penbot 2.2.0__tar.gz → 2.4.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (201) hide show
  1. penbot-2.4.0/PKG-INFO +262 -0
  2. penbot-2.4.0/README.md +195 -0
  3. penbot-2.4.0/penbot.egg-info/PKG-INFO +262 -0
  4. {penbot-2.2.0 → penbot-2.4.0}/penbot.egg-info/SOURCES.txt +1 -0
  5. {penbot-2.2.0 → penbot-2.4.0}/penbot.egg-info/requires.txt +1 -0
  6. {penbot-2.2.0 → penbot-2.4.0}/pyproject.toml +3 -1
  7. {penbot-2.2.0 → penbot-2.4.0}/src/__init__.py +1 -1
  8. {penbot-2.2.0 → penbot-2.4.0}/src/agents/base.py +4 -1
  9. {penbot-2.2.0 → penbot-2.4.0}/src/agents/coordinator.py +28 -1
  10. {penbot-2.2.0 → penbot-2.4.0}/src/agents/jailbreak.py +1 -1
  11. {penbot-2.2.0 → penbot-2.4.0}/src/agents/mcp_exploit.py +7 -1
  12. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/base.py +11 -0
  13. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/data_leakage.py +21 -2
  14. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/orchestrator.py +10 -2
  15. penbot-2.4.0/src/analysis/outcome_classifier.py +294 -0
  16. {penbot-2.2.0 → penbot-2.4.0}/src/api/auth.py +10 -2
  17. {penbot-2.2.0 → penbot-2.4.0}/src/api/routes/reports.py +2 -2
  18. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/mcp_exploit_patterns.json +13 -3
  19. {penbot-2.2.0 → penbot-2.4.0}/src/cli/agents_cmd.py +1 -1
  20. {penbot-2.2.0 → penbot-2.4.0}/src/cli/benchmark_cmd.py +7 -0
  21. {penbot-2.2.0 → penbot-2.4.0}/src/cli/main.py +23 -0
  22. {penbot-2.2.0 → penbot-2.4.0}/src/cli/purple_cmd.py +1 -1
  23. {penbot-2.2.0 → penbot-2.4.0}/src/cli/regression_cmd.py +1 -1
  24. {penbot-2.2.0 → penbot-2.4.0}/src/cli/test_runner.py +31 -0
  25. {penbot-2.2.0 → penbot-2.4.0}/src/connectors/base.py +10 -0
  26. {penbot-2.2.0 → penbot-2.4.0}/src/ml/evaluation.py +1 -1
  27. {penbot-2.2.0 → penbot-2.4.0}/src/ml/vector_memory.py +2 -2
  28. {penbot-2.2.0 → penbot-2.4.0}/src/utils/attack_lineage.py +4 -4
  29. {penbot-2.2.0 → penbot-2.4.0}/src/utils/config.py +13 -0
  30. {penbot-2.2.0 → penbot-2.4.0}/src/utils/endpoint_mapper.py +1 -1
  31. {penbot-2.2.0 → penbot-2.4.0}/src/utils/intelligence/intelligence_store.py +1 -1
  32. {penbot-2.2.0 → penbot-2.4.0}/src/utils/llm_client.py +460 -2
  33. {penbot-2.2.0 → penbot-2.4.0}/src/utils/memory/attack_memory.py +4 -4
  34. {penbot-2.2.0 → penbot-2.4.0}/src/utils/pattern_schema.py +2 -2
  35. {penbot-2.2.0 → penbot-2.4.0}/src/utils/sandbox.py +94 -40
  36. {penbot-2.2.0 → penbot-2.4.0}/src/utils/shell_validator.py +16 -13
  37. {penbot-2.2.0 → penbot-2.4.0}/src/utils/tool_discoverer.py +1 -1
  38. {penbot-2.2.0 → penbot-2.4.0}/src/workflow/nodes.py +68 -0
  39. {penbot-2.2.0 → penbot-2.4.0}/src/workflow/state.py +29 -5
  40. penbot-2.2.0/PKG-INFO +0 -433
  41. penbot-2.2.0/README.md +0 -367
  42. penbot-2.2.0/penbot.egg-info/PKG-INFO +0 -433
  43. {penbot-2.2.0 → penbot-2.4.0}/LICENSE +0 -0
  44. {penbot-2.2.0 → penbot-2.4.0}/penbot.egg-info/dependency_links.txt +0 -0
  45. {penbot-2.2.0 → penbot-2.4.0}/penbot.egg-info/entry_points.txt +0 -0
  46. {penbot-2.2.0 → penbot-2.4.0}/penbot.egg-info/top_level.txt +0 -0
  47. {penbot-2.2.0 → penbot-2.4.0}/setup.cfg +0 -0
  48. {penbot-2.2.0 → penbot-2.4.0}/src/agents/__init__.py +0 -0
  49. {penbot-2.2.0 → penbot-2.4.0}/src/agents/action_safety.py +0 -0
  50. {penbot-2.2.0 → penbot-2.4.0}/src/agents/compliance.py +0 -0
  51. {penbot-2.2.0 → penbot-2.4.0}/src/agents/encoding.py +0 -0
  52. {penbot-2.2.0 → penbot-2.4.0}/src/agents/enhanced_generation.py +0 -0
  53. {penbot-2.2.0 → penbot-2.4.0}/src/agents/evolutionary/agent.py +0 -0
  54. {penbot-2.2.0 → penbot-2.4.0}/src/agents/evolutionary/mutator.py +0 -0
  55. {penbot-2.2.0 → penbot-2.4.0}/src/agents/evolutionary/token_soup_mutator.py +0 -0
  56. {penbot-2.2.0 → penbot-2.4.0}/src/agents/exfiltration.py +0 -0
  57. {penbot-2.2.0 → penbot-2.4.0}/src/agents/impersonation.py +0 -0
  58. {penbot-2.2.0 → penbot-2.4.0}/src/agents/indirect_injection.py +0 -0
  59. {penbot-2.2.0 → penbot-2.4.0}/src/agents/info_disclosure.py +0 -0
  60. {penbot-2.2.0 → penbot-2.4.0}/src/agents/multi_turn.py +0 -0
  61. {penbot-2.2.0 → penbot-2.4.0}/src/agents/output_security.py +0 -0
  62. {penbot-2.2.0 → penbot-2.4.0}/src/agents/rag_poisoning.py +0 -0
  63. {penbot-2.2.0 → penbot-2.4.0}/src/agents/subagents/__init__.py +0 -0
  64. {penbot-2.2.0 → penbot-2.4.0}/src/agents/subagents/base.py +0 -0
  65. {penbot-2.2.0 → penbot-2.4.0}/src/agents/subagents/domain_adaptation.py +0 -0
  66. {penbot-2.2.0 → penbot-2.4.0}/src/agents/subagents/encoding.py +0 -0
  67. {penbot-2.2.0 → penbot-2.4.0}/src/agents/subagents/factory.py +0 -0
  68. {penbot-2.2.0 → penbot-2.4.0}/src/agents/subagents/psychological.py +0 -0
  69. {penbot-2.2.0 → penbot-2.4.0}/src/agents/subagents/stealth.py +0 -0
  70. {penbot-2.2.0 → penbot-2.4.0}/src/agents/subagents/visual.py +0 -0
  71. {penbot-2.2.0 → penbot-2.4.0}/src/agents/token_soup.py +0 -0
  72. {penbot-2.2.0 → penbot-2.4.0}/src/agents/tool_exploit.py +0 -0
  73. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/__init__.py +0 -0
  74. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/canned_response_detector.py +0 -0
  75. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/data_poisoning.py +0 -0
  76. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/excessive_agency.py +0 -0
  77. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/exfiltration_detection.py +0 -0
  78. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/fitness.py +0 -0
  79. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/guardrail_fingerprinting.py +0 -0
  80. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/image_attack_detection.py +0 -0
  81. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/indirect_injection_detection.py +0 -0
  82. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/jailbreak_detection.py +0 -0
  83. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/llm_finding_assessor.py +0 -0
  84. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/policy_violation.py +0 -0
  85. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/rag_detection.py +0 -0
  86. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/refusal_classifier.py +0 -0
  87. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/ssrf_detection.py +0 -0
  88. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/structure_parser.py +0 -0
  89. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/structured_disclosure_detector.py +0 -0
  90. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/system_prompt_disclosure.py +0 -0
  91. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/target_fingerprinting.py +0 -0
  92. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/tool_detection.py +0 -0
  93. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/unbounded_consumption.py +0 -0
  94. {penbot-2.2.0 → penbot-2.4.0}/src/analysis/vector_weaknesses.py +0 -0
  95. {penbot-2.2.0 → penbot-2.4.0}/src/api/__init__.py +0 -0
  96. {penbot-2.2.0 → penbot-2.4.0}/src/api/main.py +0 -0
  97. {penbot-2.2.0 → penbot-2.4.0}/src/api/routes/__init__.py +0 -0
  98. {penbot-2.2.0 → penbot-2.4.0}/src/api/routes/auth.py +0 -0
  99. {penbot-2.2.0 → penbot-2.4.0}/src/api/routes/websocket.py +0 -0
  100. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/action_safety_patterns.json +0 -0
  101. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/encoding_methods.json +0 -0
  102. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/endpoint_enumeration_patterns.json +0 -0
  103. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/excessive_agency_patterns.json +0 -0
  104. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/exfiltration_patterns.json +0 -0
  105. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/guardrail_evasion_patterns.json +0 -0
  106. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/indirect_injection_patterns.json +0 -0
  107. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/industry_specific_patterns.json +0 -0
  108. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/insecure_output_handling_patterns.json +0 -0
  109. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/jailbreak_patterns.json +0 -0
  110. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/jailbreak_patterns_2025_latest.json +0 -0
  111. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/jailbreak_patterns_advanced.json +0 -0
  112. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/jailbreak_patterns_libertas.json +0 -0
  113. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/jailbreak_patterns_research.json +0 -0
  114. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/jailbreak_patterns_specialized.json +0 -0
  115. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/jailbreak_patterns_ultra_advanced.json +0 -0
  116. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/musical_encoding_patterns.json +0 -0
  117. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/rag_attack_patterns.backup_20260114_164612.json +0 -0
  118. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/rag_attack_patterns.json +0 -0
  119. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/sensitive_info_disclosure_patterns.json +0 -0
  120. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/social_engineering.json +0 -0
  121. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/tool_attack_patterns.backup_20260114_164613.json +0 -0
  122. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/tool_attack_patterns.json +0 -0
  123. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/tool_discovery_probes.json +0 -0
  124. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/unbounded_consumption_patterns.json +0 -0
  125. {penbot-2.2.0 → penbot-2.4.0}/src/attack_library/vector_weaknesses_patterns.json +0 -0
  126. {penbot-2.2.0 → penbot-2.4.0}/src/campaign/__init__.py +0 -0
  127. {penbot-2.2.0 → penbot-2.4.0}/src/campaign/planner.py +0 -0
  128. {penbot-2.2.0 → penbot-2.4.0}/src/cli/config_loader.py +0 -0
  129. {penbot-2.2.0 → penbot-2.4.0}/src/cli/dashboard_cmd.py +0 -0
  130. {penbot-2.2.0 → penbot-2.4.0}/src/cli/doctor.py +0 -0
  131. {penbot-2.2.0 → penbot-2.4.0}/src/cli/init_cmd.py +0 -0
  132. {penbot-2.2.0 → penbot-2.4.0}/src/cli/machine_output.py +0 -0
  133. {penbot-2.2.0 → penbot-2.4.0}/src/cli/onboard.py +0 -0
  134. {penbot-2.2.0 → penbot-2.4.0}/src/cli/patterns.py +0 -0
  135. {penbot-2.2.0 → penbot-2.4.0}/src/cli/reporter.py +0 -0
  136. {penbot-2.2.0 → penbot-2.4.0}/src/cli/sessions.py +0 -0
  137. {penbot-2.2.0 → penbot-2.4.0}/src/cli/validator.py +0 -0
  138. {penbot-2.2.0 → penbot-2.4.0}/src/cli/watch_cmd.py +0 -0
  139. {penbot-2.2.0 → penbot-2.4.0}/src/cli/wizard.py +0 -0
  140. {penbot-2.2.0 → penbot-2.4.0}/src/connectors/__init__.py +0 -0
  141. {penbot-2.2.0 → penbot-2.4.0}/src/connectors/api_connector.py +0 -0
  142. {penbot-2.2.0 → penbot-2.4.0}/src/connectors/azure_directline_connector.py +0 -0
  143. {penbot-2.2.0 → penbot-2.4.0}/src/connectors/factory.py +0 -0
  144. {penbot-2.2.0 → penbot-2.4.0}/src/connectors/lex_connector.py +0 -0
  145. {penbot-2.2.0 → penbot-2.4.0}/src/connectors/playwright_connector.py +0 -0
  146. {penbot-2.2.0 → penbot-2.4.0}/src/connectors/rest_connector.py +0 -0
  147. {penbot-2.2.0 → penbot-2.4.0}/src/database/__init__.py +0 -0
  148. {penbot-2.2.0 → penbot-2.4.0}/src/database/engine.py +0 -0
  149. {penbot-2.2.0 → penbot-2.4.0}/src/database/models.py +0 -0
  150. {penbot-2.2.0 → penbot-2.4.0}/src/database/repository.py +0 -0
  151. {penbot-2.2.0 → penbot-2.4.0}/src/defense/__init__.py +0 -0
  152. {penbot-2.2.0 → penbot-2.4.0}/src/defense/simulator.py +0 -0
  153. {penbot-2.2.0 → penbot-2.4.0}/src/defense/strategies.py +0 -0
  154. {penbot-2.2.0 → penbot-2.4.0}/src/mcp_server.py +0 -0
  155. {penbot-2.2.0 → penbot-2.4.0}/src/ml/__init__.py +0 -0
  156. {penbot-2.2.0 → penbot-2.4.0}/src/ml/config.py +0 -0
  157. {penbot-2.2.0 → penbot-2.4.0}/src/ml/embeddings.py +0 -0
  158. {penbot-2.2.0 → penbot-2.4.0}/src/ml/vector_index.py +0 -0
  159. {penbot-2.2.0 → penbot-2.4.0}/src/regression/__init__.py +0 -0
  160. {penbot-2.2.0 → penbot-2.4.0}/src/regression/baseline.py +0 -0
  161. {penbot-2.2.0 → penbot-2.4.0}/src/reporting/__init__.py +0 -0
  162. {penbot-2.2.0 → penbot-2.4.0}/src/reporting/detailed_report_generator.py +0 -0
  163. {penbot-2.2.0 → penbot-2.4.0}/src/reporting/owasp_compliance.py +0 -0
  164. {penbot-2.2.0 → penbot-2.4.0}/src/reporting/scoring.py +0 -0
  165. {penbot-2.2.0 → penbot-2.4.0}/src/synthesis/__init__.py +0 -0
  166. {penbot-2.2.0 → penbot-2.4.0}/src/synthesis/attack_synthesizer.py +0 -0
  167. {penbot-2.2.0 → penbot-2.4.0}/src/synthesis/finding_chainer.py +0 -0
  168. {penbot-2.2.0 → penbot-2.4.0}/src/utils/__init__.py +0 -0
  169. {penbot-2.2.0 → penbot-2.4.0}/src/utils/attack_surface_intel.py +0 -0
  170. {penbot-2.2.0 → penbot-2.4.0}/src/utils/document_generator.py +0 -0
  171. {penbot-2.2.0 → penbot-2.4.0}/src/utils/encoding_helpers.py +0 -0
  172. {penbot-2.2.0 → penbot-2.4.0}/src/utils/helpers.py +0 -0
  173. {penbot-2.2.0 → penbot-2.4.0}/src/utils/image_generator.py +0 -0
  174. {penbot-2.2.0 → penbot-2.4.0}/src/utils/intelligence/__init__.py +0 -0
  175. {penbot-2.2.0 → penbot-2.4.0}/src/utils/llm_cache.py +0 -0
  176. {penbot-2.2.0 → penbot-2.4.0}/src/utils/logging.py +0 -0
  177. {penbot-2.2.0 → penbot-2.4.0}/src/utils/memory/__init__.py +0 -0
  178. {penbot-2.2.0 → penbot-2.4.0}/src/utils/memory/target_model.py +0 -0
  179. {penbot-2.2.0 → penbot-2.4.0}/src/utils/metrics.py +0 -0
  180. {penbot-2.2.0 → penbot-2.4.0}/src/utils/operational_metrics.py +0 -0
  181. {penbot-2.2.0 → penbot-2.4.0}/src/utils/pattern_success_tracker.py +0 -0
  182. {penbot-2.2.0 → penbot-2.4.0}/src/utils/psychological_attacks.py +0 -0
  183. {penbot-2.2.0 → penbot-2.4.0}/src/utils/session_summarizer.py +0 -0
  184. {penbot-2.2.0 → penbot-2.4.0}/src/utils/summarization/__init__.py +0 -0
  185. {penbot-2.2.0 → penbot-2.4.0}/src/utils/summarization/summarizer.py +0 -0
  186. {penbot-2.2.0 → penbot-2.4.0}/src/utils/tavily_client.py +0 -0
  187. {penbot-2.2.0 → penbot-2.4.0}/src/utils/text_normalization.py +0 -0
  188. {penbot-2.2.0 → penbot-2.4.0}/src/utils/think_mcp_client.py +0 -0
  189. {penbot-2.2.0 → penbot-2.4.0}/src/utils/vision_detector.py +0 -0
  190. {penbot-2.2.0 → penbot-2.4.0}/src/utils/voting_visualizer.py +0 -0
  191. {penbot-2.2.0 → penbot-2.4.0}/src/verification/__init__.py +0 -0
  192. {penbot-2.2.0 → penbot-2.4.0}/src/verification/persistence_verifier.py +0 -0
  193. {penbot-2.2.0 → penbot-2.4.0}/src/workflow/__init__.py +0 -0
  194. {penbot-2.2.0 → penbot-2.4.0}/src/workflow/attack_graph.py +0 -0
  195. {penbot-2.2.0 → penbot-2.4.0}/src/workflow/campaign_coordinator.py +0 -0
  196. {penbot-2.2.0 → penbot-2.4.0}/src/workflow/context_views.py +0 -0
  197. {penbot-2.2.0 → penbot-2.4.0}/src/workflow/graph.py +0 -0
  198. {penbot-2.2.0 → penbot-2.4.0}/src/workflow/kv_cache_optimization.py +0 -0
  199. {penbot-2.2.0 → penbot-2.4.0}/src/workflow/phase_intelligence.py +0 -0
  200. {penbot-2.2.0 → penbot-2.4.0}/src/workflow/simple_attack_graph.py +0 -0
  201. {penbot-2.2.0 → penbot-2.4.0}/src/workflow/streaming.py +0 -0
penbot-2.4.0/PKG-INFO ADDED
@@ -0,0 +1,262 @@
1
+ Metadata-Version: 2.4
2
+ Name: penbot
3
+ Version: 2.4.0
4
+ Summary: AI Chatbot Penetration Testing Framework
5
+ Author: terminal48
6
+ License: MIT
7
+ Project-URL: Homepage, https://gitlab.com/yan-ban/penbot
8
+ Project-URL: Documentation, https://gitlab.com/yan-ban/penbot/-/tree/main/docs
9
+ Project-URL: Repository, https://gitlab.com/yan-ban/penbot
10
+ Project-URL: Issues, https://gitlab.com/yan-ban/penbot/-/issues
11
+ Requires-Python: >=3.11
12
+ Description-Content-Type: text/markdown
13
+ License-File: LICENSE
14
+ Requires-Dist: langgraph>=0.2.0
15
+ Requires-Dist: langgraph-checkpoint-sqlite>=2.0.0
16
+ Requires-Dist: langchain>=0.2.0
17
+ Requires-Dist: langchain-anthropic>=0.1.0
18
+ Requires-Dist: pydantic>=2.7.0
19
+ Requires-Dist: pydantic-settings>=2.2.0
20
+ Requires-Dist: click>=8.1.7
21
+ Requires-Dist: rich>=13.7.1
22
+ Requires-Dist: aiohttp>=3.9.4
23
+ Requires-Dist: httpx>=0.27.0
24
+ Requires-Dist: pyyaml>=6.0
25
+ Requires-Dist: python-dateutil>=2.9.0
26
+ Requires-Dist: jsonpath-ng>=1.6.0
27
+ Requires-Dist: sqlalchemy>=2.0.0
28
+ Requires-Dist: jinja2>=3.1.3
29
+ Requires-Dist: prometheus-client>=0.20.0
30
+ Requires-Dist: python-dotenv>=1.0.1
31
+ Requires-Dist: structlog>=24.1.0
32
+ Requires-Dist: mcp>=1.0.0
33
+ Requires-Dist: langchain-openai>=0.1.0
34
+ Provides-Extra: full
35
+ Requires-Dist: fastapi>=0.110.0; extra == "full"
36
+ Requires-Dist: uvicorn[standard]>=0.29.0; extra == "full"
37
+ Requires-Dist: slowapi>=0.1.9; extra == "full"
38
+ Requires-Dist: PyJWT>=2.8.0; extra == "full"
39
+ Requires-Dist: playwright>=1.43.0; extra == "full"
40
+ Requires-Dist: weasyprint>=62.0; extra == "full"
41
+ Requires-Dist: reportlab>=4.1.0; extra == "full"
42
+ Requires-Dist: python-docx>=1.1.0; extra == "full"
43
+ Requires-Dist: pypdf>=4.0.0; extra == "full"
44
+ Requires-Dist: Pillow>=10.0.0; extra == "full"
45
+ Requires-Dist: prometheus-fastapi-instrumentator>=7.0.0; extra == "full"
46
+ Requires-Dist: tavily-python>=0.5.0; extra == "full"
47
+ Provides-Extra: recon
48
+ Requires-Dist: tavily-python>=0.5.0; extra == "recon"
49
+ Provides-Extra: think
50
+ Provides-Extra: ml
51
+ Requires-Dist: sentence-transformers>=2.2.0; extra == "ml"
52
+ Requires-Dist: faiss-cpu>=1.7.0; extra == "ml"
53
+ Requires-Dist: numpy>=1.24.0; extra == "ml"
54
+ Provides-Extra: ml-viz
55
+ Requires-Dist: sentence-transformers>=2.2.0; extra == "ml-viz"
56
+ Requires-Dist: faiss-cpu>=1.7.0; extra == "ml-viz"
57
+ Requires-Dist: numpy>=1.24.0; extra == "ml-viz"
58
+ Requires-Dist: scikit-learn>=1.3.0; extra == "ml-viz"
59
+ Requires-Dist: matplotlib>=3.8.0; extra == "ml-viz"
60
+ Provides-Extra: dev
61
+ Requires-Dist: pytest>=8.1.1; extra == "dev"
62
+ Requires-Dist: pytest-asyncio>=0.23.6; extra == "dev"
63
+ Requires-Dist: pytest-cov>=5.0.0; extra == "dev"
64
+ Requires-Dist: black>=24.3.0; extra == "dev"
65
+ Requires-Dist: ruff>=0.3.5; extra == "dev"
66
+ Dynamic: license-file
67
+
68
+ <div align="center">
69
+
70
+ ```
71
+ ██████╗ ███████╗███╗ ██╗██████╗ ██████╗ ████████╗
72
+ ██╔══██╗██╔════╝████╗ ██║██╔══██╗██╔═══██╗╚══██╔══╝
73
+ ██████╔╝█████╗ ██╔██╗ ██║██████╔╝██║ ██║ ██║
74
+ ██╔═══╝ ██╔══╝ ██║╚██╗██║██╔══██╗██║ ██║ ██║
75
+ ██║ ███████╗██║ ╚████║██████╔╝╚██████╔╝ ██║
76
+ ╚═╝ ╚══════╝╚═╝ ╚═══╝╚═════╝ ╚═════╝ ╚═╝
77
+ ```
78
+
79
+ <img src="docs/evidence/penbot_logo.png" alt="PenBot Logo" width="180"/>
80
+
81
+ </div>
82
+
83
+ [![PyPI version](https://img.shields.io/pypi/v/penbot.svg)](https://pypi.org/project/penbot/)
84
+ [![Pipeline Status](https://gitlab.com/yan-ban/penbot/badges/main/pipeline.svg)](https://gitlab.com/yan-ban/penbot/-/pipelines)
85
+ [![Python 3.11+](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/downloads/)
86
+ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
87
+ [![OWASP LLM Top 10](https://img.shields.io/badge/OWASP-LLM%20Top%2010-orange.svg)](https://owasp.org/www-project-top-10-for-large-language-model-applications/)
88
+ [![OWASP ASI](https://img.shields.io/badge/OWASP-ASI%202026-red.svg)](https://genai.owasp.org/initiatives/agentic-security/)
89
+ [![Contributions Welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg)](CONTRIBUTING.md)
90
+
91
+ Multi-agent adversarial testing framework for AI chatbots and agentic
92
+ systems. Orchestrates specialized security agents to find vulnerabilities
93
+ in conversational AI through prompt injection, social engineering,
94
+ encoding attacks, RAG poisoning, tool exploitation, and MCP protocol abuse.
95
+
96
+ ---
97
+
98
+ ## Install
99
+
100
+ ```bash
101
+ pip install penbot # Core: CLI + REST API testing
102
+ pip install penbot[full] # Adds dashboard, Playwright, PDF/DOCX reports
103
+ pip install penbot[ml] # Adds embedding-based attack memory
104
+ ```
105
+
106
+ From source:
107
+
108
+ ```bash
109
+ git clone https://gitlab.com/yan-ban/penbot.git
110
+ cd penbot
111
+ pip install -e .
112
+ ```
113
+
114
+ Docker:
115
+
116
+ ```bash
117
+ docker pull registry.gitlab.com/yan-ban/penbot:latest
118
+ ```
119
+
120
+ ---
121
+
122
+ ## Run
123
+
124
+ ```bash
125
+ penbot onboard # First-run setup
126
+ penbot wizard # Configure a target
127
+ penbot test --config configs/clients/target.yaml
128
+ penbot doctor # Verify environment
129
+ ```
130
+
131
+ Dashboard:
132
+
133
+ ```bash
134
+ penbot dashboard # http://localhost:8000/dashboard
135
+ ```
136
+
137
+ ---
138
+
139
+ ## CLI
140
+
141
+ ```
142
+ penbot onboard First-run setup
143
+ penbot doctor Environment health check
144
+ penbot wizard Configure new target
145
+ penbot test Run security test
146
+ penbot dashboard Start Mission Control
147
+ penbot sessions Manage past sessions
148
+ penbot agents Browse agents
149
+ penbot patterns Search attack library
150
+ penbot report Generate report
151
+ penbot benchmark Score detection against mock chatbots
152
+ penbot watch Continuous testing
153
+ ```
154
+
155
+ See [CLI Reference](docs/CLI_REFERENCE.md).
156
+
157
+ ---
158
+
159
+ ## Features
160
+
161
+ - **14 specialized agents** — jailbreak, encoding, social engineering, RAG, tool exploitation, MCP exploit, exfiltration, indirect injection, action safety, compliance, and more
162
+ - **1,398+ attack patterns** across 27 curated libraries (including 20 MCP protocol-attack patterns)
163
+ - **22 vulnerability detectors** — two-layer detection (pattern + LLM) with finding chaining and guardrail fingerprinting
164
+ - **OWASP LLM Top 10 (2025) + Agentic Top 10 (2026)** coverage, including ASI02 and ASI04
165
+ - **Model Context Protocol (MCP) testing** — tool-description poisoning, resource URI traversal, list_changed bait-and-switch, cross-server pivots, sampling API abuse
166
+ - **Multi-agent coordination** — voting, hybrid attack composition, domain-aware campaign planning
167
+ - **Persistence verification** — post-test replay confirms findings are reproducible
168
+ - **Endpoint reconnaissance** — two-phase API surface mapping with framework detection
169
+ - **Evolutionary generation** — novel attacks via genetic algorithms with semantic retrieval (sentence-transformers + FAISS)
170
+ - **Web dashboard** — live Mission Control, session replay, OWASP report, real-time WebSocket streaming
171
+ - **Regression testing and purple-team mode** for CI-friendly defense validation
172
+
173
+ ---
174
+
175
+ ## Technology
176
+
177
+ - **LangGraph** — multi-agent workflow orchestration
178
+ - **Claude Sonnet 4.5** — attack generation
179
+ - **FastAPI** — API + WebSocket server (requires `penbot[full]`)
180
+ - **Playwright** — browser automation (requires `penbot[full]`)
181
+ - **SQLite** — session persistence
182
+
183
+ ### Install Extras
184
+
185
+ | Extra | Command | What it adds |
186
+ |-------|---------|-------------|
187
+ | Core | `pip install penbot` | CLI, REST API testing, security agents, attack pattern libraries |
188
+ | Full | `pip install penbot[full]` | Dashboard, Playwright, PDF/DOCX reports, OpenAI provider, Tavily recon |
189
+ | Recon | `pip install penbot[recon]` | Tavily web search for target reconnaissance |
190
+ | Think | `pip install penbot[think]` | MCP-based enhanced reasoning |
191
+ | ML | `pip install penbot[ml]` | Embedding-based attack memory (sentence-transformers, FAISS) |
192
+ | ML-Viz | `pip install penbot[ml-viz]` | ML + scikit-learn & matplotlib for notebooks |
193
+
194
+ ---
195
+
196
+ ## Documentation
197
+
198
+ | Document | Description |
199
+ |----------|-------------|
200
+ | [Developer Guide](docs/DEVELOPER_GUIDE.md) | How PenBot works under the hood |
201
+ | [Architecture](docs/ARCHITECTURE.md) | System design and diagrams |
202
+ | [Methodology](docs/METHODOLOGY.md) | Attack strategies |
203
+ | [Configuration](docs/CONFIGURATION.md) | YAML and environment setup |
204
+ | [CLI Reference](docs/CLI_REFERENCE.md) | Command-line usage |
205
+ | [API Reference](docs/API_REFERENCE.md) | REST and WebSocket |
206
+ | [Agents](docs/AGENTS.md) | Agent system details |
207
+ | [Detection](docs/DETECTION.md) | Vulnerability detectors |
208
+ | [Advanced](docs/ADVANCED.md) | RAG, tools, evolutionary |
209
+ | [OWASP Coverage](docs/OWASP_COVERAGE.md) | Compliance mapping |
210
+ | [Test Example](docs/TEST_EXAMPLE.md) | Test walkthrough |
211
+
212
+ ---
213
+
214
+ ## Responsible Use
215
+
216
+ This tool is for authorized security testing only.
217
+
218
+ Permitted: testing your own systems, security research with written
219
+ permission, contracted red team engagements, pre-deployment validation.
220
+
221
+ Prohibited: testing without authorization, attacking production systems
222
+ maliciously, extracting proprietary data.
223
+
224
+ Built-in safeguards include authorization verification, a blocklist for
225
+ public AI services, rate limiting, and audit logging.
226
+
227
+ ---
228
+
229
+ ## Project Status
230
+
231
+ | Aspect | Status |
232
+ |--------|--------|
233
+ | Development | Under active development |
234
+ | Tests | 1,542 passing |
235
+ | Skipped | 11 (optional deps) |
236
+ | Docker | Multi-stage build |
237
+
238
+ ---
239
+
240
+ ## References
241
+
242
+ - [OWASP Top 10 for LLM Applications (2025)](https://genai.owasp.org/llm-top-10/)
243
+ - [OWASP Top 10 for Agentic Applications (2026)](https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/)
244
+ - Kumar et al. (2024). *AmpleGCG-Plus.* [arXiv:2410.22143](https://arxiv.org/abs/2410.22143)
245
+ - Zhang et al. (2025). *Verbalized Sampling.* [arXiv:2510.01171](https://arxiv.org/abs/2510.01171)
246
+ - *Hiding in the AI Traffic: Abusing MCP for LLM-Powered Agentic Red Teaming.* [arXiv:2511.15998](https://arxiv.org/abs/2511.15998)
247
+
248
+ ---
249
+
250
+ ## Acknowledgments
251
+
252
+ - [Elder Plinius / L1B3RT4S](https://github.com/elder-plinius) — jailbreak pattern research
253
+ - [Manus AI](https://manus.im) — context engineering principles
254
+ - [LangChain](https://github.com/langchain-ai/langgraph) — LangGraph framework
255
+ - [Anthropic](https://anthropic.com)
256
+ - [OWASP](https://owasp.org) — LLM Top 10 framework
257
+
258
+ ---
259
+
260
+ ## License
261
+
262
+ MIT — see [LICENSE](LICENSE).
penbot-2.4.0/README.md ADDED
@@ -0,0 +1,195 @@
1
+ <div align="center">
2
+
3
+ ```
4
+ ██████╗ ███████╗███╗ ██╗██████╗ ██████╗ ████████╗
5
+ ██╔══██╗██╔════╝████╗ ██║██╔══██╗██╔═══██╗╚══██╔══╝
6
+ ██████╔╝█████╗ ██╔██╗ ██║██████╔╝██║ ██║ ██║
7
+ ██╔═══╝ ██╔══╝ ██║╚██╗██║██╔══██╗██║ ██║ ██║
8
+ ██║ ███████╗██║ ╚████║██████╔╝╚██████╔╝ ██║
9
+ ╚═╝ ╚══════╝╚═╝ ╚═══╝╚═════╝ ╚═════╝ ╚═╝
10
+ ```
11
+
12
+ <img src="docs/evidence/penbot_logo.png" alt="PenBot Logo" width="180"/>
13
+
14
+ </div>
15
+
16
+ [![PyPI version](https://img.shields.io/pypi/v/penbot.svg)](https://pypi.org/project/penbot/)
17
+ [![Pipeline Status](https://gitlab.com/yan-ban/penbot/badges/main/pipeline.svg)](https://gitlab.com/yan-ban/penbot/-/pipelines)
18
+ [![Python 3.11+](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/downloads/)
19
+ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
20
+ [![OWASP LLM Top 10](https://img.shields.io/badge/OWASP-LLM%20Top%2010-orange.svg)](https://owasp.org/www-project-top-10-for-large-language-model-applications/)
21
+ [![OWASP ASI](https://img.shields.io/badge/OWASP-ASI%202026-red.svg)](https://genai.owasp.org/initiatives/agentic-security/)
22
+ [![Contributions Welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg)](CONTRIBUTING.md)
23
+
24
+ Multi-agent adversarial testing framework for AI chatbots and agentic
25
+ systems. Orchestrates specialized security agents to find vulnerabilities
26
+ in conversational AI through prompt injection, social engineering,
27
+ encoding attacks, RAG poisoning, tool exploitation, and MCP protocol abuse.
28
+
29
+ ---
30
+
31
+ ## Install
32
+
33
+ ```bash
34
+ pip install penbot # Core: CLI + REST API testing
35
+ pip install penbot[full] # Adds dashboard, Playwright, PDF/DOCX reports
36
+ pip install penbot[ml] # Adds embedding-based attack memory
37
+ ```
38
+
39
+ From source:
40
+
41
+ ```bash
42
+ git clone https://gitlab.com/yan-ban/penbot.git
43
+ cd penbot
44
+ pip install -e .
45
+ ```
46
+
47
+ Docker:
48
+
49
+ ```bash
50
+ docker pull registry.gitlab.com/yan-ban/penbot:latest
51
+ ```
52
+
53
+ ---
54
+
55
+ ## Run
56
+
57
+ ```bash
58
+ penbot onboard # First-run setup
59
+ penbot wizard # Configure a target
60
+ penbot test --config configs/clients/target.yaml
61
+ penbot doctor # Verify environment
62
+ ```
63
+
64
+ Dashboard:
65
+
66
+ ```bash
67
+ penbot dashboard # http://localhost:8000/dashboard
68
+ ```
69
+
70
+ ---
71
+
72
+ ## CLI
73
+
74
+ ```
75
+ penbot onboard First-run setup
76
+ penbot doctor Environment health check
77
+ penbot wizard Configure new target
78
+ penbot test Run security test
79
+ penbot dashboard Start Mission Control
80
+ penbot sessions Manage past sessions
81
+ penbot agents Browse agents
82
+ penbot patterns Search attack library
83
+ penbot report Generate report
84
+ penbot benchmark Score detection against mock chatbots
85
+ penbot watch Continuous testing
86
+ ```
87
+
88
+ See [CLI Reference](docs/CLI_REFERENCE.md).
89
+
90
+ ---
91
+
92
+ ## Features
93
+
94
+ - **14 specialized agents** — jailbreak, encoding, social engineering, RAG, tool exploitation, MCP exploit, exfiltration, indirect injection, action safety, compliance, and more
95
+ - **1,398+ attack patterns** across 27 curated libraries (including 20 MCP protocol-attack patterns)
96
+ - **22 vulnerability detectors** — two-layer detection (pattern + LLM) with finding chaining and guardrail fingerprinting
97
+ - **OWASP LLM Top 10 (2025) + Agentic Top 10 (2026)** coverage, including ASI02 and ASI04
98
+ - **Model Context Protocol (MCP) testing** — tool-description poisoning, resource URI traversal, list_changed bait-and-switch, cross-server pivots, sampling API abuse
99
+ - **Multi-agent coordination** — voting, hybrid attack composition, domain-aware campaign planning
100
+ - **Persistence verification** — post-test replay confirms findings are reproducible
101
+ - **Endpoint reconnaissance** — two-phase API surface mapping with framework detection
102
+ - **Evolutionary generation** — novel attacks via genetic algorithms with semantic retrieval (sentence-transformers + FAISS)
103
+ - **Web dashboard** — live Mission Control, session replay, OWASP report, real-time WebSocket streaming
104
+ - **Regression testing and purple-team mode** for CI-friendly defense validation
105
+
106
+ ---
107
+
108
+ ## Technology
109
+
110
+ - **LangGraph** — multi-agent workflow orchestration
111
+ - **Claude Sonnet 4.5** — attack generation
112
+ - **FastAPI** — API + WebSocket server (requires `penbot[full]`)
113
+ - **Playwright** — browser automation (requires `penbot[full]`)
114
+ - **SQLite** — session persistence
115
+
116
+ ### Install Extras
117
+
118
+ | Extra | Command | What it adds |
119
+ |-------|---------|-------------|
120
+ | Core | `pip install penbot` | CLI, REST API testing, security agents, attack pattern libraries |
121
+ | Full | `pip install penbot[full]` | Dashboard, Playwright, PDF/DOCX reports, OpenAI provider, Tavily recon |
122
+ | Recon | `pip install penbot[recon]` | Tavily web search for target reconnaissance |
123
+ | Think | `pip install penbot[think]` | MCP-based enhanced reasoning |
124
+ | ML | `pip install penbot[ml]` | Embedding-based attack memory (sentence-transformers, FAISS) |
125
+ | ML-Viz | `pip install penbot[ml-viz]` | ML + scikit-learn & matplotlib for notebooks |
126
+
127
+ ---
128
+
129
+ ## Documentation
130
+
131
+ | Document | Description |
132
+ |----------|-------------|
133
+ | [Developer Guide](docs/DEVELOPER_GUIDE.md) | How PenBot works under the hood |
134
+ | [Architecture](docs/ARCHITECTURE.md) | System design and diagrams |
135
+ | [Methodology](docs/METHODOLOGY.md) | Attack strategies |
136
+ | [Configuration](docs/CONFIGURATION.md) | YAML and environment setup |
137
+ | [CLI Reference](docs/CLI_REFERENCE.md) | Command-line usage |
138
+ | [API Reference](docs/API_REFERENCE.md) | REST and WebSocket |
139
+ | [Agents](docs/AGENTS.md) | Agent system details |
140
+ | [Detection](docs/DETECTION.md) | Vulnerability detectors |
141
+ | [Advanced](docs/ADVANCED.md) | RAG, tools, evolutionary |
142
+ | [OWASP Coverage](docs/OWASP_COVERAGE.md) | Compliance mapping |
143
+ | [Test Example](docs/TEST_EXAMPLE.md) | Test walkthrough |
144
+
145
+ ---
146
+
147
+ ## Responsible Use
148
+
149
+ This tool is for authorized security testing only.
150
+
151
+ Permitted: testing your own systems, security research with written
152
+ permission, contracted red team engagements, pre-deployment validation.
153
+
154
+ Prohibited: testing without authorization, attacking production systems
155
+ maliciously, extracting proprietary data.
156
+
157
+ Built-in safeguards include authorization verification, a blocklist for
158
+ public AI services, rate limiting, and audit logging.
159
+
160
+ ---
161
+
162
+ ## Project Status
163
+
164
+ | Aspect | Status |
165
+ |--------|--------|
166
+ | Development | Under active development |
167
+ | Tests | 1,542 passing |
168
+ | Skipped | 11 (optional deps) |
169
+ | Docker | Multi-stage build |
170
+
171
+ ---
172
+
173
+ ## References
174
+
175
+ - [OWASP Top 10 for LLM Applications (2025)](https://genai.owasp.org/llm-top-10/)
176
+ - [OWASP Top 10 for Agentic Applications (2026)](https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/)
177
+ - Kumar et al. (2024). *AmpleGCG-Plus.* [arXiv:2410.22143](https://arxiv.org/abs/2410.22143)
178
+ - Zhang et al. (2025). *Verbalized Sampling.* [arXiv:2510.01171](https://arxiv.org/abs/2510.01171)
179
+ - *Hiding in the AI Traffic: Abusing MCP for LLM-Powered Agentic Red Teaming.* [arXiv:2511.15998](https://arxiv.org/abs/2511.15998)
180
+
181
+ ---
182
+
183
+ ## Acknowledgments
184
+
185
+ - [Elder Plinius / L1B3RT4S](https://github.com/elder-plinius) — jailbreak pattern research
186
+ - [Manus AI](https://manus.im) — context engineering principles
187
+ - [LangChain](https://github.com/langchain-ai/langgraph) — LangGraph framework
188
+ - [Anthropic](https://anthropic.com)
189
+ - [OWASP](https://owasp.org) — LLM Top 10 framework
190
+
191
+ ---
192
+
193
+ ## License
194
+
195
+ MIT — see [LICENSE](LICENSE).