pentester 0.0.1__tar.gz

pentester-0.0.1/.github/workflows/ci.yml

@@ -0,0 +1,65 @@
+name: CI
+
+# - On every push/PR: run the CLI smoke test, build, and validate metadata.
+# - On a version tag (v*), a published Release, or manual dispatch: also
+#   publish to PyPI via Trusted Publishing (OIDC) — NO API token needed.
+#
+# PyPI trusted-publisher setup (one-time, on pypi.org -> Publishing):
+#   project = pentester, owner = vulnz, repo = pentester,
+#   workflow = ci.yml, environment = (leave blank / Any).
+
+on:
+  push:
+    branches: [main]
+    tags: ["v*"]
+  pull_request:
+  release:
+    types: [published]
+  workflow_dispatch: {}
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.8", "3.10", "3.12"]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install package + tooling
+        run: |
+          python -m pip install --upgrade pip build twine
+          python -m pip install -e .
+      - name: Smoke-test the CLI
+        run: |
+          pentester --version
+          python -m pentester scan https://example.com
+      - name: Build sdist + wheel
+        run: python -m build
+      - name: Validate package metadata
+        run: python -m twine check dist/*
+
+  publish:
+    # Only publish on a version tag, a published release, or manual dispatch.
+    if: startsWith(github.ref, 'refs/tags/v') || github.event_name == 'release' || github.event_name == 'workflow_dispatch'
+    needs: test
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write          # required for Trusted Publishing (OIDC)
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - name: Build sdist + wheel
+        run: |
+          python -m pip install --upgrade build
+          python -m build
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

pentester-0.0.1/.gitignore

@@ -0,0 +1,10 @@
+__pycache__/
+*.py[cod]
+*.egg-info/
+.eggs/
+build/
+dist/
+.venv/
+venv/
+.env
+.DS_Store

pentester-0.0.1/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 vulnz
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

pentester-0.0.1/PKG-INFO

@@ -0,0 +1,91 @@
+Metadata-Version: 2.4
+Name: pentester
+Version: 0.0.1
+Summary: Full-scale web, network & API penetration testing with AI on demand — reserved for insom.ai.
+Project-URL: Homepage, https://github.com/vulnz/pentester
+Project-URL: Source, https://github.com/vulnz/pentester
+Project-URL: Issues, https://github.com/vulnz/pentester/issues
+Author: vulnz
+License: MIT
+License-File: LICENSE
+Keywords: ai,appsec,dast,dynamic-analysis,pentest,pentesting,scanner,security,vulnerability
+Classifier: Development Status :: 2 - Pre-Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+
+# pentester
+
+```
+ ██████╗ ███████╗███╗   ██╗████████╗███████╗███████╗████████╗███████╗██████╗
+ ██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝██╔════╝██╔══██╗
+ ██████╔╝█████╗  ██╔██╗ ██║   ██║   █████╗  ███████╗   ██║   █████╗  ██████╔╝
+ ██╔═══╝ ██╔══╝  ██║╚██╗██║   ██║   ██╔══╝  ╚════██║   ██║   ██╔══╝  ██╔══██╗
+ ██║     ███████╗██║ ╚████║   ██║   ███████╗███████║   ██║   ███████╗██║  ██║
+ ╚═╝     ╚══════╝╚═╝  ╚═══╝   ╚═╝   ╚══════╝╚══════╝   ╚═╝   ╚══════╝╚═╝  ╚═╝
+        full-scale  web · network · api  pentesting  —  AI on demand
+```
+
+**`pentester`** is a full-scale offensive security toolkit that brings **web**,
+**network**, and **API** penetration testing under one command line — with
+**AI on demand** to drive recon, mutate requests, and triage findings.
+
+> 🚧 **Name reserved for [insom.ai](https://insom.ai).** This release secures
+> the package on PyPI and ships a working CLI shell. The full dynamic-analysis
+> engine lands in upcoming releases — watch this space.
+
+[![PyPI](https://img.shields.io/pypi/v/pentester.svg)](https://pypi.org/project/pentester/)
+[![Python](https://img.shields.io/pypi/pyversions/pentester.svg)](https://pypi.org/project/pentester/)
+[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
+
+## What it will do
+
+| Surface | Capabilities (shipping incrementally) |
+|---------|----------------------------------------|
+| **Web** | Crawling & spidering, authenticated sessions, fuzzing, OWASP-class detection (injection, XSS, SSRF, auth flaws), tech/CMS fingerprinting |
+| **Network** | Host & port discovery, service fingerprinting, protocol enumeration, known-CVE matching, misconfiguration checks |
+| **API** | REST / GraphQL / gRPC discovery, schema-aware fuzzing, auth / BOLA / mass-assignment testing |
+| **AI on demand** | Attack-surface reasoning, request mutation, exploit-path suggestion, finding triage, and natural-language report narration — opt-in, bring-your-own model |
+
+## Install
+
+```bash
+pip install pentester
+# or, isolated and always on PATH:
+pipx install pentester
+```
+
+## Usage
+
+```bash
+pentester --version
+pentester scan https://example.com   # engine coming soon
+```
+
+If the `pentester` command isn't found after a `pip install --user`, run it as
+a module (works regardless of `PATH`):
+
+```bash
+python -m pentester --version
+```
+
+## Roadmap
+
+- [ ] Live web/network/API target fingerprinting
+- [ ] Active scanning & fuzzing engine
+- [ ] Component & dependency vulnerability detection
+- [ ] AI-assisted request mutation and finding triage
+- [ ] HTML / JSON / SARIF reports with CI exit-code gating
+
+## License
+
+MIT — see [LICENSE](LICENSE).
+
+---
+
+© CQR Cybersecurity LLC · part of the [insom.ai](https://insom.ai) security platform.

pentester-0.0.1/README.md

@@ -0,0 +1,70 @@
+# pentester
+
+```
+ ██████╗ ███████╗███╗   ██╗████████╗███████╗███████╗████████╗███████╗██████╗
+ ██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝██╔════╝██╔══██╗
+ ██████╔╝█████╗  ██╔██╗ ██║   ██║   █████╗  ███████╗   ██║   █████╗  ██████╔╝
+ ██╔═══╝ ██╔══╝  ██║╚██╗██║   ██║   ██╔══╝  ╚════██║   ██║   ██╔══╝  ██╔══██╗
+ ██║     ███████╗██║ ╚████║   ██║   ███████╗███████║   ██║   ███████╗██║  ██║
+ ╚═╝     ╚══════╝╚═╝  ╚═══╝   ╚═╝   ╚══════╝╚══════╝   ╚═╝   ╚══════╝╚═╝  ╚═╝
+        full-scale  web · network · api  pentesting  —  AI on demand
+```
+
+**`pentester`** is a full-scale offensive security toolkit that brings **web**,
+**network**, and **API** penetration testing under one command line — with
+**AI on demand** to drive recon, mutate requests, and triage findings.
+
+> 🚧 **Name reserved for [insom.ai](https://insom.ai).** This release secures
+> the package on PyPI and ships a working CLI shell. The full dynamic-analysis
+> engine lands in upcoming releases — watch this space.
+
+[![PyPI](https://img.shields.io/pypi/v/pentester.svg)](https://pypi.org/project/pentester/)
+[![Python](https://img.shields.io/pypi/pyversions/pentester.svg)](https://pypi.org/project/pentester/)
+[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
+
+## What it will do
+
+| Surface | Capabilities (shipping incrementally) |
+|---------|----------------------------------------|
+| **Web** | Crawling & spidering, authenticated sessions, fuzzing, OWASP-class detection (injection, XSS, SSRF, auth flaws), tech/CMS fingerprinting |
+| **Network** | Host & port discovery, service fingerprinting, protocol enumeration, known-CVE matching, misconfiguration checks |
+| **API** | REST / GraphQL / gRPC discovery, schema-aware fuzzing, auth / BOLA / mass-assignment testing |
+| **AI on demand** | Attack-surface reasoning, request mutation, exploit-path suggestion, finding triage, and natural-language report narration — opt-in, bring-your-own model |
+
+## Install
+
+```bash
+pip install pentester
+# or, isolated and always on PATH:
+pipx install pentester
+```
+
+## Usage
+
+```bash
+pentester --version
+pentester scan https://example.com   # engine coming soon
+```
+
+If the `pentester` command isn't found after a `pip install --user`, run it as
+a module (works regardless of `PATH`):
+
+```bash
+python -m pentester --version
+```
+
+## Roadmap
+
+- [ ] Live web/network/API target fingerprinting
+- [ ] Active scanning & fuzzing engine
+- [ ] Component & dependency vulnerability detection
+- [ ] AI-assisted request mutation and finding triage
+- [ ] HTML / JSON / SARIF reports with CI exit-code gating
+
+## License
+
+MIT — see [LICENSE](LICENSE).
+
+---
+
+© CQR Cybersecurity LLC · part of the [insom.ai](https://insom.ai) security platform.

pentester-0.0.1/pentester/__init__.py

@@ -0,0 +1,8 @@
+"""pentester — full-scale web/network/API penetration testing with AI on demand.
+
+Name reserved for insom.ai. The full dynamic-analysis engine lands in upcoming
+releases; this build ships a working CLI shell.
+"""
+
+__version__ = "0.0.1"
+__all__ = ["__version__"]

pentester-0.0.1/pentester/__main__.py

@@ -0,0 +1,5 @@
+"""Enable `python -m pentester`."""
+from .cli import main
+
+if __name__ == "__main__":
+    raise SystemExit(main())

pentester-0.0.1/pentester/cli.py

@@ -0,0 +1,54 @@
+"""Command-line entry point for `pentester`.
+
+Name reserved for insom.ai. This early release ships a working CLI shell; the
+full-scale web/network/API dynamic-analysis engine (with AI on demand) is added
+in later releases.
+"""
+import argparse
+import sys
+
+from . import __version__
+
+_BANNER = r"""
+ ██████╗ ███████╗███╗   ██╗████████╗███████╗███████╗████████╗███████╗██████╗
+ ██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝██╔════╝██╔══██╗
+ ██████╔╝█████╗  ██╔██╗ ██║   ██║   █████╗  ███████╗   ██║   █████╗  ██████╔╝
+ ██╔═══╝ ██╔══╝  ██║╚██╗██║   ██║   ██╔══╝  ╚════██║   ██║   ██╔══╝  ██╔══██╗
+ ██║     ███████╗██║ ╚████║   ██║   ███████╗███████║   ██║   ███████╗██║  ██║
+ ╚═╝     ╚══════╝╚═╝  ╚═══╝   ╚═╝   ╚══════╝╚══════╝   ╚═╝   ╚══════╝╚═╝  ╚═╝
+   full-scale  web · network · api  pentesting  —  AI on demand   v{ver}
+"""
+
+
+def build_parser() -> argparse.ArgumentParser:
+    p = argparse.ArgumentParser(
+        prog="pentester",
+        description="Full-scale web/network/API penetration testing with AI on demand.",
+    )
+    p.add_argument("--version", action="version",
+                   version=f"pentester {__version__}")
+    sub = p.add_subparsers(dest="command")
+    scan = sub.add_parser(
+        "scan", help="(coming soon) run a dynamic scan against a target")
+    scan.add_argument("target", nargs="?", help="target URL or host")
+    return p
+
+
+def main(argv=None) -> int:
+    argv = list(sys.argv[1:] if argv is None else argv)
+    parser = build_parser()
+    args = parser.parse_args(argv)
+    print(_BANNER.format(ver=__version__))
+    if args.command == "scan":
+        print(f"[pentester] the dynamic-analysis engine is not implemented yet "
+              f"(target: {args.target or 'none given'}).")
+        print("            This package name is reserved for insom.ai — "
+              "watch the releases.")
+    else:
+        print("  Reserved for insom.ai. Engine arriving in upcoming releases.")
+        print("  Usage:  pentester scan <target>")
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

pentester-0.0.1/pyproject.toml

@@ -0,0 +1,37 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "pentester"
+version = "0.0.1"
+description = "Full-scale web, network & API penetration testing with AI on demand — reserved for insom.ai."
+readme = "README.md"
+requires-python = ">=3.8"
+license = { text = "MIT" }
+authors = [{ name = "vulnz" }]
+keywords = [
+    "security", "pentest", "pentesting", "dast", "dynamic-analysis",
+    "vulnerability", "scanner", "ai", "appsec",
+]
+classifiers = [
+    "Development Status :: 2 - Pre-Alpha",
+    "Intended Audience :: Developers",
+    "Intended Audience :: Information Technology",
+    "Topic :: Security",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Operating System :: OS Independent",
+]
+dependencies = []
+
+[project.urls]
+Homepage = "https://github.com/vulnz/pentester"
+Source = "https://github.com/vulnz/pentester"
+Issues = "https://github.com/vulnz/pentester/issues"
+
+[project.scripts]
+pentester = "pentester.cli:main"
+
+[tool.hatch.build.targets.wheel]
+packages = ["pentester"]