLI, "Boolean-based", None, 5),
+            FuzzPayload("admin'--", VulnCategory.SQLI, "Comment injection", None, 4),
+            FuzzPayload("1' ORDER BY 10--", VulnCategory.SQLI, "Column enumeration", None, 5),
+        ]
+        # XSS payloads
+        self._payloads[VulnCategory.XSS] = [
+            FuzzPayload("<script>alert(1)</script>", VulnCategory.XSS, "Basic script", r"<script>alert\(1\)</script>", 5),
+            FuzzPayload("<img src=x onerror=alert(1)>", VulnCategory.XSS, "IMG onerror", r"<img[^>]+onerror", 5),
+            FuzzPayload("<svg onload=alert(1)>", VulnCategory.XSS, "SVG onload", r"<svg[^>]+onload", 5),
+            FuzzPayload("javascript:alert(1)", VulnCategory.XSS, "Javascript protocol", r"javascript:", 4),
+            FuzzPayload("'-alert(1)-'", VulnCategory.XSS, "DOM XSS", None, 6),
+            FuzzPayload("<body onload=alert(1)>", VulnCategory.XSS, "Body onload", r"<body[^>]+onload", 5),
+            FuzzPayload("{{7*7}}", VulnCategory.XSS, "Template injection test", r"49", 4),
+            FuzzPayload("<iframe src=javascript:alert(1)>", VulnCategory.XSS, "Iframe injection", None, 5),
+        ]
+        # SSRF payloads
+        self._payloads[VulnCategory.SSRF] = [
+            FuzzPayload("http://127.0.0.1", VulnCategory.SSRF, "Localhost", None, 5),
+            FuzzPayload("http://localhost", VulnCategory.SSRF, "Localhost name", None, 5),
+            FuzzPayload("http://[::1]", VulnCategory.SSRF, "IPv6 localhost", None, 6),
+            FuzzPayload("http://169.254.169.254", VulnCategory.SSRF, "AWS metadata", r"ami-id|instance-id", 8),
+            FuzzPayload("http://metadata.google.internal", VulnCategory.SSRF, "GCP metadata", None, 8),
+            FuzzPayload("file:///etc/passwd", VulnCategory.SSRF, "File protocol", r"root:.*:0:0", 9),
+            FuzzPayload("http://0.0.0.0:80", VulnCategory.SSRF, "All interfaces", None, 5),
+            FuzzPayload("http://127.0.0.1:22", VulnCategory.SSRF, "Port scan", r"SSH", 6),
+        ]
+        # Path Traversal payloads
+        self._payloads[VulnCategory.PATH_TRAVERSAL] = [
+            FuzzPayload("../../../etc/passwd", VulnCategory.PATH_TRAVERSAL, "Basic traversal", r"root:", 7),
+            FuzzPayload("....//....//....//etc/passwd", VulnCategory.PATH_TRAVERSAL, "Double encoding", r"root:", 7),
+            FuzzPayload("..%2f..%2f..%2fetc/passwd", VulnCategory.PATH_TRAVERSAL, "URL encoded", r"root:", 7),
+            FuzzPayload("/etc/passwd%00.jpg", VulnCategory.PATH_TRAVERSAL, "Null byte", r"root:", 8),
+            FuzzPayload("..\\..\\..\\windows\\win.ini", VulnCategory.PATH_TRAVERSAL, "Windows traversal", r"\[fonts\]", 7),
+        ]
+        # Command Injection payloads
+        self._payloads[VulnCategory.COMMAND_INJECTION] = [
+            FuzzPayload("; id", VulnCategory.COMMAND_INJECTION, "Semicolon", r"uid=", 8),
+            FuzzPayload("| id", VulnCategory.COMMAND_INJECTION, "Pipe", r"uid=", 8),
+            FuzzPayload("& id", VulnCategory.COMMAND_INJECTION, "Ampersand", r"uid=", 8),
+            FuzzPayload("$(id)", VulnCategory.COMMAND_INJECTION, "Command substitution", r"uid=", 8),
+            FuzzPayload("`id`", VulnCategory.COMMAND_INJECTION, "Backticks", r"uid=", 8),
+            FuzzPayload("|| ping -c 3 127.0.0.1", VulnCategory.COMMAND_INJECTION, "Ping test", None, 7),
+        ]
+        # SSTI payloads
+        self._payloads[VulnCategory.SSTI] = [
+            FuzzPayload("{{7*7}}", VulnCategory.SSTI, "Jinja2/Twig test", r"49", 6),
+            FuzzPayload("${7*7}", VulnCategory.SSTI, "Freemarker test", r"49", 6),
+            FuzzPayload("<%= 7*7 %>", VulnCategory.SSTI, "ERB test", r"49", 6),
+            FuzzPayload("{{config}}", VulnCategory.SSTI, "Config leak", r"SECRET_KEY", 8),
+            FuzzPayload("{{self.__class__.__mro__}}", VulnCategory.SSTI, "Python MRO", r"class", 7),
+        ]
+        # Open Redirect payloads
+        self._payloads[VulnCategory.OPEN_REDIRECT] = [
+            FuzzPayload("//evil.com", VulnCategory.OPEN_REDIRECT, "Protocol-relative", None, 5),
+            FuzzPayload("https://evil.com", VulnCategory.OPEN_REDIRECT, "Direct redirect", None, 5),
+            FuzzPayload("/\\evil.com", VulnCategory.OPEN_REDIRECT, "Backslash bypass", None, 6),
+            FuzzPayload("//evil.com/%2f..", VulnCategory.OPEN_REDIRECT, "Path confusion", None, 6),
+        ]
+    def detect_param_type(self, param_name: str, param_value: str) -> ParamType:
+        """Detect the type of a parameter based on name and value."""
+        name_lower = param_name.lower()
+        # Check by name patterns
+        if any(x in name_lower for x in ['email', 'mail']):
+            return ParamType.EMAIL
+        if any(x in name_lower for x in ['url', 'link', 'redirect', 'next', 'return', 'goto']):
+            return ParamType.URL
+        if any(x in name_lower for x in ['file', 'path', 'document', 'upload']):
+            return ParamType.FILE
+        if any(x in name_lower for x in ['date', 'time', 'created', 'updated']):
+            return ParamType.DATE
+        if any(x in name_lower for x in ['id', 'num', 'count', 'page', 'size', 'limit']):
+            return ParamType.NUMERIC
+        # Check by value patterns
+        if param_value.isdigit():
+            return ParamType.NUMERIC
+        if re.match(r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$', param_value):
+            return ParamType.EMAIL
+        if param_value.lower() in ['true', 'false', '1', '0', 'yes', 'no']:
+            return ParamType.BOOLEAN
+        if param_value.startswith(('http://', 'https://', '//')):
+            return ParamType.URL
+        if param_value.startswith(('{', '[')):
+            return ParamType.JSON
+        return ParamType.STRING
+    def get_payloads_for_param(
+        self,
+        param_name: str,
+        param_value: str,
+        categories: Optional[list[VulnCategory]] = None
+    ) -> list[FuzzPayload]:
+        """Get appropriate payloads for a parameter."""
+        param_type = self.detect_param_type(param_name, param_value)
+        payloads = []
+        # If specific categories requested, use those
+        if categories:
+            for cat in categories:
+                if cat in self._payloads:
+                    payloads.extend(self._payloads[cat])
+            return payloads
+        # Otherwise, select based on parameter type
+        if param_type == ParamType.URL:
+            payloads.extend(self._payloads.get(VulnCategory.SSRF, []))
+            payloads.extend(self._payloads.get(VulnCategory.OPEN_REDIRECT, []))
+        if param_type == ParamType.NUMERIC:
+            payloads.extend(self._payloads.get(VulnCategory.SQLI, []))
+            payloads.extend(self._payloads.get(VulnCategory.IDOR, []))
+        if param_type == ParamType.FILE:
+            payloads.extend(self._payloads.get(VulnCategory.PATH_TRAVERSAL, []))
+        if param_type == ParamType.STRING:
+            payloads.extend(self._payloads.get(VulnCategory.SQLI, []))
+            payloads.extend(self._payloads.get(VulnCategory.XSS, []))
+            payloads.extend(self._payloads.get(VulnCategory.SSTI, []))
+            payloads.extend(self._payloads.get(VulnCategory.COMMAND_INJECTION, []))
+        return payloads
+    def get_all_payloads(self, category: VulnCategory) -> list[FuzzPayload]:
+        """Get all payloads for a specific category."""
+        return self._payloads.get(category, [])
+    def check_detection(self, payload: FuzzPayload, response_body: str) -> bool:
+        """Check if detection pattern matches in response."""
+        if not payload.detection_pattern:
+            return False
+        return bool(re.search(payload.detection_pattern, response_body, re.IGNORECASE))
+    def record_success(self, pattern: str):
+        """Record a successful payload pattern for learning."""
+        if pattern not in self._successful_patterns:
+            self._successful_patterns.append(pattern)
+            logger.info(f"Recorded successful pattern: {pattern}")
+    def get_stats(self) -> dict[str, Any]:
+        """Get fuzzer statistics."""
+        total_payloads = sum(len(p) for p in self._payloads.values())
+        return {
+            "total_payloads": total_payloads,
+            "categories": list(self._payloads.keys()),
+            "successful_patterns": len(self._successful_patterns),
+        }
+# Global instance
+_fuzzer: Optional[SmartFuzzer] = None
+def get_smart_fuzzer() -> SmartFuzzer:
+    """Get or create the global fuzzer instance."""
+    global _fuzzer
+    if _fuzzer is None:
+        _fuzzer = SmartFuzzer()
+    return _fuzzer
+def fuzz_parameter(
+    param_name: str,
+    param_value: str,
+    categories: Optional[list[VulnCategory]] = None
+) -> list[FuzzPayload]:
+    """Convenience function to get payloads for a parameter."""
+    fuzzer = get_smart_fuzzer()
+    return fuzzer.get_payloads_for_param(param_name, param_value, categories)

exaai-agent 2.0.5__py3-none-any.whl → 2.0.6__py3-none-any.whl

exaai-agent 2.0.5py3-none-any.whl → 2.0.6py3-none-any.whl