offsec-ai 2.0.1__tar.gz → 2.0.2__tar.gz

{offsec_ai-2.0.1 → offsec_ai-2.0.2}/CHANGELOG.md

@@ -5,6 +5,22 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.0.2] - 2026-06-29
+
+### Changed
+- README logo replaced with inline ASCII art (no external image dependency)
+- User-Agent strings updated from `SimplePortChecker/1.0` to `offsec-ai/2.0` in `L7Detector` and `HybridIdentityChecker`
+- `reportlab>=4.0.0` promoted to core dependency in `pyproject.toml` (was missing, caused `ModuleNotFoundError` on fresh installs)
+- Docker image now installs `[ai]` extras (`openai`, `anthropic`) so LLM judge works at runtime via env vars
+- Dockerfile redundant pre-installs removed; `pip install ".[ai]"` is now the single install step
+- `docker-push` and `docker-release` Makefile targets added with auto-versioning from `pyproject.toml`
+- CI/CD: `docker.yml` image labels updated (title, description); unused `build-args` removed
+- CI/CD: `publish.yml` PyPI environment URL no longer pins a hardcoded version
+- Stale files removed: `PROJECT_STRUCTURE.md`, `HYBRID_IDENTITY_QUICKREF.md`, `IMPLEMENTATION_HYBRID_IDENTITY.md`, `MANIFEST.in`, empty `scripts/` dir
+- `tests/test_dns_trace.py` removed (was a live-network script, not a pytest test)
+- `tests/test_mtls.py` and `tests/test_mtls_integration.py` rewritten as proper `assert`-based pytest tests
+- `setup_dev.sh` updated: branding, venv path (`.venv`), and `[ai]` extras
+
 ## [2.0.0] - 2026-06-29
 
 ### Added — AI / LLM Security (fresh start as `offsec-ai`)

{offsec_ai-2.0.1 → offsec_ai-2.0.2}/PKG-INFO

@@ -1,13 +1,15 @@
 Metadata-Version: 2.4
 Name: offsec-ai
-Version: 2.0.1
+Version: 2.0.2
 Summary: Offensive-security toolkit: port scanning, L7/WAF detection, mTLS, certificate analysis, OWASP Top 10, AI/LLM OWASP Top 10 black-box probing, and MCP endpoint security scanning
 Project-URL: Homepage, https://github.com/htunn/offsec-ai
 Project-URL: Repository, https://github.com/htunn/offsec-ai
 Project-URL: Issues, https://github.com/htunn/offsec-ai/issues
 Project-URL: Documentation, https://github.com/htunn/offsec-ai#readme
-Author-email: htunn <htunnthuthu.linux@gmail.com>
-Maintainer-email: htunn <htunnthuthu.linux@gmail.com>
+Author: Htunn
+Author-email: htunnthuthu.linux@gmail.com
+Maintainer: Htunn
+Maintainer-email: htunnthuthu.linux@gmail.com
 License: MIT
 License-File: LICENSE
 Keywords: ai,ai-security,certificate,certificate-analysis,firewall,l7-protection,llm,mcp,model-context-protocol,network,offensive-security,owasp,pentest,pki,port-scanner,red-team,security,ssl,tls,waf
@@ -37,6 +39,7 @@ Requires-Dist: httpx>=0.25.0
 Requires-Dist: mcp>=1.0.0
 Requires-Dist: pydantic>=2.0.0
 Requires-Dist: python-nmap>=0.7.1
+Requires-Dist: reportlab>=4.0.0
 Requires-Dist: requests>=2.31.0
 Requires-Dist: rich>=13.0.0
 Provides-Extra: ai
@@ -56,9 +59,15 @@ Provides-Extra: gemini
 Requires-Dist: google-generativeai>=0.7.0; extra == 'gemini'
 Description-Content-Type: text/markdown
 
-<p align="center">
-  <img src="https://raw.githubusercontent.com/Htunn/offsec-ai/main/docs/assets/logo.svg" alt="offsec-ai" width="520"/>
-</p>
+```
+  ██████╗ ███████╗███████╗███████╗███████╗ ██████╗       █████╗ ██╗
+ ██╔═══██╗██╔════╝██╔════╝██╔════╝██╔════╝██╔════╝      ██╔══██╗██║
+ ██║   ██║█████╗  █████╗  ███████╗█████╗  ██║     █████╗███████║██║
+ ██║   ██║██╔══╝  ██╔══╝  ╚════██║██╔══╝  ██║     ╚════╝██╔══██║██║
+ ╚██████╔╝██║     ██║     ███████║███████╗╚██████╗       ██║  ██║██║
+  ╚═════╝ ╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝       ╚═╝  ╚═╝╚═╝
+  Offensive-Security Toolkit · AI/LLM · MCP · Red-Team
+```
 
 <p align="center">
   <a href="https://pypi.org/project/offsec-ai/"><img src="https://img.shields.io/pypi/v/offsec-ai" alt="PyPI Version"/></a>
@@ -554,8 +563,23 @@ docker run --rm htunnthuthu/offsec-ai:latest owasp-scan example.com
 docker run --rm -v $(pwd):/app/output htunnthuthu/offsec-ai:latest \
   ai-owasp-scan https://api.example.com/v1/chat/completions \
   --output /app/output/llm-report.json
+
+# LLM Judge — openai, anthropic, or gemini key auto-detected; no extra install needed
+docker run --rm \
+  -e OPENAI_API_KEY=sk-... \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
+
+# Custom OpenAI-compatible backend (Ollama, LM Studio, Azure OpenAI…)
+docker run --rm \
+  -e OFFSEC_LLM_BASE_URL=http://host.docker.internal:11434/v1 \
+  -e OFFSEC_LLM_MODEL=llama3 \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
 ```
 
+See [docs/DOCKER.md](docs/DOCKER.md) for the full Docker reference including CI/CD integration, Kubernetes jobs, Makefile publish targets, and troubleshooting.
+
 ---
 
 ## Configuration

{offsec_ai-2.0.1 → offsec_ai-2.0.2}/README.md

@@ -1,6 +1,12 @@
-<p align="center">
-  <img src="https://raw.githubusercontent.com/Htunn/offsec-ai/main/docs/assets/logo.svg" alt="offsec-ai" width="520"/>
-</p>
+```
+  ██████╗ ███████╗███████╗███████╗███████╗ ██████╗       █████╗ ██╗
+ ██╔═══██╗██╔════╝██╔════╝██╔════╝██╔════╝██╔════╝      ██╔══██╗██║
+ ██║   ██║█████╗  █████╗  ███████╗█████╗  ██║     █████╗███████║██║
+ ██║   ██║██╔══╝  ██╔══╝  ╚════██║██╔══╝  ██║     ╚════╝██╔══██║██║
+ ╚██████╔╝██║     ██║     ███████║███████╗╚██████╗       ██║  ██║██║
+  ╚═════╝ ╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝       ╚═╝  ╚═╝╚═╝
+  Offensive-Security Toolkit · AI/LLM · MCP · Red-Team
+```
 
 <p align="center">
   <a href="https://pypi.org/project/offsec-ai/"><img src="https://img.shields.io/pypi/v/offsec-ai" alt="PyPI Version"/></a>
@@ -496,8 +502,23 @@ docker run --rm htunnthuthu/offsec-ai:latest owasp-scan example.com
 docker run --rm -v $(pwd):/app/output htunnthuthu/offsec-ai:latest \
   ai-owasp-scan https://api.example.com/v1/chat/completions \
   --output /app/output/llm-report.json
+
+# LLM Judge — openai, anthropic, or gemini key auto-detected; no extra install needed
+docker run --rm \
+  -e OPENAI_API_KEY=sk-... \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
+
+# Custom OpenAI-compatible backend (Ollama, LM Studio, Azure OpenAI…)
+docker run --rm \
+  -e OFFSEC_LLM_BASE_URL=http://host.docker.internal:11434/v1 \
+  -e OFFSEC_LLM_MODEL=llama3 \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
 ```
 
+See [docs/DOCKER.md](docs/DOCKER.md) for the full Docker reference including CI/CD integration, Kubernetes jobs, Makefile publish targets, and troubleshooting.
+
 ---
 
 ## Configuration

{offsec_ai-2.0.1 → offsec_ai-2.0.2}/docs/DOCKER.md

@@ -260,9 +260,73 @@ spec:
 - ✅ OCSP and CRL URL extraction for revocation checking
 - ✅ Certificate fingerprint generation (SHA-1, SHA-256)
 
-## �🔧 Configuration & Environment
+## 🤖 AI / LLM Security Usage
+
+The image ships with `openai` and `anthropic` pre-installed (`[ai]` extra). Pass an API key at runtime to enable the **LLM Judge** for smarter semantic vulnerability detection.
+
+### AI OWASP Top 10 Scan (rule-based, no key required)
+```bash
+docker run --rm htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions
+```
+
+### AI OWASP Top 10 Scan with LLM Judge
 
-### Environment Variables
+```bash
+# OpenAI judge
+docker run --rm \
+  -e OPENAI_API_KEY=sk-... \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
+
+# Anthropic judge
+docker run --rm \
+  -e ANTHROPIC_API_KEY=sk-ant-... \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
+
+# Google Gemini judge (no extra package needed)
+docker run --rm \
+  -e GEMINI_API_KEY=AIzaSy... \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
+
+# Custom OpenAI-compatible endpoint (Ollama, LM Studio, Azure OpenAI, etc.)
+docker run --rm \
+  -e OFFSEC_LLM_BASE_URL=http://host.docker.internal:11434/v1 \
+  -e OFFSEC_LLM_MODEL=llama3 \
+  htunnthuthu/offsec-ai:latest \
+  ai-owasp-scan https://api.example.com/v1/chat/completions --llm-judge
+```
+
+### MCP Security Scan
+```bash
+# Scan an MCP endpoint
+docker run --rm htunnthuthu/offsec-ai:latest \
+  mcp-scan https://mcp.example.com/mcp
+
+# Active MCP attack (requires authorization flag)
+docker run --rm htunnthuthu/offsec-ai:latest \
+  mcp-attack https://mcp.example.com/mcp --i-have-authorization --mode deep
+```
+
+---
+
+## 🔧 Configuration & Environment
+
+### LLM / AI Judge Environment Variables
+
+| Variable | Provider | Description |
+|----------|----------|-------------|
+| `OPENAI_API_KEY` | OpenAI | Enables OpenAI judge (e.g. `gpt-4o-mini`) |
+| `ANTHROPIC_API_KEY` | Anthropic | Enables Anthropic judge (e.g. `claude-3-haiku`) |
+| `GEMINI_API_KEY` | Google | Enables Gemini judge (e.g. `gemini-1.5-flash`) |
+| `OFFSEC_LLM_BASE_URL` | Any OpenAI-compatible | Use a custom/local endpoint as the judge backend |
+| `OFFSEC_LLM_MODEL` | All | Override the default model name |
+
+Provider is **auto-detected** from whichever key is set; `OFFSEC_LLM_BASE_URL` takes precedence over `OPENAI_API_KEY`.
+
+### General Environment Variables
 ```bash
 # Set timeout for operations
 docker run --rm -e TIMEOUT=30 htunnthuthu/offsec-ai:latest scan example.com
@@ -294,12 +358,12 @@ docker run --rm -v /host/certs:/app/certs \
 ## 🔒 Security Features
 
 ### Non-Root User
-- ✅ Container runs as non-root user `scanner` (UID: 1000)
+- ✅ Container runs as non-root user `appuser` (UID: 1000)
 - ✅ No privileged access required
 - ✅ Minimal attack surface
 
 ### Minimal Dependencies
-- ✅ Based on Alpine Linux for small footprint
+- ✅ Based on Debian slim for minimal footprint
 - ✅ Only essential packages included
 - ✅ Regular security updates via automated builds
 
@@ -311,17 +375,18 @@ docker run --rm -v /host/certs:/app/certs \
 ## 🏷️ Image Specifications
 
 ### Base Image
-- **OS**: Alpine Linux (latest stable)
+- **OS**: Debian GNU/Linux 12 Bookworm slim (`python:3.12-slim-bookworm`)
 - **Python**: 3.12+
 - **Architecture**: Multi-arch (AMD64, ARM64)
-- **User**: Non-root (`scanner:scanner`)
+- **User**: Non-root (`appuser:appuser`, UID/GID 1000)
 
 ### Installed Tools
-- ✅ Simple Port Checker (latest version)
+- ✅ `offsec-ai` (latest version)
 - ✅ Python runtime and required dependencies
+- ✅ `openai` & `anthropic` packages — bundled via `[ai]` extra; LLM judge activates automatically when you pass an API key env var
 - ✅ SSL/TLS libraries for certificate handling
 - ✅ DNS resolution utilities
-- ✅ OpenSSL for certificate chain extraction
+- ✅ `nmap` for port scanning
 - ✅ Cryptography libraries for certificate analysis
 
 ### Performance
@@ -430,7 +495,42 @@ docker run --rm --memory=512m htunnthuthu/offsec-ai:latest scan example.com
 docker run --rm --cpus=2 htunnthuthu/offsec-ai:latest full-scan example.com
 ```
 
-## 🔗 Related Links
+## �️ Building & Publishing Locally
+
+The `Makefile` provides convenience targets for building and pushing to Docker Hub.
+
+```bash
+# Build the image locally
+make docker-build
+
+# Build without cache
+make docker-build-no-cache
+
+# Build multi-arch (linux/amd64 + linux/arm64) — requires docker buildx
+make docker-build-multi
+
+# Push to Docker Hub (builds first, then tags + pushes :version and :latest)
+make docker-push                              # uses DOCKER_USERNAME=htunn by default
+make docker-push DOCKER_USERNAME=youruser     # override username
+
+# Full release in one command
+make docker-release                           # equivalent to docker-build + docker-push
+
+# Test the local image
+make docker-test
+
+# Scan image for vulnerabilities (requires trivy)
+make docker-scan
+
+# Clean up local Docker artifacts
+make docker-clean
+```
+
+The `DOCKER_VERSION` is read automatically from `pyproject.toml`, so the published tags match the package version exactly.
+
+---
+
+## �🔗 Related Links
 
 - **GitHub Repository**: [Htunn/offsec-ai](https://github.com/Htunn/offsec-ai)
 - **PyPI Package**: [offsec-ai](https://pypi.org/project/offsec-ai/)

{offsec_ai-2.0.1 → offsec_ai-2.0.2}/docs/quickstart.md

@@ -28,9 +28,8 @@ offsec-ai ai-owasp-scan https://api.example.com/v1/chat/completions \
 offsec-ai mcp-scan https://mcp.example.com/mcp
 offsec-ai mcp-scan https://mcp.example.com/mcp --output report.json
 
-# MCP attacker (requires --authorized flag)
-offsec-ai mcp-attack https://mcp.example.com/mcp --authorized \
-    --auth-token "$TOKEN"
+# MCP attacker (requires --i-have-authorization flag)
+offsec-ai mcp-attack https://mcp.example.com/mcp --i-have-authorization
 ```
 
 ### Python API
@@ -167,6 +166,7 @@ offsec-ai scan example.com --verbose
 ## Examples
 
 See the `examples/` directory for complete usage examples:
-- `usage_examples.py` - Comprehensive examples
-- `batch_scanning.py` - Batch scanning multiple targets
-- `custom_config.py` - Custom configuration examples
+- `usage_examples.py` — Core infrastructure scanning examples
+- `comprehensive_examples.py` — All features with detailed output
+- `mtls_examples.py` — mTLS testing and certificate generation
+- `owasp_scan_examples.py` — OWASP Top 10 scanning with PDF/CSV export

{offsec_ai-2.0.1 → offsec_ai-2.0.2}/pyproject.toml

@@ -4,16 +4,18 @@ build-backend = "hatchling.build"
 
 [project]
 name = "offsec-ai"
-version = "2.0.1"
+version = "2.0.2"
 description = "Offensive-security toolkit: port scanning, L7/WAF detection, mTLS, certificate analysis, OWASP Top 10, AI/LLM OWASP Top 10 black-box probing, and MCP endpoint security scanning"
 readme = "README.md"
 requires-python = ">=3.12"
 license = {text = "MIT"}
 authors = [
-    {name = "htunn", email = "htunnthuthu.linux@gmail.com"}
+    {name = "Htunn"},
+    {email = "htunnthuthu.linux@gmail.com"}
 ]
 maintainers = [
-    {name = "htunn", email = "htunnthuthu.linux@gmail.com"}
+    {name = "Htunn"},
+    {email = "htunnthuthu.linux@gmail.com"}
 ]
 keywords = ["firewall", "port-scanner", "l7-protection", "waf", "network", "security", "ssl", "tls", "certificate", "certificate-analysis", "pki", "offensive-security", "red-team", "pentest", "ai", "llm", "mcp", "owasp", "ai-security", "model-context-protocol"]
 classifiers = [
@@ -46,6 +48,7 @@ dependencies = [
     "cryptography>=41.0.0",
     "mcp>=1.0.0",
     "httpx>=0.25.0",
+    "reportlab>=4.0.0",
 ]
 
 [project.optional-dependencies]

{offsec_ai-2.0.1 → offsec_ai-2.0.2}/src/offsec_ai/__init__.py

@@ -16,7 +16,7 @@ Capabilities:
 - Rich CLI interface with progress bars
 """
 
-__version__ = "2.0.1"
+__version__ = "2.0.2"
 __author__ = "htunn"
 __email__ = "htunnthuthu.linux@gmail.com"
 __license__ = "MIT"

{offsec_ai-2.0.1 → offsec_ai-2.0.2}/src/offsec_ai/core/hybrid_identity_checker.py

@@ -91,7 +91,7 @@ class HybridIdentityChecker:
             timeout: Request timeout in seconds
         """
         self.timeout = timeout
-        self.user_agent = "SimplePortChecker/1.0 (Hybrid Identity Scanner)"
+        self.user_agent = "offsec-ai/2.0 (Hybrid Identity Scanner)"
     
     async def check(self, fqdn: str) -> HybridIdentityResult:
         """

{offsec_ai-2.0.1 → offsec_ai-2.0.2}/src/offsec_ai/core/l7_detector.py

@@ -55,7 +55,7 @@ class L7Detector:
             user_agent: Custom User-Agent string
         """
         self.timeout = timeout
-        self.user_agent = user_agent or "SimplePortChecker/1.0 (Security Scanner)"
+        self.user_agent = user_agent or "offsec-ai/2.0 (Security Scanner)"
         self.signatures = L7_SIGNATURES
 
     async def detect(self, host: str, port: int = None, path: str = "/", trace_dns: bool = False) -> L7Result:

offsec_ai-2.0.2/tests/test_mtls.py

@@ -0,0 +1,102 @@
+"""Tests for mTLS models and CLI commands."""
+
+from datetime import datetime
+
+
+def test_imports():
+    """All mTLS modules import without error."""
+    from offsec_ai.models.mtls_result import BatchMTLSResult, CertificateInfo, MTLSResult  # noqa: F401
+    from offsec_ai.core.mtls_checker import MTLSChecker  # noqa: F401
+
+
+def test_certificate_info_model():
+    """CertificateInfo model fields are created correctly."""
+    from offsec_ai.models.mtls_result import CertificateInfo
+
+    cert = CertificateInfo(
+        subject="CN=test.example.com",
+        issuer="CN=Test CA",
+        version=3,
+        serial_number="12345",
+        not_valid_before="2024-01-01T00:00:00",
+        not_valid_after="2025-01-01T00:00:00",
+        signature_algorithm="sha256WithRSAEncryption",
+        key_algorithm="RSAPublicKey",
+        key_size=2048,
+        san_dns_names=["test.example.com", "*.example.com"],
+        san_ip_addresses=["192.168.1.1"],
+        is_ca=False,
+        is_self_signed=False,
+        fingerprint_sha256="abcd1234...",
+    )
+    assert cert.subject == "CN=test.example.com"
+    assert cert.key_size == 2048
+    assert "test.example.com" in cert.san_dns_names
+    assert cert.is_ca is False
+
+
+def test_mtls_result_model():
+    """MTLSResult is created, fields are accessible, and serializes to JSON."""
+    from offsec_ai.models.mtls_result import CertificateInfo, MTLSResult
+
+    cert = CertificateInfo(
+        subject="CN=test.example.com",
+        issuer="CN=Test CA",
+        version=3,
+        serial_number="12345",
+        not_valid_before="2024-01-01T00:00:00",
+        not_valid_after="2025-01-01T00:00:00",
+        signature_algorithm="sha256WithRSAEncryption",
+        key_algorithm="RSAPublicKey",
+        key_size=2048,
+        san_dns_names=["test.example.com"],
+        san_ip_addresses=[],
+        is_ca=False,
+        is_self_signed=False,
+        fingerprint_sha256="abcd1234...",
+    )
+    result = MTLSResult(
+        target="test.example.com",
+        port=443,
+        supports_mtls=True,
+        requires_client_cert=False,
+        server_cert_info=cert,
+        client_cert_requested=True,
+        handshake_successful=False,
+        error_message=None,
+        cipher_suite="TLS_AES_256_GCM_SHA384",
+        tls_version="TLSv1.3",
+        verification_mode="default",
+        ca_bundle_path="/etc/ssl/certs/ca-certificates.crt",
+        timestamp=datetime.now().isoformat(),
+    )
+    assert result.target == "test.example.com"
+    assert result.port == 443
+    assert result.supports_mtls is True
+    assert result.server_cert_info.key_size == 2048
+
+    json_str = result.model_dump_json()
+    assert "test.example.com" in json_str
+    assert "TLSv1.3" in json_str
+
+
+def test_cli_mtls_commands_exist():
+    """mTLS CLI commands are registered and return help text."""
+    from click.testing import CliRunner
+
+    from offsec_ai.cli import main
+
+    runner = CliRunner()
+
+    result = runner.invoke(main, ["--help"])
+    assert result.exit_code == 0
+    assert "mtls-check" in result.output
+
+    result = runner.invoke(main, ["mtls-check", "--help"])
+    assert result.exit_code == 0
+
+    result = runner.invoke(main, ["mtls-gen-cert", "--help"])
+    assert result.exit_code == 0
+
+    result = runner.invoke(main, ["mtls-validate-cert", "--help"])
+    assert result.exit_code == 0

offsec_ai-2.0.2/tests/test_mtls_integration.py

@@ -0,0 +1,82 @@
+"""Integration-level tests for mTLS: models, CLI structure, and documentation presence."""
+
+import os
+from datetime import datetime
+
+
+def test_mtls_model_full_lifecycle():
+    """MTLSResult supports full create → serialize → field-access lifecycle."""
+    from offsec_ai.models.mtls_result import CertificateInfo, MTLSResult
+
+    cert = CertificateInfo(
+        subject="CN=test.example.com,O=Test Org,C=US",
+        issuer="CN=Test CA,O=Test CA Org,C=US",
+        version=3,
+        serial_number="123456789",
+        not_valid_before="2024-01-01T00:00:00Z",
+        not_valid_after="2025-01-01T00:00:00Z",
+        signature_algorithm="sha256WithRSAEncryption",
+        key_algorithm="RSAPublicKey",
+        key_size=2048,
+        san_dns_names=["test.example.com", "www.test.example.com"],
+        san_ip_addresses=["192.168.1.100"],
+        is_ca=False,
+        is_self_signed=False,
+        fingerprint_sha256="a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456",
+    )
+    mtls_result = MTLSResult(
+        target="test.example.com",
+        port=443,
+        supports_mtls=True,
+        requires_client_cert=True,
+        server_cert_info=cert,
+        client_cert_requested=True,
+        handshake_successful=True,
+        error_message=None,
+        cipher_suite="TLS_AES_256_GCM_SHA384",
+        tls_version="TLSv1.3",
+        verification_mode="strict",
+        ca_bundle_path="/etc/ssl/certs/ca-certificates.crt",
+        timestamp=datetime.now().isoformat(),
+    )
+
+    assert mtls_result.target == "test.example.com"
+    assert mtls_result.supports_mtls is True
+    assert mtls_result.server_cert_info.subject == "CN=test.example.com,O=Test Org,C=US"
+
+    json_str = mtls_result.model_dump_json(indent=2)
+    assert len(json_str) > 100
+    assert "TLSv1.3" in json_str
+
+
+def test_cli_structure():
+    """All expected mTLS commands are present in the CLI."""
+    from offsec_ai.cli import main
+
+    cli_source = main.__module__
+    import inspect
+    import offsec_ai.cli as cli_module
+
+    src = inspect.getsource(cli_module)
+    for symbol in ("mtls-check", "mtls-gen-cert", "mtls-validate-cert", "MTLSChecker"):
+        assert symbol in src, f"Expected '{symbol}' in cli.py"
+
+
+def test_documentation_presence():
+    """Key documentation files for mTLS exist and contain expected content."""
+    repo_root = os.path.join(os.path.dirname(__file__), "..")
+
+    readme = os.path.join(repo_root, "README.md")
+    assert os.path.isfile(readme)
+    content = open(readme).read()
+    assert "mTLS" in content
+    assert "mutual TLS" in content
+
+    api_doc = os.path.join(repo_root, "docs", "api.md")
+    assert os.path.isfile(api_doc)
+    content = open(api_doc).read()
+    assert "MTLSChecker" in content
+    assert "MTLSResult" in content
+
+    examples = os.path.join(repo_root, "examples", "mtls_examples.py")
+    assert os.path.isfile(examples)

offsec_ai-2.0.1/tests/test_dns_trace.py

@@ -1,85 +0,0 @@
-#!/usr/bin/env python3
-"""
-Test script for DNS trace functionality.
-"""
-
-import asyncio
-import dns.resolver
-import json
-
-from offsec_ai.core.l7_detector import L7Detector
-
-async def main():
-    """Run DNS trace tests."""
-    print("Testing DNS trace...")
-    
-    # Domains to test
-    domains = ["sts-qa.gcc.gov.sg", "extadfs.gic.com.sg", "www.google.com"]
-    
-    for domain in domains:
-        print(f"\n=== Testing {domain} ===")
-        
-        # Simple DNS lookup using dns.resolver directly
-        try:
-            print("\nDirect DNS resolution:")
-            resolver = dns.resolver.Resolver()
-            
-            # CNAME lookup
-            try:
-                cname_answers = resolver.resolve(domain, "CNAME")
-                for cname in cname_answers:
-                    cname_str = str(cname.target).lower().rstrip('.')
-                    print(f"CNAME: {domain} → {cname_str}")
-                    
-                    # Try to resolve the CNAME target
-                    try:
-                        a_answers = resolver.resolve(cname_str, "A")
-                        for a_record in a_answers:
-                            ip_str = str(a_record)
-                            print(f"IP: {cname_str} → {ip_str}")
-                    except Exception as e:
-                        print(f"Failed to resolve CNAME to IP: {e}")
-            except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
-                print("No CNAME records found")
-                
-                # Try direct A record lookup
-                try:
-                    a_answers = resolver.resolve(domain, "A")
-                    for a_record in a_answers:
-                        ip_str = str(a_record)
-                        print(f"Direct A record: {domain} → {ip_str}")
-                except Exception as e:
-                    print(f"Failed to resolve A records: {e}")
-        except Exception as e:
-            print(f"DNS resolution error: {e}")
-        
-        # Test with our L7Detector
-        print("\nUsing L7Detector.detect():")
-        detector = L7Detector(timeout=5.0)
-        
-        try:
-            # Execute the trace domain function directly
-            detections, dns_trace = await detector._trace_domain_protection(domain)
-            print(f"Trace results:\nDetections: {len(detections)}")
-            print(f"DNS trace data: {json.dumps(dns_trace, indent=2)}")
-            
-            # Test the full detect method with our own trace function
-            dns_detections, dns_trace = await detector._trace_domain_protection(domain)
-            result = await detector.detect(domain)
-            
-            # Manually check and update the dns_trace field
-            print(f"\nFull detection results:")
-            print(f"Is protected: {result.is_protected}")
-            if result.primary_protection:
-                print(f"Primary protection: {result.primary_protection.service.value} ({result.primary_protection.confidence:.1%})")
-                
-            print(f"DNS trace in result before: {json.dumps(result.dns_trace, indent=2)}")
-            
-            # Manually update the result for debugging
-            result.dns_trace = dns_trace
-            print(f"DNS trace in result after manual update: {json.dumps(result.dns_trace, indent=2)}")
-        except Exception as e:
-            print(f"L7Detector error: {e}")
-
-if __name__ == "__main__":
-    asyncio.run(main())

offsec_ai-2.0.1/tests/test_mtls.py

@@ -1,159 +0,0 @@
-#!/usr/bin/env python3
-"""
-Test script for mTLS functionality.
-
-This script tests the mTLS checker without requiring all dependencies to be installed.
-"""
-
-import sys
-import os
-
-# Add the src directory to Python path
-sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'src'))
-
-def test_imports():
-    """Test that all modules can be imported."""
-    print("Testing imports...")
-    
-    try:
-        from offsec_ai.models.mtls_result import MTLSResult, CertificateInfo, BatchMTLSResult
-        print("✓ mTLS models imported successfully")
-    except ImportError as e:
-        print(f"✗ Failed to import mTLS models: {e}")
-        return False
-    
-    try:
-        from offsec_ai.core.mtls_checker import MTLSChecker
-        print("✓ MTLSChecker imported successfully")
-    except ImportError as e:
-        print(f"✗ Failed to import MTLSChecker: {e}")
-        return False
-    
-    return True
-
-def test_mtls_result_model():
-    """Test the MTLSResult model."""
-    print("\nTesting MTLSResult model...")
-    
-    from offsec_ai.models.mtls_result import MTLSResult, CertificateInfo
-    from datetime import datetime
-    
-    # Test CertificateInfo
-    cert_info = CertificateInfo(
-        subject="CN=test.example.com",
-        issuer="CN=Test CA",
-        version=3,
-        serial_number="12345",
-        not_valid_before="2024-01-01T00:00:00",
-        not_valid_after="2025-01-01T00:00:00",
-        signature_algorithm="sha256WithRSAEncryption",
-        key_algorithm="RSAPublicKey",
-        key_size=2048,
-        san_dns_names=["test.example.com", "*.example.com"],
-        san_ip_addresses=["192.168.1.1"],
-        is_ca=False,
-        is_self_signed=False,
-        fingerprint_sha256="abcd1234..."
-    )
-    print("✓ CertificateInfo model created successfully")
-    
-    # Test MTLSResult
-    result = MTLSResult(
-        target="test.example.com",
-        port=443,
-        supports_mtls=True,
-        requires_client_cert=False,
-        server_cert_info=cert_info,
-        client_cert_requested=True,
-        handshake_successful=False,
-        error_message=None,
-        cipher_suite="TLS_AES_256_GCM_SHA384",
-        tls_version="TLSv1.3",
-        verification_mode="default",
-        ca_bundle_path="/etc/ssl/certs/ca-certificates.crt",
-        timestamp=datetime.now().isoformat()
-    )
-    print("✓ MTLSResult model created successfully")
-    
-    # Test JSON serialization
-    json_data = result.model_dump_json()
-    print("✓ MTLSResult JSON serialization works")
-    
-    return True
-
-def test_cli_help():
-    """Test the CLI help for mTLS commands."""
-    print("\nTesting CLI help...")
-    
-    try:
-        from offsec_ai.cli import main
-        import click.testing
-        
-        runner = click.testing.CliRunner()
-        
-        # Test main help
-        result = runner.invoke(main, ['--help'])
-        if 'mtls-check' in result.output:
-            print("✓ mtls-check command found in CLI help")
-        else:
-            print("✗ mtls-check command not found in CLI help")
-            return False
-        
-        # Test mtls-check help
-        result = runner.invoke(main, ['mtls-check', '--help'])
-        if result.exit_code == 0:
-            print("✓ mtls-check help works")
-        else:
-            print(f"✗ mtls-check help failed: {result.output}")
-            return False
-        
-        # Test mtls-gen-cert help
-        result = runner.invoke(main, ['mtls-gen-cert', '--help'])
-        if result.exit_code == 0:
-            print("✓ mtls-gen-cert help works")
-        else:
-            print(f"✗ mtls-gen-cert help failed: {result.output}")
-            return False
-        
-        return True
-        
-    except ImportError as e:
-        print(f"✗ Failed to import CLI: {e}")
-        return False
-
-def main():
-    """Run all tests."""
-    print("Simple Port Checker - mTLS Functionality Test")
-    print("=" * 50)
-    
-    tests = [
-        test_imports,
-        test_mtls_result_model,
-        test_cli_help,
-    ]
-    
-    passed = 0
-    failed = 0
-    
-    for test in tests:
-        try:
-            if test():
-                passed += 1
-            else:
-                failed += 1
-        except Exception as e:
-            print(f"✗ Test {test.__name__} failed with exception: {e}")
-            failed += 1
-    
-    print("\n" + "=" * 50)
-    print(f"Tests completed: {passed} passed, {failed} failed")
-    
-    if failed == 0:
-        print("🎉 All tests passed! mTLS functionality is working correctly.")
-        return 0
-    else:
-        print("❌ Some tests failed. Please check the output above.")
-        return 1
-
-if __name__ == "__main__":
-    sys.exit(main())

offsec_ai-2.0.1/tests/test_mtls_integration.py

@@ -1,193 +0,0 @@
-#!/usr/bin/env python3
-"""
-Simple test for mTLS functionality without full installation.
-"""
-
-import sys
-import os
-
-# Add the src directory to Python path
-sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'src'))
-
-def test_mtls_model():
-    """Test the MTLSResult model directly."""
-    print("Testing mTLS models...")
-    
-    try:
-        from offsec_ai.models.mtls_result import MTLSResult, CertificateInfo
-        from datetime import datetime
-        
-        # Create a test certificate info
-        cert_info = CertificateInfo(
-            subject="CN=test.example.com,O=Test Org,C=US",
-            issuer="CN=Test CA,O=Test CA Org,C=US",
-            version=3,
-            serial_number="123456789",
-            not_valid_before="2024-01-01T00:00:00Z",
-            not_valid_after="2025-01-01T00:00:00Z",
-            signature_algorithm="sha256WithRSAEncryption",
-            key_algorithm="RSAPublicKey",
-            key_size=2048,
-            san_dns_names=["test.example.com", "www.test.example.com"],
-            san_ip_addresses=["192.168.1.100"],
-            is_ca=False,
-            is_self_signed=False,
-            fingerprint_sha256="a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456"
-        )
-        print("✓ CertificateInfo created successfully")
-        
-        # Create a test mTLS result
-        mtls_result = MTLSResult(
-            target="test.example.com",
-            port=443,
-            supports_mtls=True,
-            requires_client_cert=True,
-            server_cert_info=cert_info,
-            client_cert_requested=True,
-            handshake_successful=True,
-            error_message=None,
-            cipher_suite="TLS_AES_256_GCM_SHA384",
-            tls_version="TLSv1.3",
-            verification_mode="strict",
-            ca_bundle_path="/etc/ssl/certs/ca-certificates.crt",
-            timestamp=datetime.now().isoformat()
-        )
-        print("✓ MTLSResult created successfully")
-        
-        # Test JSON serialization
-        json_str = mtls_result.model_dump_json(indent=2)
-        print("✓ JSON serialization works")
-        print(f"JSON length: {len(json_str)} characters")
-        
-        # Test field access
-        print(f"✓ Target: {mtls_result.target}")
-        print(f"✓ Supports mTLS: {mtls_result.supports_mtls}")
-        print(f"✓ Server cert subject: {mtls_result.server_cert_info.subject}")
-        
-        return True
-        
-    except Exception as e:
-        print(f"✗ Error: {e}")
-        import traceback
-        traceback.print_exc()
-        return False
-
-def test_cli_structure():
-    """Test if CLI structure includes mTLS commands."""
-    print("\nTesting CLI structure...")
-    
-    try:
-        # Read the CLI file to check for mTLS commands
-        cli_file = os.path.join(os.path.dirname(__file__), 'src', 'offsec_ai', 'cli.py')
-        
-        with open(cli_file, 'r') as f:
-            cli_content = f.read()
-        
-        # Check for mTLS command definitions
-        mtls_commands = [
-            'mtls-check',
-            'mtls-gen-cert', 
-            'mtls-validate-cert',
-            '_run_mtls_check',
-            'MTLSChecker'
-        ]
-        
-        found_commands = []
-        for cmd in mtls_commands:
-            if cmd in cli_content:
-                found_commands.append(cmd)
-                print(f"✓ Found {cmd} in CLI")
-            else:
-                print(f"✗ Missing {cmd} in CLI")
-        
-        if len(found_commands) == len(mtls_commands):
-            print("✓ All mTLS commands found in CLI")
-            return True
-        else:
-            print(f"✗ Only {len(found_commands)}/{len(mtls_commands)} commands found")
-            return False
-            
-    except Exception as e:
-        print(f"✗ Error checking CLI: {e}")
-        return False
-
-def test_documentation():
-    """Test if documentation includes mTLS information."""
-    print("\nTesting documentation...")
-    
-    try:
-        # Check README
-        readme_file = os.path.join(os.path.dirname(__file__), 'README.md')
-        with open(readme_file, 'r') as f:
-            readme_content = f.read()
-        
-        if 'mTLS' in readme_content and 'mutual TLS' in readme_content:
-            print("✓ README includes mTLS documentation")
-        else:
-            print("✗ README missing mTLS documentation")
-            return False
-        
-        # Check API docs
-        api_docs_file = os.path.join(os.path.dirname(__file__), 'docs', 'api.md')
-        with open(api_docs_file, 'r') as f:
-            api_content = f.read()
-        
-        if 'MTLSChecker' in api_content and 'MTLSResult' in api_content:
-            print("✓ API docs include mTLS documentation")
-        else:
-            print("✗ API docs missing mTLS documentation")
-            return False
-        
-        # Check examples
-        examples_file = os.path.join(os.path.dirname(__file__), 'examples', 'mtls_examples.py')
-        if os.path.exists(examples_file):
-            print("✓ mTLS examples file exists")
-        else:
-            print("✗ mTLS examples file missing")
-            return False
-        
-        return True
-        
-    except Exception as e:
-        print(f"✗ Error checking documentation: {e}")
-        return False
-
-def main():
-    """Run all tests."""
-    print("Simple Port Checker - mTLS Integration Test")
-    print("=" * 50)
-    
-    tests = [
-        test_mtls_model,
-        test_cli_structure,
-        test_documentation,
-    ]
-    
-    results = []
-    for test in tests:
-        try:
-            result = test()
-            results.append(result)
-        except Exception as e:
-            print(f"✗ Test {test.__name__} failed with exception: {e}")
-            results.append(False)
-    
-    passed = sum(results)
-    total = len(results)
-    
-    print("\n" + "=" * 50)
-    print(f"Tests completed: {passed}/{total} passed")
-    
-    if passed == total:
-        print("🎉 All tests passed! mTLS functionality has been successfully integrated.")
-        print("\nNext steps:")
-        print("1. Install dependencies: pip install cryptography certifi")
-        print("2. Test CLI: offsec-ai mtls-check --help")
-        print("3. Try example: python examples/mtls_examples.py")
-        return 0
-    else:
-        print("❌ Some tests failed. Please check the output above.")
-        return 1
-
-if __name__ == "__main__":
-    sys.exit(main())