exaai-agent 2.0.9__tar.gz → 2.2.0__tar.gz

{exaai_agent-2.0.9 → exaai_agent-2.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: exaai-agent
-Version: 2.0.9
+Version: 2.2.0
 Summary: ExaAi - Advanced AI Security Agent for Comprehensive Penetration Testing
 License: Apache-2.0
 License-File: LICENSE
@@ -53,57 +53,60 @@ Description-Content-Type: text/markdown
 [![Python](https://img.shields.io/pypi/pyversions/exaai-agent?color=3776AB)](https://pypi.org/project/exaai-agent/)
 [![PyPI](https://img.shields.io/pypi/v/exaai-agent?color=10b981)](https://pypi.org/project/exaai-agent/)
 [![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)
-[![Version](https://img.shields.io/badge/version-2.1.0-00d4ff.svg)]()
+[![Version](https://img.shields.io/badge/version-2.1.2-00d4ff.svg)]()
 
 </div>
 
 <br>
 
 > [!TIP]
-> **🚀 v2.1.0 Released!** React2Shell Detection (CVE-2025-55182), Cloud Security Testing, Smart Fuzzing, and CLI improvements with `exaai` command!
+> **🚀 v2.1.2 Released!** Now supports **AI Agent Integration (OpenClaw)**, Kubernetes Security, Azure/GCP modules, and Prompt Injection detection.
+>
+> 🤖 **Connect Your Agent:** You can now control ExaAiAgent via any AI agent (OpenClaw, etc).
+> Just send this command to your agent:
+> ```
+> Read https://raw.githubusercontent.com/hleliofficiel/ExaAiAgent/main/SKILL.md and follow the instructions to join ExaAiAgent
+> ```
 
 ---
 
-## 🔥 What's New in v2.1.0
+## 🔥 What's New in v2.1.2
 
-### 🚨 React2Shell Detection (CVE-2025-55182)
+### 🤖 AI Agent Integration (OpenClaw)
 
-New critical vulnerability scanner for **React Server Components**:
+Seamlessly integrate ExaAiAgent with your AI workforce:
 
-- **CVSS 10.0** - Unauthenticated RCE via RSC Flight protocol
-- Auto-detects Next.js 15.x/16.x, React 19.x applications
-- Complete exploitation methodology and PoC generation
-- WAF bypass techniques included
+- **Agent Control**: Control scans via OpenClaw or any agent framework
+- **Auto-Discovery**: Agents can read `SKILL.md` to self-onboard
+- **Output Optimization**: Tools now output cleaner data (no ANSI codes) for LLM consumption
 
-### ☁️ AWS & Cloud Security
+### ⚓ Kubernetes & Cloud Security (Updated)
 
-Comprehensive cloud infrastructure testing:
+Expanded coverage for cloud-native infrastructure:
 
-- **AWS**: EC2 Metadata SSRF, S3 buckets, IAM escalation, Lambda
-- **Azure**: Blob storage, Managed Identity, Azure AD
-- **GCP**: Cloud Storage, Service Account abuse
-- **Kubernetes**: RBAC, Secrets, Pod escape
+- **Kubernetes**: Deep RBAC auditing, Pod Security Standards (PSS), Network Policy checks
+- **Azure**: Blob Storage, Entra ID (Azure AD), Key Vault auditing
+- **GCP**: Cloud Storage, IAM, Service Account key leaks
+- **Prompt Injection**: Dedicated scanner for AI/LLM applications
 
-### � Smart Security Tools
+### 🛡️ Smart Security Tools
 
 | Tool | Capability |
 |------|------------|
-| **Smart Fuzzer** | Context-aware payloads, parameter type detection |
+| **Smart Fuzzer** | Thread-safe, context-aware fuzzing with rate limiting |
 | **Response Analyzer** | SQL errors, stack traces, sensitive data detection |
-| **Vuln Validator** | PoC generation, CVSS scoring, remediation advice |
-| **WAF Bypass** | Multi-layer bypass techniques |
+| **Vuln Validator** | PoC generation with false positive reduction |
+| **WAF Bypass** | Multi-layer bypass for Cloudflare, Akamai, AWS WAF |
 
-### ⚡ CLI Improvements
+### ⚡ CLI & Stability
 
-```bash
-# New command (shorter!)
-exaai --target https://example.com
-
-# Version check
-exaai --version
+- **Thread-Safety**: Fixed race conditions in async scans
+- **Resource Management**: Auto-shutdown and cleanup of background processes
+- **Installation**: Robust `install.sh` for Linux/macOS (bash/zsh/fish)
 
-# TUI mode
-exaai tui
+```bash
+# New install script
+curl -sSL https://raw.githubusercontent.com/hleliofficiel/ExaAiAgent/main/install.sh | bash
 ```
 
 ---
@@ -146,6 +149,10 @@ ExaAiAgent is an elite AI-powered cybersecurity agent that acts like a real pene
 
 ```bash
 # Install ExaAiAgent
+
+# Method 1: Automated Script (Recommended)
+pip install exaai-agent 
+# Method 2: pipx
 pipx install exaai-agent
 
 # Configure your AI provider (choose one)
@@ -287,7 +294,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install ExaAiAgent
-        run: pipx install exaai-agent
+        run: curl -sSL https://raw.githubusercontent.com/hleliofficiel/ExaAiAgent/main/install.sh | bash
 
       - name: Run ExaAiAgent
         env:
@@ -339,26 +346,49 @@ export PERPLEXITY_API_KEY="key"       # For search capabilities
 | `oauth_oidc` | OAuth2/OIDC flaws |
 | `waf_bypass` | WAF bypass techniques |
 | `subdomain_takeover` | Subdomain takeover |
+| `prompt_injection` | AI/LLM prompt injection attacks |
+| `kubernetes_security` | **NEW!** K8s RBAC & Pod Security auditing |
 
 ---
 
 ## 🆕 Changelog
 
-### v2.0.0 (Latest)
+### v2.1.2 (Latest)
+- **AI Agent Integration**: OpenClaw/Agent compatibility
+- **Stability Fixes**: ToolManager thread-safety, Resource cleanup
+- **DevEx**: New `install.sh` script, improved logging
+
+### v2.1.0
+- **New Modules**: K8s, Azure, GCP, Prompt Injection
+- **React2Shell**: CVE-2025-55182 detection
+- **Auto-Discovery**: Improved target detection
+
+---
+
+## 🛠️ Troubleshooting
 
-- ✨ **Smart Auto-Module Loading** - Automatically detects target type
-- ⚡ **Token Optimization** - Lightweight mode & task scaling
-- 🛡️ **5 New Security Modules** - GraphQL, WebSocket, OAuth, WAF, Subdomain
-- 🎨 **New UI/Branding** - Fresh ExaAi logo with Cyan/Purple theme
-- 📊 **Improved Performance** - Reduced unnecessary LLM calls
+### 🔧 Troubleshooting
 
-### v1.0.0
+#### Problem: "LLM Connection Failed" or Model Not Found
+Modern models (like `gemini-3-pro-preview`) require the latest version of `litellm` to be recognized correctly.
 
-- Multi-LLM Load Balancing
-- Enhanced Context Management
-- Specialized Agents
-- Advanced Prompts
-- Improved Reporting
+**Solution: Update LiteLLM**
+```bash
+pip install -U litellm
+```
+
+**Linux/Debian Users (Externally Managed Environment):**
+If you encounter permission errors or "externally-managed-environment", you may need to use a virtual environment (`venv`) or force a user install:
+
+```bash
+# Option 1: Virtual Environment (Recommended for Servers)
+python3 -m venv venv
+source venv/bin/activate
+pip install exaai-agent
+
+# Option 2: Force User Install
+pip install -U litellm --user --break-system-packages
+```
 
 ---
 

{exaai_agent-2.0.9 → exaai_agent-2.2.0}/README.md

@@ -11,57 +11,60 @@
 [![Python](https://img.shields.io/pypi/pyversions/exaai-agent?color=3776AB)](https://pypi.org/project/exaai-agent/)
 [![PyPI](https://img.shields.io/pypi/v/exaai-agent?color=10b981)](https://pypi.org/project/exaai-agent/)
 [![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)
-[![Version](https://img.shields.io/badge/version-2.1.0-00d4ff.svg)]()
+[![Version](https://img.shields.io/badge/version-2.1.2-00d4ff.svg)]()
 
 </div>
 
 <br>
 
 > [!TIP]
-> **🚀 v2.1.0 Released!** React2Shell Detection (CVE-2025-55182), Cloud Security Testing, Smart Fuzzing, and CLI improvements with `exaai` command!
+> **🚀 v2.1.2 Released!** Now supports **AI Agent Integration (OpenClaw)**, Kubernetes Security, Azure/GCP modules, and Prompt Injection detection.
+>
+> 🤖 **Connect Your Agent:** You can now control ExaAiAgent via any AI agent (OpenClaw, etc).
+> Just send this command to your agent:
+> ```
+> Read https://raw.githubusercontent.com/hleliofficiel/ExaAiAgent/main/SKILL.md and follow the instructions to join ExaAiAgent
+> ```
 
 ---
 
-## 🔥 What's New in v2.1.0
+## 🔥 What's New in v2.1.2
 
-### 🚨 React2Shell Detection (CVE-2025-55182)
+### 🤖 AI Agent Integration (OpenClaw)
 
-New critical vulnerability scanner for **React Server Components**:
+Seamlessly integrate ExaAiAgent with your AI workforce:
 
-- **CVSS 10.0** - Unauthenticated RCE via RSC Flight protocol
-- Auto-detects Next.js 15.x/16.x, React 19.x applications
-- Complete exploitation methodology and PoC generation
-- WAF bypass techniques included
+- **Agent Control**: Control scans via OpenClaw or any agent framework
+- **Auto-Discovery**: Agents can read `SKILL.md` to self-onboard
+- **Output Optimization**: Tools now output cleaner data (no ANSI codes) for LLM consumption
 
-### ☁️ AWS & Cloud Security
+### ⚓ Kubernetes & Cloud Security (Updated)
 
-Comprehensive cloud infrastructure testing:
+Expanded coverage for cloud-native infrastructure:
 
-- **AWS**: EC2 Metadata SSRF, S3 buckets, IAM escalation, Lambda
-- **Azure**: Blob storage, Managed Identity, Azure AD
-- **GCP**: Cloud Storage, Service Account abuse
-- **Kubernetes**: RBAC, Secrets, Pod escape
+- **Kubernetes**: Deep RBAC auditing, Pod Security Standards (PSS), Network Policy checks
+- **Azure**: Blob Storage, Entra ID (Azure AD), Key Vault auditing
+- **GCP**: Cloud Storage, IAM, Service Account key leaks
+- **Prompt Injection**: Dedicated scanner for AI/LLM applications
 
-### � Smart Security Tools
+### 🛡️ Smart Security Tools
 
 | Tool | Capability |
 |------|------------|
-| **Smart Fuzzer** | Context-aware payloads, parameter type detection |
+| **Smart Fuzzer** | Thread-safe, context-aware fuzzing with rate limiting |
 | **Response Analyzer** | SQL errors, stack traces, sensitive data detection |
-| **Vuln Validator** | PoC generation, CVSS scoring, remediation advice |
-| **WAF Bypass** | Multi-layer bypass techniques |
+| **Vuln Validator** | PoC generation with false positive reduction |
+| **WAF Bypass** | Multi-layer bypass for Cloudflare, Akamai, AWS WAF |
 
-### ⚡ CLI Improvements
+### ⚡ CLI & Stability
 
-```bash
-# New command (shorter!)
-exaai --target https://example.com
-
-# Version check
-exaai --version
+- **Thread-Safety**: Fixed race conditions in async scans
+- **Resource Management**: Auto-shutdown and cleanup of background processes
+- **Installation**: Robust `install.sh` for Linux/macOS (bash/zsh/fish)
 
-# TUI mode
-exaai tui
+```bash
+# New install script
+curl -sSL https://raw.githubusercontent.com/hleliofficiel/ExaAiAgent/main/install.sh | bash
 ```
 
 ---
@@ -104,6 +107,10 @@ ExaAiAgent is an elite AI-powered cybersecurity agent that acts like a real pene
 
 ```bash
 # Install ExaAiAgent
+
+# Method 1: Automated Script (Recommended)
+pip install exaai-agent 
+# Method 2: pipx
 pipx install exaai-agent
 
 # Configure your AI provider (choose one)
@@ -245,7 +252,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install ExaAiAgent
-        run: pipx install exaai-agent
+        run: curl -sSL https://raw.githubusercontent.com/hleliofficiel/ExaAiAgent/main/install.sh | bash
 
       - name: Run ExaAiAgent
         env:
@@ -297,26 +304,49 @@ export PERPLEXITY_API_KEY="key"       # For search capabilities
 | `oauth_oidc` | OAuth2/OIDC flaws |
 | `waf_bypass` | WAF bypass techniques |
 | `subdomain_takeover` | Subdomain takeover |
+| `prompt_injection` | AI/LLM prompt injection attacks |
+| `kubernetes_security` | **NEW!** K8s RBAC & Pod Security auditing |
 
 ---
 
 ## 🆕 Changelog
 
-### v2.0.0 (Latest)
+### v2.1.2 (Latest)
+- **AI Agent Integration**: OpenClaw/Agent compatibility
+- **Stability Fixes**: ToolManager thread-safety, Resource cleanup
+- **DevEx**: New `install.sh` script, improved logging
+
+### v2.1.0
+- **New Modules**: K8s, Azure, GCP, Prompt Injection
+- **React2Shell**: CVE-2025-55182 detection
+- **Auto-Discovery**: Improved target detection
+
+---
+
+## 🛠️ Troubleshooting
 
-- ✨ **Smart Auto-Module Loading** - Automatically detects target type
-- ⚡ **Token Optimization** - Lightweight mode & task scaling
-- 🛡️ **5 New Security Modules** - GraphQL, WebSocket, OAuth, WAF, Subdomain
-- 🎨 **New UI/Branding** - Fresh ExaAi logo with Cyan/Purple theme
-- 📊 **Improved Performance** - Reduced unnecessary LLM calls
+### 🔧 Troubleshooting
 
-### v1.0.0
+#### Problem: "LLM Connection Failed" or Model Not Found
+Modern models (like `gemini-3-pro-preview`) require the latest version of `litellm` to be recognized correctly.
 
-- Multi-LLM Load Balancing
-- Enhanced Context Management
-- Specialized Agents
-- Advanced Prompts
-- Improved Reporting
+**Solution: Update LiteLLM**
+```bash
+pip install -U litellm
+```
+
+**Linux/Debian Users (Externally Managed Environment):**
+If you encounter permission errors or "externally-managed-environment", you may need to use a virtual environment (`venv`) or force a user install:
+
+```bash
+# Option 1: Virtual Environment (Recommended for Servers)
+python3 -m venv venv
+source venv/bin/activate
+pip install exaai-agent
+
+# Option 2: Force User Install
+pip install -U litellm --user --break-system-packages
+```
 
 ---
 

exaai_agent-2.2.0/exaaiagnt/dashboard/server.py

@@ -0,0 +1,99 @@
+from fastapi import FastAPI, WebSocket, WebSocketDisconnect
+from fastapi.staticfiles import StaticFiles
+from fastapi.responses import HTMLResponse
+import uvicorn
+import json
+import asyncio
+import logging
+from typing import List, Dict, Any
+import os
+
+from exaaiagnt.telemetry.tracer import get_global_tracer
+
+app = FastAPI(title="ExaAi Live Dashboard")
+
+# Serve static files
+static_dir = os.path.join(os.path.dirname(__file__), "static")
+app.mount("/static", StaticFiles(directory=static_dir), name="static")
+
+class ConnectionManager:
+    def __init__(self):
+        self.active_connections: List[WebSocket] = []
+
+    async def connect(self, websocket: WebSocket):
+        await websocket.accept()
+        self.active_connections.append(websocket)
+
+    def disconnect(self, websocket: WebSocket):
+        self.active_connections.remove(websocket)
+
+    async def broadcast(self, message: str):
+        for connection in self.active_connections:
+            try:
+                await connection.send_text(message)
+            except Exception:
+                pass
+
+manager = ConnectionManager()
+
+@app.get("/")
+async def get_dashboard():
+    html_path = os.path.join(os.path.dirname(__file__), "templates", "index.html")
+    with open(html_path, "r") as f:
+        return HTMLResponse(content=f.read())
+
+@app.get("/api/stats")
+async def get_stats():
+    tracer = get_global_tracer()
+    if not tracer:
+        return {"status": "Waiting for agent..."}
+    
+    return {
+        "agents_count": len(tracer.agents),
+        "vulnerabilities": len(tracer.vulnerability_reports),
+        "tool_calls": len(tracer.tool_executions),
+        "start_time": tracer.start_time,
+        "run_name": tracer.run_name
+    }
+
+@app.get("/api/vulnerabilities")
+async def get_vulns():
+    tracer = get_global_tracer()
+    if not tracer:
+        return []
+    return tracer.vulnerability_reports
+
+@app.websocket("/ws")
+async def websocket_endpoint(websocket: WebSocket):
+    await manager.connect(websocket)
+    try:
+        while True:
+            # Send updates every second
+            tracer = get_global_tracer()
+            if tracer:
+                data = {
+                    "agents": tracer.agents,
+                    "stats": {
+                        "active": sum(1 for a in tracer.agents.values() if a.get("status") == "running"),
+                        "completed": sum(1 for a in tracer.agents.values() if a.get("status") == "completed"),
+                        "failed": sum(1 for a in tracer.agents.values() if a.get("status") == "failed"),
+                    },
+                    "recent_logs": tracer.chat_messages[-10:] if tracer.chat_messages else []
+                }
+                await websocket.send_json(data)
+            await asyncio.sleep(1)
+    except WebSocketDisconnect:
+        manager.disconnect(websocket)
+    except Exception as e:
+        logging.error(f"WebSocket error: {e}")
+        manager.disconnect(websocket)
+
+def start_dashboard(host="0.0.0.0", port=8000):
+    """Start the dashboard server in a background thread or process."""
+    config = uvicorn.Config(app, host=host, port=port, log_level="error")
+    server = uvicorn.Server(config)
+    # We'll run this in a thread from the main agent
+    import threading
+    t = threading.Thread(target=server.run, daemon=True)
+    t.start()
+    return t