offsec-ai 2.0.0__tar.gz → 2.0.2__tar.gz

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/CHANGELOG.md

@@ -5,6 +5,22 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.0.2] - 2026-06-29
+
+### Changed
+- README logo replaced with inline ASCII art (no external image dependency)
+- User-Agent strings updated from `SimplePortChecker/1.0` to `offsec-ai/2.0` in `L7Detector` and `HybridIdentityChecker`
+- `reportlab>=4.0.0` promoted to core dependency in `pyproject.toml` (was missing, caused `ModuleNotFoundError` on fresh installs)
+- Docker image now installs `[ai]` extras (`openai`, `anthropic`) so LLM judge works at runtime via env vars
+- Dockerfile redundant pre-installs removed; `pip install ".[ai]"` is now the single install step
+- `docker-push` and `docker-release` Makefile targets added with auto-versioning from `pyproject.toml`
+- CI/CD: `docker.yml` image labels updated (title, description); unused `build-args` removed
+- CI/CD: `publish.yml` PyPI environment URL no longer pins a hardcoded version
+- Stale files removed: `PROJECT_STRUCTURE.md`, `HYBRID_IDENTITY_QUICKREF.md`, `IMPLEMENTATION_HYBRID_IDENTITY.md`, `MANIFEST.in`, empty `scripts/` dir
+- `tests/test_dns_trace.py` removed (was a live-network script, not a pytest test)
+- `tests/test_mtls.py` and `tests/test_mtls_integration.py` rewritten as proper `assert`-based pytest tests
+- `setup_dev.sh` updated: branding, venv path (`.venv`), and `[ai]` extras
+
 ## [2.0.0] - 2026-06-29
 
 ### Added — AI / LLM Security (fresh start as `offsec-ai`)
@@ -560,5 +576,6 @@ All existing functionality (port scanning, L7 detection, mTLS, certificate analy
 - cryptography: For certificate handling
 - certifi: For CA bundle management
 
-[Unreleased]: https://github.com/htunn/offsec-ai/compare/v2.0.0...HEAD
+[Unreleased]: https://github.com/Htunn/offsec-ai/compare/v2.0.1...HEAD
+[2.0.1]: https://github.com/Htunn/offsec-ai/compare/v2.0.0...v2.0.1
 [2.0.0]: https://github.com/htunn/offsec-ai/releases/tag/v2.0.0

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/CONTRIBUTING.md

@@ -1,6 +1,6 @@
-# Contributing to Simple Port Checker
+# Contributing to offsec-ai
 
-Thank you for your interest in contributing to Simple Port Checker! This guide will help you get started.
+Thank you for your interest in contributing to offsec-ai! This guide will help you get started.
 
 ## Code of Conduct
 
@@ -12,7 +12,7 @@ This project adheres to a code of conduct. By participating, you are expected to
 
 1. **Fork and clone the repository**
    ```bash
-   git clone https://github.com/yourusername/offsec-ai.git
+   git clone https://github.com/Htunn/offsec-ai.git
    cd offsec-ai
    ```
 
@@ -327,4 +327,4 @@ Contributors will be recognized in:
 - **Release notes** for significant contributions
 - **GitHub contributors** page
 
-Thank you for contributing to Simple Port Checker! 🎉
+Thank you for contributing to offsec-ai! 🎉

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2025 Simple Port Checker
+Copyright (c) 2026 offsec-ai (Htunn)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/PKG-INFO

@@ -1,13 +1,15 @@
 Metadata-Version: 2.4
 Name: offsec-ai
-Version: 2.0.0
+Version: 2.0.2
 Summary: Offensive-security toolkit: port scanning, L7/WAF detection, mTLS, certificate analysis, OWASP Top 10, AI/LLM OWASP Top 10 black-box probing, and MCP endpoint security scanning
 Project-URL: Homepage, https://github.com/htunn/offsec-ai
 Project-URL: Repository, https://github.com/htunn/offsec-ai
 Project-URL: Issues, https://github.com/htunn/offsec-ai/issues
 Project-URL: Documentation, https://github.com/htunn/offsec-ai#readme
-Author-email: htunn <htunnthuthu.linux@gmail.com>
-Maintainer-email: htunn <htunnthuthu.linux@gmail.com>
+Author: Htunn
+Author-email: htunnthuthu.linux@gmail.com
+Maintainer: Htunn
+Maintainer-email: htunnthuthu.linux@gmail.com
 License: MIT
 License-File: LICENSE
 Keywords: ai,ai-security,certificate,certificate-analysis,firewall,l7-protection,llm,mcp,model-context-protocol,network,offensive-security,owasp,pentest,pki,port-scanner,red-team,security,ssl,tls,waf
@@ -37,6 +39,7 @@ Requires-Dist: httpx>=0.25.0
 Requires-Dist: mcp>=1.0.0
 Requires-Dist: pydantic>=2.0.0
 Requires-Dist: python-nmap>=0.7.1
+Requires-Dist: reportlab>=4.0.0
 Requires-Dist: requests>=2.31.0
 Requires-Dist: rich>=13.0.0
 Provides-Extra: ai
@@ -56,9 +59,15 @@ Provides-Extra: gemini
 Requires-Dist: google-generativeai>=0.7.0; extra == 'gemini'
 Description-Content-Type: text/markdown
 
-<p align="center">
-  <img src="docs/assets/logo.svg" alt="offsec-ai" width="520"/>
-</p>
+```
+  ██████╗ ███████╗███████╗███████╗███████╗ ██████╗       █████╗ ██╗
+ ██╔═══██╗██╔════╝██╔════╝██╔════╝██╔════╝██╔════╝      ██╔══██╗██║
+ ██║   ██║█████╗  █████╗  ███████╗█████╗  ██║     █████╗███████║██║
+ ██║   ██║██╔══╝  ██╔══╝  ╚════██║██╔══╝  ██║     ╚════╝██╔══██║██║
+ ╚██████╔╝██║     ██║     ███████║███████╗╚██████╗       ██║  ██║██║
+  ╚═════╝ ╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝       ╚═╝  ╚═╝╚═╝
+  Offensive-Security Toolkit · AI/LLM · MCP · Red-Team
+```
 
 <p align="center">
   <a href="https://pypi.org/project/offsec-ai/"><img src="https://img.shields.io/pypi/v/offsec-ai" alt="PyPI Version"/></a>
@@ -554,8 +563,23 @@ docker run --rm htunnthuthu/offsec-ai:latest owasp-scan example.com
 docker run --rm -v $(pwd):/app/output htunnthuthu/offsec-ai:latest \
   ai-owasp-scan https://api.example.com/v1/chat/completions \
   --output /app/output/llm-report.json
+
+# LLM Judge — openai, anthropic, or gemini key auto-detected; no extra install needed
+docker run --rm \
+  -e OPENAI_API_KEY=sk-... \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
+
+# Custom OpenAI-compatible backend (Ollama, LM Studio, Azure OpenAI…)
+docker run --rm \
+  -e OFFSEC_LLM_BASE_URL=http://host.docker.internal:11434/v1 \
+  -e OFFSEC_LLM_MODEL=llama3 \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
 ```
 
+See [docs/DOCKER.md](docs/DOCKER.md) for the full Docker reference including CI/CD integration, Kubernetes jobs, Makefile publish targets, and troubleshooting.
+
 ---
 
 ## Configuration

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/README.md

@@ -1,6 +1,12 @@
-<p align="center">
-  <img src="docs/assets/logo.svg" alt="offsec-ai" width="520"/>
-</p>
+```
+  ██████╗ ███████╗███████╗███████╗███████╗ ██████╗       █████╗ ██╗
+ ██╔═══██╗██╔════╝██╔════╝██╔════╝██╔════╝██╔════╝      ██╔══██╗██║
+ ██║   ██║█████╗  █████╗  ███████╗█████╗  ██║     █████╗███████║██║
+ ██║   ██║██╔══╝  ██╔══╝  ╚════██║██╔══╝  ██║     ╚════╝██╔══██║██║
+ ╚██████╔╝██║     ██║     ███████║███████╗╚██████╗       ██║  ██║██║
+  ╚═════╝ ╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝       ╚═╝  ╚═╝╚═╝
+  Offensive-Security Toolkit · AI/LLM · MCP · Red-Team
+```
 
 <p align="center">
   <a href="https://pypi.org/project/offsec-ai/"><img src="https://img.shields.io/pypi/v/offsec-ai" alt="PyPI Version"/></a>
@@ -496,8 +502,23 @@ docker run --rm htunnthuthu/offsec-ai:latest owasp-scan example.com
 docker run --rm -v $(pwd):/app/output htunnthuthu/offsec-ai:latest \
   ai-owasp-scan https://api.example.com/v1/chat/completions \
   --output /app/output/llm-report.json
+
+# LLM Judge — openai, anthropic, or gemini key auto-detected; no extra install needed
+docker run --rm \
+  -e OPENAI_API_KEY=sk-... \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
+
+# Custom OpenAI-compatible backend (Ollama, LM Studio, Azure OpenAI…)
+docker run --rm \
+  -e OFFSEC_LLM_BASE_URL=http://host.docker.internal:11434/v1 \
+  -e OFFSEC_LLM_MODEL=llama3 \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
 ```
 
+See [docs/DOCKER.md](docs/DOCKER.md) for the full Docker reference including CI/CD integration, Kubernetes jobs, Makefile publish targets, and troubleshooting.
+
 ---
 
 ## Configuration

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/SECURITY.md

@@ -2,12 +2,12 @@
 
 ## Supported Versions
 
-We provide security updates for the following versions of Simple Port Checker:
+We provide security updates for the following versions of offsec-ai:
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 0.2.x   | :white_check_mark: |
-| 0.1.x   | :x:                |
+| 2.x     | :white_check_mark: |
+| 1.x     | :x:                |
 
 ## Reporting a Vulnerability
 
@@ -15,7 +15,7 @@ We take security vulnerabilities seriously. If you discover a security vulnerabi
 
 ### How to Report
 
-1. **Email**: Send an email to `htunnthuthu.linux@gmail.com` with the subject line "Security Vulnerability in Simple Port Checker"
+1. **Email**: Send an email to `htunnthuthu.linux@gmail.com` with the subject line "Security Vulnerability in offsec-ai"
 2. **Include**: 
    - A description of the vulnerability
    - Steps to reproduce the issue
@@ -38,7 +38,7 @@ We practice responsible disclosure:
 
 ## Security Best Practices
 
-When using Simple Port Checker:
+When using offsec-ai:
 
 1. **Network Scanning**: Only scan networks you own or have explicit permission to test
 2. **Rate Limiting**: Use appropriate timeout and concurrency settings to avoid overwhelming target systems

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/docs/DOCKER.md

@@ -9,6 +9,7 @@ A comprehensive, lightweight Docker container for network secu## 🔒 Certificat
 | Tag | Description | Size | Architectures |
 |-----|-------------|------|---------------|
 | `latest` | Latest stable release | ~60MB | `linux/amd64`, `linux/arm64` |
+| `v2.0.1` | v2.0.1 — logo fix, docs cleanup | ~60MB | `linux/amd64`, `linux/arm64` |
 | `v2.0.0` | v2.0.0 — AI/LLM scanner, MCP scanner, Gemini judge | ~60MB | `linux/amd64`, `linux/arm64` |
 
 **Recommendation**: Use `latest` for the most recent features, or pin to specific version tags for production deployments.
@@ -259,9 +260,73 @@ spec:
 - ✅ OCSP and CRL URL extraction for revocation checking
 - ✅ Certificate fingerprint generation (SHA-1, SHA-256)
 
-## �🔧 Configuration & Environment
+## 🤖 AI / LLM Security Usage
+
+The image ships with `openai` and `anthropic` pre-installed (`[ai]` extra). Pass an API key at runtime to enable the **LLM Judge** for smarter semantic vulnerability detection.
+
+### AI OWASP Top 10 Scan (rule-based, no key required)
+```bash
+docker run --rm htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions
+```
+
+### AI OWASP Top 10 Scan with LLM Judge
 
-### Environment Variables
+```bash
+# OpenAI judge
+docker run --rm \
+  -e OPENAI_API_KEY=sk-... \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
+
+# Anthropic judge
+docker run --rm \
+  -e ANTHROPIC_API_KEY=sk-ant-... \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
+
+# Google Gemini judge (no extra package needed)
+docker run --rm \
+  -e GEMINI_API_KEY=AIzaSy... \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
+
+# Custom OpenAI-compatible endpoint (Ollama, LM Studio, Azure OpenAI, etc.)
+docker run --rm \
+  -e OFFSEC_LLM_BASE_URL=http://host.docker.internal:11434/v1 \
+  -e OFFSEC_LLM_MODEL=llama3 \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
+```
+
+### MCP Security Scan
+```bash
+# Scan an MCP endpoint
+docker run --rm htunnthuthu/offsec-ai:latest \
+  mcp-scan https://mcp.example.com/mcp
+
+# Active MCP attack (requires authorization flag)
+docker run --rm htunnthuthu/offsec-ai:latest \
+  mcp-attack https://mcp.example.com/mcp --i-have-authorization --mode deep
+```
+
+---
+
+## 🔧 Configuration & Environment
+
+### LLM / AI Judge Environment Variables
+
+| Variable | Provider | Description |
+|----------|----------|-------------|
+| `OPENAI_API_KEY` | OpenAI | Enables OpenAI judge (e.g. `gpt-4o-mini`) |
+| `ANTHROPIC_API_KEY` | Anthropic | Enables Anthropic judge (e.g. `claude-3-haiku`) |
+| `GEMINI_API_KEY` | Google | Enables Gemini judge (e.g. `gemini-1.5-flash`) |
+| `OFFSEC_LLM_BASE_URL` | Any OpenAI-compatible | Use a custom/local endpoint as the judge backend |
+| `OFFSEC_LLM_MODEL` | All | Override the default model name |
+
+Provider is **auto-detected** from whichever key is set; `OFFSEC_LLM_BASE_URL` takes precedence over `OPENAI_API_KEY`.
+
+### General Environment Variables
 ```bash
 # Set timeout for operations
 docker run --rm -e TIMEOUT=30 htunnthuthu/offsec-ai:latest scan example.com
@@ -293,12 +358,12 @@ docker run --rm -v /host/certs:/app/certs \
 ## 🔒 Security Features
 
 ### Non-Root User
-- ✅ Container runs as non-root user `scanner` (UID: 1000)
+- ✅ Container runs as non-root user `appuser` (UID: 1000)
 - ✅ No privileged access required
 - ✅ Minimal attack surface
 
 ### Minimal Dependencies
-- ✅ Based on Alpine Linux for small footprint
+- ✅ Based on Debian slim for minimal footprint
 - ✅ Only essential packages included
 - ✅ Regular security updates via automated builds
 
@@ -310,17 +375,18 @@ docker run --rm -v /host/certs:/app/certs \
 ## 🏷️ Image Specifications
 
 ### Base Image
-- **OS**: Alpine Linux (latest stable)
+- **OS**: Debian GNU/Linux 12 Bookworm slim (`python:3.12-slim-bookworm`)
 - **Python**: 3.12+
 - **Architecture**: Multi-arch (AMD64, ARM64)
-- **User**: Non-root (`scanner:scanner`)
+- **User**: Non-root (`appuser:appuser`, UID/GID 1000)
 
 ### Installed Tools
-- ✅ Simple Port Checker (latest version)
+- ✅ `offsec-ai` (latest version)
 - ✅ Python runtime and required dependencies
+- ✅ `openai` & `anthropic` packages — bundled via `[ai]` extra; LLM judge activates automatically when you pass an API key env var
 - ✅ SSL/TLS libraries for certificate handling
 - ✅ DNS resolution utilities
-- ✅ OpenSSL for certificate chain extraction
+- ✅ `nmap` for port scanning
 - ✅ Cryptography libraries for certificate analysis
 
 ### Performance
@@ -429,7 +495,42 @@ docker run --rm --memory=512m htunnthuthu/offsec-ai:latest scan example.com
 docker run --rm --cpus=2 htunnthuthu/offsec-ai:latest full-scan example.com
 ```
 
-## 🔗 Related Links
+## �️ Building & Publishing Locally
+
+The `Makefile` provides convenience targets for building and pushing to Docker Hub.
+
+```bash
+# Build the image locally
+make docker-build
+
+# Build without cache
+make docker-build-no-cache
+
+# Build multi-arch (linux/amd64 + linux/arm64) — requires docker buildx
+make docker-build-multi
+
+# Push to Docker Hub (builds first, then tags + pushes :version and :latest)
+make docker-push                              # uses DOCKER_USERNAME=htunn by default
+make docker-push DOCKER_USERNAME=youruser     # override username
+
+# Full release in one command
+make docker-release                           # equivalent to docker-build + docker-push
+
+# Test the local image
+make docker-test
+
+# Scan image for vulnerabilities (requires trivy)
+make docker-scan
+
+# Clean up local Docker artifacts
+make docker-clean
+```
+
+The `DOCKER_VERSION` is read automatically from `pyproject.toml`, so the published tags match the package version exactly.
+
+---
+
+## �🔗 Related Links
 
 - **GitHub Repository**: [Htunn/offsec-ai](https://github.com/Htunn/offsec-ai)
 - **PyPI Package**: [offsec-ai](https://pypi.org/project/offsec-ai/)

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/docs/assets/logo.svg

@@ -49,7 +49,7 @@
   <!-- Version badge -->
   <rect x="62" y="94" width="52" height="16" rx="3" fill="#cc000033" stroke="#cc000066" stroke-width="0.8"/>
   <text x="88" y="106" font-family="'Courier New', Courier, monospace" font-size="9"
-        fill="#ff6666" text-anchor="middle">v2.0.0</text>
+        fill="#ff6666" text-anchor="middle">v2.0.1</text>
 
   <!-- Right decorative dots (terminal-like) -->
   <circle cx="470" cy="26" r="5" fill="#ff4444" opacity="0.9"/>

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/docs/quickstart.md

@@ -28,9 +28,8 @@ offsec-ai ai-owasp-scan https://api.example.com/v1/chat/completions \
 offsec-ai mcp-scan https://mcp.example.com/mcp
 offsec-ai mcp-scan https://mcp.example.com/mcp --output report.json
 
-# MCP attacker (requires --authorized flag)
-offsec-ai mcp-attack https://mcp.example.com/mcp --authorized \
-    --auth-token "$TOKEN"
+# MCP attacker (requires --i-have-authorization flag)
+offsec-ai mcp-attack https://mcp.example.com/mcp --i-have-authorization
 ```
 
 ### Python API
@@ -167,6 +166,7 @@ offsec-ai scan example.com --verbose
 ## Examples
 
 See the `examples/` directory for complete usage examples:
-- `usage_examples.py` - Comprehensive examples
-- `batch_scanning.py` - Batch scanning multiple targets
-- `custom_config.py` - Custom configuration examples
+- `usage_examples.py` — Core infrastructure scanning examples
+- `comprehensive_examples.py` — All features with detailed output
+- `mtls_examples.py` — mTLS testing and certificate generation
+- `owasp_scan_examples.py` — OWASP Top 10 scanning with PDF/CSV export

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/pyproject.toml

@@ -4,16 +4,18 @@ build-backend = "hatchling.build"
 
 [project]
 name = "offsec-ai"
-version = "2.0.0"
+version = "2.0.2"
 description = "Offensive-security toolkit: port scanning, L7/WAF detection, mTLS, certificate analysis, OWASP Top 10, AI/LLM OWASP Top 10 black-box probing, and MCP endpoint security scanning"
 readme = "README.md"
 requires-python = ">=3.12"
 license = {text = "MIT"}
 authors = [
-    {name = "htunn", email = "htunnthuthu.linux@gmail.com"}
+    {name = "Htunn"},
+    {email = "htunnthuthu.linux@gmail.com"}
 ]
 maintainers = [
-    {name = "htunn", email = "htunnthuthu.linux@gmail.com"}
+    {name = "Htunn"},
+    {email = "htunnthuthu.linux@gmail.com"}
 ]
 keywords = ["firewall", "port-scanner", "l7-protection", "waf", "network", "security", "ssl", "tls", "certificate", "certificate-analysis", "pki", "offensive-security", "red-team", "pentest", "ai", "llm", "mcp", "owasp", "ai-security", "model-context-protocol"]
 classifiers = [
@@ -46,6 +48,7 @@ dependencies = [
     "cryptography>=41.0.0",
     "mcp>=1.0.0",
     "httpx>=0.25.0",
+    "reportlab>=4.0.0",
 ]
 
 [project.optional-dependencies]

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/src/offsec_ai/__init__.py

@@ -16,7 +16,7 @@ Capabilities:
 - Rich CLI interface with progress bars
 """
 
-__version__ = "2.0.0"
+__version__ = "2.0.2"
 __author__ = "htunn"
 __email__ = "htunnthuthu.linux@gmail.com"
 __license__ = "MIT"

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/src/offsec_ai/core/ai_owasp_scanner.py

@@ -98,7 +98,7 @@ class LLMOwaspScanner:
         async with httpx.AsyncClient(
             headers={
                 "Content-Type": "application/json",
-                "User-Agent": "offsec-ai/2.0.0",
+                "User-Agent": "offsec-ai/2.0.1",
                 **self.headers,
             },
             timeout=self.timeout,

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/src/offsec_ai/core/hybrid_identity_checker.py

@@ -91,7 +91,7 @@ class HybridIdentityChecker:
             timeout: Request timeout in seconds
         """
         self.timeout = timeout
-        self.user_agent = "SimplePortChecker/1.0 (Hybrid Identity Scanner)"
+        self.user_agent = "offsec-ai/2.0 (Hybrid Identity Scanner)"
     
     async def check(self, fqdn: str) -> HybridIdentityResult:
         """

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/src/offsec_ai/core/l7_detector.py

@@ -55,7 +55,7 @@ class L7Detector:
             user_agent: Custom User-Agent string
         """
         self.timeout = timeout
-        self.user_agent = user_agent or "SimplePortChecker/1.0 (Security Scanner)"
+        self.user_agent = user_agent or "offsec-ai/2.0 (Security Scanner)"
         self.signatures = L7_SIGNATURES
 
     async def detect(self, host: str, port: int = None, path: str = "/", trace_dns: bool = False) -> L7Result:

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/src/offsec_ai/core/mcp_attacker.py

@@ -169,7 +169,7 @@ class MCPAttacker:
             test_headers = {
                 "Content-Type": "application/json",
                 "Accept": "application/json, text/event-stream",
-                "User-Agent": "offsec-ai/2.0.0",
+                "User-Agent": "offsec-ai/2.0.1",
                 **probe.get("headers", {}),
             }
             triggered = False
@@ -233,7 +233,7 @@ class MCPAttacker:
                 async with httpx.AsyncClient(
                     headers={"Content-Type": "application/json",
                              "Accept": "application/json, text/event-stream",
-                             "User-Agent": "offsec-ai/2.0.0", **headers},
+                             "User-Agent": "offsec-ai/2.0.1", **headers},
                     timeout=timeout,
                 ) as client:
                     resp = await client.post(target, json=payload)
@@ -295,7 +295,7 @@ class MCPAttacker:
                     async with httpx.AsyncClient(
                         headers={"Content-Type": "application/json",
                                  "Accept": "application/json, text/event-stream",
-                                 "User-Agent": "offsec-ai/2.0.0", **headers},
+                                 "User-Agent": "offsec-ai/2.0.1", **headers},
                         timeout=timeout,
                     ) as client:
                         resp = await client.post(target, json=payload)
@@ -356,7 +356,7 @@ class MCPAttacker:
                     async with httpx.AsyncClient(
                         headers={"Content-Type": "application/json",
                                  "Accept": "application/json, text/event-stream",
-                                 "User-Agent": "offsec-ai/2.0.0", **headers},
+                                 "User-Agent": "offsec-ai/2.0.1", **headers},
                         timeout=timeout,
                     ) as client:
                         resp = await client.post(target, json=payload)

{offsec_ai-2.0.0 → offsec_ai-2.0.2}/src/offsec_ai/core/mcp_scanner.py

@@ -97,7 +97,7 @@ class MCPScanner:
             headers={
                 "Content-Type": "application/json",
                 "Accept": "application/json, text/event-stream",
-                "User-Agent": "offsec-ai/2.0.0",
+                "User-Agent": "offsec-ai/2.0.1",
                 **self.headers,
             },
             timeout=self.timeout,
@@ -189,7 +189,7 @@ class MCPScanner:
 
         # Try without any auth header
         no_auth_client = httpx.AsyncClient(
-            headers={"Content-Type": "application/json", "Accept": "application/json, text/event-stream", "User-Agent": "offsec-ai/2.0.0"},
+            headers={"Content-Type": "application/json", "Accept": "application/json, text/event-stream", "User-Agent": "offsec-ai/2.0.1"},
             timeout=self.timeout,
         )
         async with no_auth_client:

offsec_ai-2.0.2/tests/test_mtls.py

@@ -0,0 +1,102 @@
+"""Tests for mTLS models and CLI commands."""
+
+from datetime import datetime
+
+
+def test_imports():
+    """All mTLS modules import without error."""
+    from offsec_ai.models.mtls_result import BatchMTLSResult, CertificateInfo, MTLSResult  # noqa: F401
+    from offsec_ai.core.mtls_checker import MTLSChecker  # noqa: F401
+
+
+def test_certificate_info_model():
+    """CertificateInfo model fields are created correctly."""
+    from offsec_ai.models.mtls_result import CertificateInfo
+
+    cert = CertificateInfo(
+        subject="CN=test.example.com",
+        issuer="CN=Test CA",
+        version=3,
+        serial_number="12345",
+        not_valid_before="2024-01-01T00:00:00",
+        not_valid_after="2025-01-01T00:00:00",
+        signature_algorithm="sha256WithRSAEncryption",
+        key_algorithm="RSAPublicKey",
+        key_size=2048,
+        san_dns_names=["test.example.com", "*.example.com"],
+        san_ip_addresses=["192.168.1.1"],
+        is_ca=False,
+        is_self_signed=False,
+        fingerprint_sha256="abcd1234...",
+    )
+    assert cert.subject == "CN=test.example.com"
+    assert cert.key_size == 2048
+    assert "test.example.com" in cert.san_dns_names
+    assert cert.is_ca is False
+
+
+def test_mtls_result_model():
+    """MTLSResult is created, fields are accessible, and serializes to JSON."""
+    from offsec_ai.models.mtls_result import CertificateInfo, MTLSResult
+
+    cert = CertificateInfo(
+        subject="CN=test.example.com",
+        issuer="CN=Test CA",
+        version=3,
+        serial_number="12345",
+        not_valid_before="2024-01-01T00:00:00",
+        not_valid_after="2025-01-01T00:00:00",
+        signature_algorithm="sha256WithRSAEncryption",
+        key_algorithm="RSAPublicKey",
+        key_size=2048,
+        san_dns_names=["test.example.com"],
+        san_ip_addresses=[],
+        is_ca=False,
+        is_self_signed=False,
+        fingerprint_sha256="abcd1234...",
+    )
+    result = MTLSResult(
+        target="test.example.com",
+        port=443,
+        supports_mtls=True,
+        requires_client_cert=False,
+        server_cert_info=cert,
+        client_cert_requested=True,
+        handshake_successful=False,
+        error_message=None,
+        cipher_suite="TLS_AES_256_GCM_SHA384",
+        tls_version="TLSv1.3",
+        verification_mode="default",
+        ca_bundle_path="/etc/ssl/certs/ca-certificates.crt",
+        timestamp=datetime.now().isoformat(),
+    )
+    assert result.target == "test.example.com"
+    assert result.port == 443
+    assert result.supports_mtls is True
+    assert result.server_cert_info.key_size == 2048
+
+    json_str = result.model_dump_json()
+    assert "test.example.com" in json_str
+    assert "TLSv1.3" in json_str
+
+
+def test_cli_mtls_commands_exist():
+    """mTLS CLI commands are registered and return help text."""
+    from click.testing import CliRunner
+
+    from offsec_ai.cli import main
+
+    runner = CliRunner()
+
+    result = runner.invoke(main, ["--help"])
+    assert result.exit_code == 0
+    assert "mtls-check" in result.output
+
+    result = runner.invoke(main, ["mtls-check", "--help"])
+    assert result.exit_code == 0
+
+    result = runner.invoke(main, ["mtls-gen-cert", "--help"])
+    assert result.exit_code == 0
+
+    result = runner.invoke(main, ["mtls-validate-cert", "--help"])
+    assert result.exit_code == 0