exploitgraph 1.0.0__py3-none-any.whl

modules/reporting/html_report.py

@@ -0,0 +1,446 @@
+"""
+ExploitGraph Module: HTML Report Generator
+Category: reporting
+Generates a professional security assessment HTML report with:
+  - D3.js interactive attack graph
+  - CVSS-scored findings (expandable)
+  - MITRE ATT&CK mapping
+  - AWS remediation commands
+  - Risk score breakdown
+"""
+from __future__ import annotations
+import os
+import json
+import datetime
+from pathlib import Path
+from typing import TYPE_CHECKING
+
+from modules.base import BaseModule, ModuleResult
+
+if TYPE_CHECKING:
+    from core.session_manager import Session
+
+SEVERITY_ORDER = {"CRITICAL": 0, "HIGH": 1, "MEDIUM": 2, "LOW": 3, "INFO": 4}
+CVSS_COLOR = {"CRITICAL": "#dc2626", "HIGH": "#ea580c",
+              "MEDIUM": "#d97706", "LOW": "#16a34a", "INFO": "#6b7280"}
+
+MITRE_REF = {
+    "T1595":     ("T1595",     "Active Scanning",                "Adversaries scan for target information prior to attack."),
+    "T1595.003": ("T1595.003", "Wordlist Scanning",              "Scan for target-related files/paths using wordlists."),
+    "T1580":     ("T1580",     "Cloud Infrastructure Discovery", "Query cloud APIs to enumerate infrastructure."),
+    "T1530":     ("T1530",     "Data from Cloud Storage",        "Access data from misconfigured cloud storage objects."),
+    "T1552.001": ("T1552.001", "Credentials in Files",           "Search files for credentials, API keys, and tokens."),
+    "T1552.004": ("T1552.004", "Private Keys",                   "Search for private key material in files."),
+    "T1552.005": ("T1552.005", "Cloud Instance Metadata",        "Query cloud metadata endpoints for credentials."),
+    "T1078":     ("T1078",     "Valid Accounts",                 "Use legitimate credentials for unauthorized access."),
+    "T1078.004": ("T1078.004", "Cloud Accounts",                 "Abuse valid cloud account credentials."),
+    "T1548":     ("T1548",     "Abuse Elevation Control",        "Abuse cloud IAM misconfigs to escalate privileges."),
+    "T1550.001": ("T1550.001", "Application Access Token",       "Use forged or stolen application tokens."),
+    "T1069.003": ("T1069.003", "Cloud Groups",                   "Enumerate cloud IAM groups and permissions."),
+    "T1110.001": ("T1110.001", "Password Guessing",              "Attempt to guess valid credentials."),
+}
+
+HTML_TEMPLATE = """<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width,initial-scale=1.0">
+<title>ExploitGraph Report — {session_id}</title>
+<script src="https://cdnjs.cloudflare.com/ajax/libs/d3/7.8.5/d3.min.js"></script>
+<style>
+:root{{--red:#dc2626;--orange:#ea580c;--amber:#d97706;--green:#16a34a;--blue:#2563eb;--purple:#7c3aed;--dark:#0f172a;--card:#1e293b;--border:#334155;--text:#e2e8f0;--muted:#94a3b8}}
+*{{margin:0;padding:0;box-sizing:border-box}}
+body{{background:#0f172a;color:#e2e8f0;font-family:'Segoe UI',system-ui,sans-serif;font-size:14px;line-height:1.6}}
+.container{{max-width:1200px;margin:0 auto;padding:0 24px}}
+.grid-4{{display:grid;grid-template-columns:repeat(4,1fr);gap:16px}}
+.grid-3{{display:grid;grid-template-columns:repeat(3,1fr);gap:16px}}
+.header{{background:#0a0f1a;border-bottom:2px solid #dc2626;padding:32px 0}}
+.logo{{font-size:28px;font-weight:900;color:#dc2626;letter-spacing:-1px}}
+.logo span{{color:#e2e8f0}}
+.header-inner{{display:flex;justify-content:space-between;align-items:center}}
+.badge-conf{{display:inline-block;background:#dc2626;color:#fff;font-size:11px;font-weight:700;padding:2px 10px;border-radius:2px;letter-spacing:2px;margin-top:8px}}
+.killchain{{background:#1e293b;border:1px solid #334155;border-left:4px solid #dc2626;padding:18px 20px;margin:20px 0;border-radius:4px}}
+.chain-steps{{display:flex;align-items:center;flex-wrap:wrap;gap:0;margin-top:10px}}
+.chain-step{{background:#0f172a;border:1px solid #334155;border-radius:6px;padding:10px 14px;text-align:center;min-width:130px}}
+.chain-step.active{{border-color:#dc2626}}
+.chain-step .cs-title{{font-size:11px;font-weight:700;color:#dc2626}}
+.chain-step .cs-sub{{font-size:10px;color:#94a3b8}}
+.chain-arrow{{color:#dc2626;font-size:18px;padding:0 6px;font-weight:700}}
+section{{padding:28px 0}}
+.section-title{{font-size:16px;font-weight:700;padding-bottom:10px;border-bottom:1px solid #334155;margin-bottom:16px}}
+.stat-card{{background:#1e293b;border:1px solid #334155;border-radius:8px;padding:18px}}
+.stat-card .sl{{font-size:11px;color:#94a3b8;text-transform:uppercase;letter-spacing:1px}}
+.stat-card .sv{{font-size:32px;font-weight:900;margin:4px 0}}
+.stat-card .sd{{font-size:12px;color:#94a3b8}}
+.sc{{border-top:3px solid #dc2626}}.sc .sv{{color:#dc2626}}
+.sh{{border-top:3px solid #ea580c}}.sh .sv{{color:#ea580c}}
+.sm{{border-top:3px solid #d97706}}.sm .sv{{color:#d97706}}
+.si{{border-top:3px solid #2563eb}}.si .sv{{color:#2563eb}}
+#graph-container{{background:#0a0f1a;border:1px solid #334155;border-radius:8px;overflow:hidden}}
+#graph-svg{{width:100%;height:480px}}
+.graph-legend{{display:flex;gap:14px;padding:10px 18px;border-top:1px solid #334155;flex-wrap:wrap}}
+.legend-item{{display:flex;align-items:center;gap:5px;font-size:12px;color:#94a3b8}}
+.legend-dot{{width:10px;height:10px;border-radius:50%}}
+.finding{{background:#1e293b;border:1px solid #334155;border-radius:8px;margin-bottom:12px;overflow:hidden}}
+.fh{{padding:14px 18px;display:flex;justify-content:space-between;align-items:center;cursor:pointer}}
+.fh:hover{{background:#263348}}
+.ft{{font-size:14px;font-weight:700}}
+.fb{{padding:0 18px 16px;display:none}}
+.fb.open{{display:block}}
+.fb h4{{color:#94a3b8;font-size:11px;text-transform:uppercase;letter-spacing:1px;margin:12px 0 5px}}
+.fb p,.fb pre{{font-size:13px;color:#cbd5e1;line-height:1.7}}
+.fb pre{{background:#0f172a;border:1px solid #334155;border-radius:4px;padding:10px;font-family:monospace;font-size:12px;white-space:pre-wrap}}
+.aws-box{{background:#0c1a2e;border:1px solid #1e3a5f;border-radius:4px;padding:10px;margin-top:8px}}
+.aws-box .al{{color:#60a5fa;font-size:11px;font-weight:700;text-transform:uppercase}}
+.aws-box p{{color:#93c5fd;font-size:13px;margin-top:3px}}
+.badge{{display:inline-block;padding:2px 9px;border-radius:4px;font-size:11px;font-weight:700}}
+.bC{{background:#7f1d1d;color:#fca5a5}}.bH{{background:#7c2d12;color:#fdba74}}
+.bM{{background:#78350f;color:#fcd34d}}.bL{{background:#14532d;color:#86efac}}
+.bI{{background:#1e3a5f;color:#93c5fd}}
+.cvss-bar{{height:5px;background:#334155;border-radius:3px;margin-top:6px}}
+.cvss-fill{{height:100%;border-radius:3px}}
+.mitre-tag{{display:inline-block;background:#1e1b4b;border:1px solid #4338ca;color:#a5b4fc;font-size:11px;padding:2px 7px;border-radius:3px;font-family:monospace;margin-top:5px}}
+.rec-list{{list-style:none;margin-top:5px}}
+.rec-list li{{padding:3px 0 3px 14px;position:relative;color:#cbd5e1;font-size:13px}}
+.rec-list li::before{{content:"→";position:absolute;left:0;color:#2563eb}}
+.table-wrap{{overflow-x:auto}}
+table{{width:100%;border-collapse:collapse}}
+th{{background:#0f172a;color:#94a3b8;font-size:11px;text-transform:uppercase;letter-spacing:1px;padding:9px 12px;text-align:left;border-bottom:1px solid #334155}}
+td{{padding:9px 12px;border-bottom:1px solid #1e293b;font-size:13px;vertical-align:top}}
+tr:hover td{{background:#1a2336}}
+.mono{{font-family:monospace;font-size:12px;word-break:break-all}}
+.mitre-card{{background:#1e293b;border:1px solid #334155;border-radius:8px;padding:14px}}
+.mitre-card .mc-id{{font-size:11px;color:#a5b4fc;font-family:monospace}}
+.mitre-card .mc-name{{font-size:13px;font-weight:700;margin:3px 0}}
+.mitre-card .mc-desc{{font-size:12px;color:#94a3b8}}
+.mitre-card a{{color:#60a5fa;font-size:11px}}
+.rem-block{{background:#0c1a0c;border:1px solid #166534;border-radius:8px;padding:18px;margin-bottom:14px}}
+.rem-block h4{{color:#86efac;font-size:13px;font-weight:700;margin-bottom:8px}}
+.rem-block code{{background:#0f172a;border:1px solid #334155;border-radius:3px;padding:7px 10px;display:block;font-family:monospace;font-size:12px;color:#a3e635;margin:6px 0;white-space:pre-wrap}}
+.risk-score{{font-size:48px;font-weight:900;text-align:center;padding:16px}}
+.footer{{background:#0a0f1a;border-top:1px solid #334155;padding:20px 0;margin-top:32px;text-align:center;color:#475569;font-size:12px}}
+::-webkit-scrollbar{{width:5px;height:5px}}
+::-webkit-scrollbar-track{{background:#0f172a}}
+::-webkit-scrollbar-thumb{{background:#334155;border-radius:3px}}
+</style>
+</head>
+<body>
+<div class="header"><div class="container"><div class="header-inner">
+  <div>
+    <div class="logo">Exploit<span>Graph</span></div>
+    <div style="color:#94a3b8;font-size:12px;margin-top:3px">Automated Attack Path Discovery & Exploitation Framework</div>
+  </div>
+  <div style="text-align:right">
+    <div style="font-size:12px;color:#94a3b8">Security Assessment Report</div>
+    <div style="font-weight:700">{session_id}</div>
+    <div style="color:#94a3b8;font-size:12px">{report_date}</div>
+    <div style="color:#94a3b8;font-size:12px">Target: {target}</div>
+    <div class="badge-conf">CONFIDENTIAL</div>
+  </div>
+</div></div></div>
+
+<div class="container">
+<div class="killchain">
+  <div style="color:#dc2626;font-size:11px;font-weight:700;text-transform:uppercase;letter-spacing:2px">Attack Kill Chain</div>
+  <div class="chain-steps">
+    <div class="chain-step active"><div class="cs-title">Cloud Misconfig</div><div class="cs-sub">Public storage</div></div>
+    <div class="chain-arrow">→</div>
+    <div class="chain-step active"><div class="cs-title">Data Exposure</div><div class="cs-sub">Files/backups</div></div>
+    <div class="chain-arrow">→</div>
+    <div class="chain-step active"><div class="cs-title">Secret Leakage</div><div class="cs-sub">Keys / tokens</div></div>
+    <div class="chain-arrow">→</div>
+    <div class="chain-step active"><div class="cs-title">API Abuse</div><div class="cs-sub">Credential use</div></div>
+    <div class="chain-arrow">→</div>
+    <div class="chain-step active"><div class="cs-title">Compromise</div><div class="cs-sub">Full access</div></div>
+  </div>
+</div>
+
+<section>
+  <div class="section-title">Executive Summary</div>
+  <div class="grid-4">
+    <div class="stat-card sc"><div class="sl">Critical</div><div class="sv">{sev_critical}</div><div class="sd">Immediate action</div></div>
+    <div class="stat-card sh"><div class="sl">High</div><div class="sv">{sev_high}</div><div class="sd">Remediate 24h</div></div>
+    <div class="stat-card sm"><div class="sl">Secrets Found</div><div class="sv">{secrets_count}</div><div class="sd">Credentials leaked</div></div>
+    <div class="stat-card si"><div class="sl">Risk Score</div><div class="sv">{risk_score}</div><div class="sd">{risk_label} severity</div></div>
+  </div>
+</section>
+
+<section>
+  <div class="section-title">Attack Path Graph</div>
+  <div id="graph-container">
+    <svg id="graph-svg"></svg>
+    <div class="graph-legend">
+      <div class="legend-item"><div class="legend-dot" style="background:#dc2626"></div>Critical node</div>
+      <div class="legend-item"><div class="legend-dot" style="background:#ea580c"></div>High node</div>
+      <div class="legend-item"><div class="legend-dot" style="background:#2563eb"></div>Info node</div>
+      <div class="legend-item"><div class="legend-dot" style="background:#7c3aed"></div>Module</div>
+      <div class="legend-item" style="margin-left:auto;font-size:11px">Drag nodes · Scroll to zoom</div>
+    </div>
+  </div>
+</section>
+
+<section>
+  <div class="section-title">Security Findings ({total_findings})</div>
+  {findings_html}
+</section>
+
+<section>
+  <div class="section-title">Extracted Secrets ({secrets_count})</div>
+  <div class="table-wrap"><table>
+    <thead><tr><th>#</th><th>Type</th><th>Severity</th><th>Value</th><th>Source</th><th>AWS Parallel</th></tr></thead>
+    <tbody>{secrets_html}</tbody>
+  </table></div>
+</section>
+
+<section>
+  <div class="section-title">MITRE ATT&CK for Cloud</div>
+  <div class="grid-3">{mitre_html}</div>
+</section>
+
+<section>
+  <div class="section-title">AWS Remediation Commands</div>
+  <div class="rem-block"><h4>1. Enable S3 Block Public Access</h4>
+    <code>aws s3api put-public-access-block --bucket BUCKET_NAME \\
+  --public-access-block-configuration \\
+  "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"</code>
+  </div>
+  <div class="rem-block"><h4>2. Migrate Secrets to AWS Secrets Manager</h4>
+    <code>aws secretsmanager create-secret --name "prod/app/credentials" \\
+  --secret-string '{{"api_key":"NEW_VALUE"}}' \\
+  --kms-key-id alias/aws/secretsmanager</code>
+  </div>
+  <div class="rem-block"><h4>3. Enable CloudTrail</h4>
+    <code>aws cloudtrail create-trail --name app-trail --s3-bucket-name my-cloudtrail-logs \\
+  --is-multi-region-trail --enable-log-file-validation
+aws cloudtrail start-logging --name app-trail</code>
+  </div>
+  <div class="rem-block"><h4>4. Enable GuardDuty</h4>
+    <code>aws guardduty create-detector --enable \\
+  --finding-publishing-frequency FIFTEEN_MINUTES</code>
+  </div>
+  <div class="rem-block"><h4>5. Rotate Compromised IAM Credentials</h4>
+    <code>aws iam update-access-key --access-key-id AKIAXXXXXXXX --status Inactive
+aws iam create-access-key --user-name SERVICE_ACCOUNT</code>
+  </div>
+  <div class="rem-block"><h4>6. Enable IMDSv2 on EC2 (Prevent SSRF)</h4>
+    <code>aws ec2 modify-instance-metadata-options --instance-id i-XXXXXXXXX \\
+  --http-tokens required --http-put-response-hop-limit 1</code>
+  </div>
+</section>
+
+<section>
+  <div class="section-title">Exploitation Evidence</div>
+  <div class="table-wrap"><table>
+    <thead><tr><th>#</th><th>Module</th><th>Action</th><th>Result</th><th>Detail</th><th>Time</th></tr></thead>
+    <tbody>{exploits_html}</tbody>
+  </table></div>
+</section>
+
+</div>
+<div class="footer"><div class="container">
+  <p><strong style="color:#dc2626">ExploitGraph</strong> — Automated Attack Path Discovery & Exploitation Framework</p>
+  <p style="margin-top:3px">For authorized security research only. github.com/prajwalpawar/ExploitGraph</p>
+</div></div>
+
+<script>
+const graphData={graph_json};
+(function(){{
+  const svg=d3.select("#graph-svg");
+  const w=document.getElementById("graph-svg").clientWidth||900,h=480;
+  svg.attr("viewBox",`0 0 ${{w}} ${{h}}`);
+  const colorMap={{CRITICAL:"#dc2626",HIGH:"#ea580c",INFO:"#2563eb",attacker:"#dc2626",target:"#2563eb",exposure:"#ea580c",secret:"#d97706",exploit:"#dc2626",compromise:"#7f1d1d",module:"#7c3aed",asset:"#6b7280",credential:"#d97706",access:"#16a34a"}};
+  function nc(n){{return colorMap[n.type]||colorMap[n.severity]||"#6b7280"}}
+  const nodes=(graphData.nodes||[]).map(n=>({{...n}}));
+  const links=(graphData.edges||[]).map(e=>({{source:e.source,target:e.target,label:e.label||"",technique:e.technique||""}}));
+  svg.append("defs").append("marker").attr("id","ah").attr("viewBox","0 0 10 10").attr("refX",22).attr("refY",5).attr("markerWidth",6).attr("markerHeight",6).attr("orient","auto").append("path").attr("d","M0,0 L10,5 L0,10 Z").attr("fill","#dc2626");
+  const sim=d3.forceSimulation(nodes).force("link",d3.forceLink(links).id(d=>d.id).distance(150).strength(0.8)).force("charge",d3.forceManyBody().strength(-400)).force("center",d3.forceCenter(w/2,h/2)).force("collision",d3.forceCollide(50));
+  const g=svg.append("g");
+  svg.call(d3.zoom().scaleExtent([0.2,4]).on("zoom",e=>g.attr("transform",e.transform)));
+  const link=g.append("g").selectAll("line").data(links).join("line").attr("stroke","#dc2626").attr("stroke-opacity",0.5).attr("stroke-width",1.5).attr("marker-end","url(#ah)");
+  const ll=g.append("g").selectAll("text").data(links).join("text").text(d=>d.technique||"").attr("font-size",9).attr("fill","#475569").attr("text-anchor","middle");
+  const node=g.append("g").selectAll("g").data(nodes).join("g").attr("cursor","pointer").call(d3.drag().on("start",(e,d)=>{{if(!e.active)sim.alphaTarget(0.3).restart();d.fx=d.x;d.fy=d.y}}).on("drag",(e,d)=>{{d.fx=e.x;d.fy=e.y}}).on("end",(e,d)=>{{if(!e.active)sim.alphaTarget(0);d.fx=null;d.fy=null}}));
+  node.append("circle").attr("r",26).attr("fill",d=>nc(d)+"33").attr("stroke",d=>nc(d)).attr("stroke-width",2);
+  node.append("text").text(d=>(d.label||d.id).split("\\n")[0]).attr("text-anchor","middle").attr("dy",-4).attr("fill","#e2e8f0").attr("font-size",11).attr("font-weight","600");
+  node.append("text").text(d=>(d.label||"").split("\\n")[1]||"").attr("text-anchor","middle").attr("dy",10).attr("fill","#94a3b8").attr("font-size",9);
+  const tip=d3.select("body").append("div").style("position","fixed").style("background","#1e293b").style("border","1px solid #334155").style("border-radius","6px").style("padding","8px 12px").style("font-size","12px").style("color","#e2e8f0").style("pointer-events","none").style("opacity",0).style("max-width","220px").style("z-index","9999");
+  node.on("mouseover",(e,d)=>tip.style("opacity",1).html(`<strong style="color:#dc2626">${{d.id}}</strong><br>${{d.details||d.label||""}}`)).on("mousemove",e=>tip.style("left",(e.clientX+10)+"px").style("top",(e.clientY-24)+"px")).on("mouseout",()=>tip.style("opacity",0));
+  sim.on("tick",()=>{{link.attr("x1",d=>d.source.x).attr("y1",d=>d.source.y).attr("x2",d=>d.target.x).attr("y2",d=>d.target.y);ll.attr("x",d=>(d.source.x+d.target.x)/2).attr("y",d=>(d.source.y+d.target.y)/2-6);node.attr("transform",d=>`translate(${{d.x}},${{d.y}})`)}});
+}})();
+function toggleF(h){{const b=h.nextElementSibling;b.classList.toggle("open");h.querySelector(".fa").textContent=b.classList.contains("open")?"▲":"▼"}}
+</script>
+</body></html>"""
+
+
+class HtmlReport(BaseModule):
+
+    NAME        = "html_report"
+    DESCRIPTION = "Generate a professional HTML security assessment report with interactive D3.js attack graph"
+    AUTHOR      = "ExploitGraph Team"
+    VERSION     = "1.2.0"
+    CATEGORY    = "reporting"
+    SEVERITY    = "INFO"
+    MITRE       = []
+    AWS_PARALLEL = "AWS Security Hub consolidated findings export"
+
+    OPTIONS = {
+        "OUTPUT_DIR": {"default": "reports", "required": False, "description": "Output directory for reports"},
+        "OPEN":       {"default": "false",   "required": False, "description": "Auto-open in browser after generation"},
+    }
+
+    def run(self, session: "Session") -> ModuleResult:
+        from core.logger import log
+        from core.risk_engine import risk_engine
+        from core.attack_graph import attack_graph
+
+        self._timer_start()
+        log.section("HTML Report Generator")
+
+        output_dir = Path(self.get_option("OUTPUT_DIR", "reports"))
+        output_dir.mkdir(exist_ok=True)
+        report_path = output_dir / f"ExploitGraph_{session.session_id}.html"
+        json_path   = output_dir / f"ExploitGraph_{session.session_id}.json"
+
+        # Build attack graph
+        attack_graph.build(session)
+        graph_json = json.dumps(attack_graph.to_json())
+
+        # Risk scoring
+        score, label = risk_engine.session_score(session)
+        session.update_risk(score)
+
+        # Sort findings
+        sorted_findings = sorted(session.findings,
+                                  key=lambda f: SEVERITY_ORDER.get(f.get("severity", "INFO"), 99))
+
+        sev = session.summary()["severity"]
+
+        html = HTML_TEMPLATE.format(
+            session_id     = session.session_id,
+            report_date    = datetime.datetime.now().strftime("%Y-%m-%d %H:%M UTC"),
+            target         = session.target,
+            sev_critical   = sev["CRITICAL"],
+            sev_high       = sev["HIGH"],
+            secrets_count  = len(session.secrets),
+            risk_score     = score,
+            risk_label     = label,
+            total_findings = len(sorted_findings),
+            findings_html  = self._render_findings(sorted_findings),
+            secrets_html   = self._render_secrets(session.secrets),
+            mitre_html     = self._render_mitre(session),
+            exploits_html  = self._render_exploits(session.exploit_results),
+            graph_json     = graph_json,
+        )
+
+        report_path.write_text(html, encoding="utf-8")
+
+        # JSON export
+        json_path.write_text(json.dumps({
+            "session":  session.summary(),
+            "findings": sorted_findings,
+            "secrets":  session.secrets,
+            "exploits": session.exploit_results,
+            "graph":    attack_graph.to_json(),
+            "risk":     risk_engine.score_breakdown(session),
+        }, indent=2), encoding="utf-8")
+
+        log.success(f"HTML report: {report_path}")
+        log.success(f"JSON export: {json_path}")
+        log.info(f"Risk Score: {score}/10 [{label}]")
+        log.info(f"Open: firefox {report_path} &")
+
+        if self.get_option("OPEN", "false").lower() == "true":
+            import subprocess
+            subprocess.Popen(["xdg-open", str(report_path)],
+                             stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
+
+        elapsed = self._timer_stop()
+        return ModuleResult(True, {
+            "report_path": str(report_path),
+            "json_path":   str(json_path),
+            "findings":    len(sorted_findings),
+            "risk_score":  score,
+        })
+
+    def _render_findings(self, findings: list) -> str:
+        if not findings:
+            return '<p style="color:#94a3b8">No findings recorded.</p>'
+        html = ""
+        for i, f in enumerate(findings, 1):
+            sev   = f.get("severity", "INFO")
+            cvss  = f.get("cvss_score", 0)
+            color = CVSS_COLOR.get(sev, "#6b7280")
+            mitre = f.get("mitre_technique", "")
+            recs  = f.get("recommendation", "")
+            rec_items = "".join(f"<li>{l.strip().lstrip('0123456789. ')}</li>"
+                                for l in recs.split("\n") if l.strip())
+            aws   = f.get("aws_parallel", "")
+            html += f"""<div class="finding">
+<div class="fh" onclick="toggleF(this)">
+  <div><div class="ft">{i}. {f.get('title','')}</div>
+  {'<span class="mitre-tag">'+mitre+'</span>' if mitre else ''}</div>
+  <div style="display:flex;align-items:center;gap:10px">
+    <div style="text-align:right"><div style="font-size:10px;color:#94a3b8">CVSS</div>
+    <div style="font-size:16px;font-weight:900;color:{color}">{cvss}</div></div>
+    <span class="badge b{sev[0]}">{sev}</span>
+    <span class="fa" style="color:#94a3b8">▼</span>
+  </div>
+</div>
+<div class="fb">
+  <div class="cvss-bar"><div class="cvss-fill" style="width:{int(cvss/10*100)}%;background:{color}"></div></div>
+  <h4>Description</h4><p>{f.get('description','')}</p>
+  <h4>Evidence</h4><pre>{f.get('evidence','')}</pre>
+  {'<div class="aws-box"><div class="al">AWS Real-World Parallel</div><p>'+aws+'</p></div>' if aws else ''}
+  <h4>Remediation</h4><ul class="rec-list">{rec_items}</ul>
+</div></div>"""
+        return html
+
+    def _render_secrets(self, secrets: list) -> str:
+        html = ""
+        for i, s in enumerate(secrets, 1):
+            sev = s.get("severity", "HIGH")
+            val = s.get("value", "")
+            html += f"""<tr>
+<td>{i}</td>
+<td><code class="mono">{s.get('secret_type','')}</code></td>
+<td><span class="badge b{sev[0]}">{sev}</span></td>
+<td class="mono">{val[:45]}{'...' if len(val)>45 else ''}</td>
+<td style="color:#94a3b8;font-size:12px">{s.get('source','')[:50]}</td>
+<td style="color:#60a5fa;font-size:12px">{s.get('aws_parallel','')[:70]}</td>
+</tr>"""
+        return html or "<tr><td colspan='6' style='color:#94a3b8'>No secrets found</td></tr>"
+
+    def _render_mitre(self, session: "Session") -> str:
+        used = set()
+        for f in session.findings:
+            t = f.get("mitre_technique", "")
+            for key in MITRE_REF:
+                if key in t:
+                    used.add(key)
+        html = ""
+        for key in sorted(used):
+            if key in MITRE_REF:
+                t_id, t_name, t_desc = MITRE_REF[key]
+                url = f"https://attack.mitre.org/techniques/{t_id.replace('.','/')}"
+                html += f"""<div class="mitre-card">
+<div class="mc-id">{t_id}</div>
+<div class="mc-name">{t_name}</div>
+<div class="mc-desc">{t_desc}</div>
+<a href="{url}" target="_blank">→ MITRE ATT&CK</a>
+</div>"""
+        return html or '<p style="color:#94a3b8">No MITRE techniques recorded.</p>'
+
+    def _render_exploits(self, results: list) -> str:
+        html = ""
+        for i, r in enumerate(results, 1):
+            ok  = r.get("success", False)
+            cls = "bC" if ok else "bL"
+            lbl = "SUCCESS" if ok else "FAILED"
+            html += f"""<tr>
+<td>{i}</td>
+<td style="font-size:12px;color:#94a3b8">{r.get('module','')[:25]}</td>
+<td style="font-weight:600">{r.get('action','')[:55]}</td>
+<td><span class="badge {cls}">{lbl}</span></td>
+<td style="font-size:12px;color:#94a3b8">{r.get('detail','')[:70]}</td>
+<td style="font-size:11px;color:#475569;white-space:nowrap">{r.get('timestamp','')[:19]}</td>
+</tr>"""
+        return html or "<tr><td colspan='6' style='color:#94a3b8'>No exploitation attempts</td></tr>"

modules/reporting/json_export.py

@@ -0,0 +1,107 @@
+"""
+ExploitGraph Module: JSON Exporter
+Category: reporting
+Exports session data as structured JSON — for CI/CD integration, SIEM ingestion,
+custom tooling, or feeding into other security platforms.
+"""
+from __future__ import annotations
+import json
+import datetime
+from pathlib import Path
+from typing import TYPE_CHECKING
+
+from modules.base import BaseModule, ModuleResult
+
+if TYPE_CHECKING:
+    from core.session_manager import Session
+
+
+class JsonExport(BaseModule):
+
+    NAME        = "json_export"
+    DESCRIPTION = "Export all session findings, secrets, and attack graph as structured JSON"
+    AUTHOR      = "ExploitGraph Team"
+    VERSION     = "1.0.0"
+    CATEGORY    = "reporting"
+    SEVERITY    = "INFO"
+    MITRE       = []
+    AWS_PARALLEL = "AWS Security Hub findings JSON format / ASFF export"
+
+    OPTIONS = {
+        "OUTPUT_DIR": {"default": "reports", "required": False, "description": "Output directory"},
+        "PRETTY":     {"default": "true",    "required": False, "description": "Pretty-print JSON"},
+        "INCLUDE_GRAPH": {"default": "true", "required": False, "description": "Include attack graph in export"},
+    }
+
+    def run(self, session: "Session") -> ModuleResult:
+        from core.logger import log
+        from core.risk_engine import risk_engine
+        from core.attack_graph import attack_graph
+
+        self._timer_start()
+        output_dir = Path(self.get_option("OUTPUT_DIR", "reports"))
+        output_dir.mkdir(exist_ok=True)
+
+        attack_graph.build(session)
+        score, label = risk_engine.session_score(session)
+
+        indent = 2 if self.get_option("PRETTY", "true").lower() == "true" else None
+
+        # Full export
+        full_export = {
+            "meta": {
+                "tool":       "ExploitGraph",
+                "version":    "1.0.0",
+                "session_id": session.session_id,
+                "target":     session.target,
+                "exported":   datetime.datetime.now(datetime.timezone.utc).isoformat() + "Z",
+                "mode":       session.mode,
+            },
+            "risk": {
+                "score":      score,
+                "label":      label,
+                "breakdown":  risk_engine.score_breakdown(session),
+            },
+            "summary": session.summary(),
+            "findings": session.findings,
+            "secrets":  session.secrets,
+            "endpoints": session.endpoints,
+            "exploit_results": session.exploit_results,
+        }
+
+        if self.get_option("INCLUDE_GRAPH", "true").lower() == "true":
+            full_export["attack_graph"] = attack_graph.to_json()
+
+        out_path = output_dir / f"ExploitGraph_{session.session_id}_full.json"
+        out_path.write_text(json.dumps(full_export, indent=indent), encoding="utf-8")
+        log.success(f"JSON export: {out_path}")
+
+        # Minimal findings-only export (for SIEM/ticketing)
+        findings_export = {
+            "session_id": session.session_id,
+            "target":     session.target,
+            "risk_score": score,
+            "findings": [
+                {
+                    "id":        f"EG-{i+1:04d}",
+                    "title":     f["title"],
+                    "severity":  f["severity"],
+                    "cvss":      f.get("cvss_score", 0),
+                    "module":    f.get("module", ""),
+                    "mitre":     f.get("mitre_technique", ""),
+                    "aws":       f.get("aws_parallel", ""),
+                    "recommendation": f.get("recommendation", ""),
+                }
+                for i, f in enumerate(session.findings)
+            ],
+        }
+        min_path = output_dir / f"ExploitGraph_{session.session_id}_findings.json"
+        min_path.write_text(json.dumps(findings_export, indent=indent), encoding="utf-8")
+        log.success(f"Findings JSON: {min_path}")
+
+        elapsed = self._timer_stop()
+        return ModuleResult(True, {
+            "full_export":     str(out_path),
+            "findings_export": str(min_path),
+            "findings":        len(session.findings),
+        })