pencheff 0.2.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (113) hide show
  1. pencheff-0.2.0/.claude-plugin/plugin.json +39 -0
  2. pencheff-0.2.0/.gitignore +9 -0
  3. pencheff-0.2.0/.mcp.json +8 -0
  4. pencheff-0.2.0/PKG-INFO +991 -0
  5. pencheff-0.2.0/README.md +953 -0
  6. pencheff-0.2.0/agents/pencheff.md +104 -0
  7. pencheff-0.2.0/pencheff/__init__.py +3 -0
  8. pencheff-0.2.0/pencheff/__main__.py +217 -0
  9. pencheff-0.2.0/pencheff/config.py +251 -0
  10. pencheff-0.2.0/pencheff/core/__init__.py +0 -0
  11. pencheff-0.2.0/pencheff/core/credentials.py +103 -0
  12. pencheff-0.2.0/pencheff/core/dependency_manager.py +298 -0
  13. pencheff-0.2.0/pencheff/core/findings.py +238 -0
  14. pencheff-0.2.0/pencheff/core/http_client.py +203 -0
  15. pencheff-0.2.0/pencheff/core/oast.py +182 -0
  16. pencheff-0.2.0/pencheff/core/openapi_import.py +275 -0
  17. pencheff-0.2.0/pencheff/core/payload_loader.py +54 -0
  18. pencheff-0.2.0/pencheff/core/scan_history.py +160 -0
  19. pencheff-0.2.0/pencheff/core/session.py +132 -0
  20. pencheff-0.2.0/pencheff/core/ticketing.py +269 -0
  21. pencheff-0.2.0/pencheff/core/tool_runner.py +52 -0
  22. pencheff-0.2.0/pencheff/modules/__init__.py +0 -0
  23. pencheff-0.2.0/pencheff/modules/advanced/__init__.py +1 -0
  24. pencheff-0.2.0/pencheff/modules/advanced/cache_poisoning.py +275 -0
  25. pencheff-0.2.0/pencheff/modules/advanced/deserialization.py +331 -0
  26. pencheff-0.2.0/pencheff/modules/advanced/dns_rebinding.py +157 -0
  27. pencheff-0.2.0/pencheff/modules/advanced/http_smuggling.py +299 -0
  28. pencheff-0.2.0/pencheff/modules/advanced/prototype_pollution.py +217 -0
  29. pencheff-0.2.0/pencheff/modules/advanced/waf_detection.py +304 -0
  30. pencheff-0.2.0/pencheff/modules/advanced/websocket_security.py +281 -0
  31. pencheff-0.2.0/pencheff/modules/api/__init__.py +0 -0
  32. pencheff-0.2.0/pencheff/modules/api/api_fuzzer.py +151 -0
  33. pencheff-0.2.0/pencheff/modules/api/graphql.py +146 -0
  34. pencheff-0.2.0/pencheff/modules/api/mass_assignment.py +200 -0
  35. pencheff-0.2.0/pencheff/modules/api/rest_discovery.py +153 -0
  36. pencheff-0.2.0/pencheff/modules/auth/__init__.py +0 -0
  37. pencheff-0.2.0/pencheff/modules/auth/brute_force.py +137 -0
  38. pencheff-0.2.0/pencheff/modules/auth/jwt_attacks.py +193 -0
  39. pencheff-0.2.0/pencheff/modules/auth/login_macro.py +275 -0
  40. pencheff-0.2.0/pencheff/modules/auth/mfa_bypass.py +307 -0
  41. pencheff-0.2.0/pencheff/modules/auth/oauth_attacks.py +329 -0
  42. pencheff-0.2.0/pencheff/modules/auth/password_policy.py +119 -0
  43. pencheff-0.2.0/pencheff/modules/auth/session_mgmt.py +140 -0
  44. pencheff-0.2.0/pencheff/modules/authz/__init__.py +0 -0
  45. pencheff-0.2.0/pencheff/modules/authz/idor.py +149 -0
  46. pencheff-0.2.0/pencheff/modules/authz/privilege_esc.py +105 -0
  47. pencheff-0.2.0/pencheff/modules/authz/rbac_bypass.py +113 -0
  48. pencheff-0.2.0/pencheff/modules/base.py +45 -0
  49. pencheff-0.2.0/pencheff/modules/client_side/__init__.py +0 -0
  50. pencheff-0.2.0/pencheff/modules/client_side/clickjacking.py +79 -0
  51. pencheff-0.2.0/pencheff/modules/client_side/csrf.py +94 -0
  52. pencheff-0.2.0/pencheff/modules/client_side/dom_xss.py +273 -0
  53. pencheff-0.2.0/pencheff/modules/client_side/xss.py +132 -0
  54. pencheff-0.2.0/pencheff/modules/cloud/__init__.py +0 -0
  55. pencheff-0.2.0/pencheff/modules/cloud/metadata.py +103 -0
  56. pencheff-0.2.0/pencheff/modules/cloud/s3_enum.py +97 -0
  57. pencheff-0.2.0/pencheff/modules/file_handling/__init__.py +0 -0
  58. pencheff-0.2.0/pencheff/modules/file_handling/path_traversal.py +108 -0
  59. pencheff-0.2.0/pencheff/modules/file_handling/upload.py +114 -0
  60. pencheff-0.2.0/pencheff/modules/injection/__init__.py +0 -0
  61. pencheff-0.2.0/pencheff/modules/injection/cmdi.py +169 -0
  62. pencheff-0.2.0/pencheff/modules/injection/header_injection.py +203 -0
  63. pencheff-0.2.0/pencheff/modules/injection/ldap.py +166 -0
  64. pencheff-0.2.0/pencheff/modules/injection/nosqli.py +136 -0
  65. pencheff-0.2.0/pencheff/modules/injection/open_redirect.py +122 -0
  66. pencheff-0.2.0/pencheff/modules/injection/second_order.py +135 -0
  67. pencheff-0.2.0/pencheff/modules/injection/sqli.py +254 -0
  68. pencheff-0.2.0/pencheff/modules/injection/ssrf.py +151 -0
  69. pencheff-0.2.0/pencheff/modules/injection/ssti.py +97 -0
  70. pencheff-0.2.0/pencheff/modules/injection/xxe.py +117 -0
  71. pencheff-0.2.0/pencheff/modules/logic/__init__.py +0 -0
  72. pencheff-0.2.0/pencheff/modules/logic/race_condition.py +90 -0
  73. pencheff-0.2.0/pencheff/modules/logic/rate_limiting.py +95 -0
  74. pencheff-0.2.0/pencheff/modules/logic/workflow_bypass.py +115 -0
  75. pencheff-0.2.0/pencheff/modules/recon/__init__.py +0 -0
  76. pencheff-0.2.0/pencheff/modules/recon/dns_enum.py +129 -0
  77. pencheff-0.2.0/pencheff/modules/recon/port_scan.py +143 -0
  78. pencheff-0.2.0/pencheff/modules/recon/subdomain.py +130 -0
  79. pencheff-0.2.0/pencheff/modules/recon/subdomain_takeover.py +224 -0
  80. pencheff-0.2.0/pencheff/modules/recon/tech_fingerprint.py +180 -0
  81. pencheff-0.2.0/pencheff/modules/web/__init__.py +0 -0
  82. pencheff-0.2.0/pencheff/modules/web/browser_crawler.py +227 -0
  83. pencheff-0.2.0/pencheff/modules/web/cors.py +119 -0
  84. pencheff-0.2.0/pencheff/modules/web/crawler.py +143 -0
  85. pencheff-0.2.0/pencheff/modules/web/headers.py +190 -0
  86. pencheff-0.2.0/pencheff/modules/web/http_methods.py +95 -0
  87. pencheff-0.2.0/pencheff/modules/web/ssl_tls.py +163 -0
  88. pencheff-0.2.0/pencheff/payloads/cmdi.txt +34 -0
  89. pencheff-0.2.0/pencheff/payloads/deserialization.txt +29 -0
  90. pencheff-0.2.0/pencheff/payloads/header_injection.txt +11 -0
  91. pencheff-0.2.0/pencheff/payloads/ldap.txt +16 -0
  92. pencheff-0.2.0/pencheff/payloads/nosqli.txt +18 -0
  93. pencheff-0.2.0/pencheff/payloads/oauth.txt +22 -0
  94. pencheff-0.2.0/pencheff/payloads/open_redirect.txt +27 -0
  95. pencheff-0.2.0/pencheff/payloads/path_traversal.txt +16 -0
  96. pencheff-0.2.0/pencheff/payloads/prototype_pollution.txt +20 -0
  97. pencheff-0.2.0/pencheff/payloads/smuggling.txt +33 -0
  98. pencheff-0.2.0/pencheff/payloads/sqli.txt +20 -0
  99. pencheff-0.2.0/pencheff/payloads/ssrf.txt +31 -0
  100. pencheff-0.2.0/pencheff/payloads/ssti.txt +12 -0
  101. pencheff-0.2.0/pencheff/payloads/waf_bypass.txt +54 -0
  102. pencheff-0.2.0/pencheff/payloads/websocket.txt +16 -0
  103. pencheff-0.2.0/pencheff/payloads/xss.txt +18 -0
  104. pencheff-0.2.0/pencheff/payloads/xxe.txt +34 -0
  105. pencheff-0.2.0/pencheff/reporting/__init__.py +0 -0
  106. pencheff-0.2.0/pencheff/reporting/compliance.py +82 -0
  107. pencheff-0.2.0/pencheff/reporting/cvss.py +235 -0
  108. pencheff-0.2.0/pencheff/reporting/exporter.py +454 -0
  109. pencheff-0.2.0/pencheff/reporting/renderer.py +229 -0
  110. pencheff-0.2.0/pencheff/server.py +3075 -0
  111. pencheff-0.2.0/pyproject.toml +53 -0
  112. pencheff-0.2.0/skills/pentest/SKILL.md +59 -0
  113. pencheff-0.2.0/uv.lock +1176 -0
pencheff-0.2.0/.claude-plugin/plugin.json ADDED
@@ -0,0 +1,39 @@
1
+ {
2
+ "name": "pencheff",
3
+ "version": "0.1.5",
4
+ "description": "Elite AI penetration tester that doesn't just scan — it HACKS. Verifies and exploits every finding, chains vulnerabilities into attack narratives, and proves impact with proof-of-concept demonstrations. 32 advanced tools: reconnaissance, WAF detection, injection testing, auth/authz attacks, HTTP smuggling, cache poisoning, deserialization, OAuth/OIDC exploitation, WebSocket attacks, MFA bypass, subdomain takeover, 116 external tools via run_security_tool. Exports reports to Word (.docx), CSV, and JSON with verification status (true positive, false positive, etc.). Manual hacking with test_endpoint between scans. Eliminates false positives. Focuses on exploitable vulnerabilities with verified PoCs.",
5
+ "author": {
6
+ "name": "Bala Sriharsha",
7
+ "url": "https://github.com/balasriharsha"
8
+ },
9
+ "homepage": "https://github.com/balasriharsha/pencheff",
10
+ "keywords": [
11
+ "security",
12
+ "penetration-testing",
13
+ "pentest",
14
+ "vulnerability",
15
+ "exploitation",
16
+ "owasp",
17
+ "sqli",
18
+ "xss",
19
+ "ssrf",
20
+ "api-security",
21
+ "web-security",
22
+ "jwt",
23
+ "cors",
24
+ "cloud-security",
25
+ "http-smuggling",
26
+ "cache-poisoning",
27
+ "deserialization",
28
+ "prototype-pollution",
29
+ "oauth",
30
+ "mfa-bypass",
31
+ "websocket",
32
+ "subdomain-takeover",
33
+ "waf-bypass",
34
+ "race-condition",
35
+ "idor",
36
+ "privilege-escalation",
37
+ "proof-of-concept"
38
+ ]
39
+ }
pencheff-0.2.0/.gitignore ADDED
@@ -0,0 +1,9 @@
1
+ __pycache__/
2
+ *.py[cod]
3
+ *.egg-info/
4
+ dist/
5
+ build/
6
+ .venv/
7
+ *.egg
8
+ .eggs/
9
+ .claude/
pencheff-0.2.0/.mcp.json ADDED
@@ -0,0 +1,8 @@
1
+ {
2
+ "mcpServers": {
3
+ "pencheff": {
4
+ "command": "uv",
5
+ "args": ["run", "--project", "${CLAUDE_PLUGIN_ROOT}", "python", "-m", "pencheff"]
6
+ }
7
+ }
8
+ }