pluto-ai 1.0.0__tar.gz

pluto_ai-1.0.0/MANIFEST.in

@@ -0,0 +1,4 @@
+include README.md
+include LICENSE
+include requirements.txt
+recursive-include pluto/assets *

pluto_ai-1.0.0/PKG-INFO

@@ -0,0 +1,241 @@
+Metadata-Version: 2.4
+Name: pluto-ai
+Version: 1.0.0
+Summary: AI-powered code security vulnerability scanner
+Home-page: https://github.com/0xsaikat/pluto
+Author: 0xSaikat
+Author-email: 0xSaikat <contact@hackbit.org>
+License: MIT
+Project-URL: Homepage, https://hackbit.org
+Project-URL: Repository, https://github.com/0xsaikat/pluto
+Project-URL: Issues, https://github.com/0xsaikat/pluto/issues
+Keywords: security,vulnerability,scanner,code-analysis,ai,static-analysis
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+Requires-Dist: click>=8.0.0
+Requires-Dist: anthropic>=0.18.0
+Requires-Dist: openai>=1.0.0
+Requires-Dist: requests>=2.28.0
+Requires-Dist: GitPython>=3.1.0
+Requires-Dist: reportlab>=4.0.0
+Dynamic: author
+Dynamic: home-page
+Dynamic: requires-python
+
+# 🛡️ Pluto - AI-Powered Code Security Analyzer
+
+<div align="center">
+
+```
+╭─────[By 0xSaikat]───────────────────────────────────╮
+│                                                     │
+│         ____  __      __                            │
+│        / __ \/ /_  __/ /_____                       │
+│       / /_/ / / / / / __/ __ \                      │
+│      / ____/ / /_/ / /_/ /_/ /                      │
+│     /_/   /_/\__,_/\__/\____/   V-1.0               │
+│                                                     │
+│     AI-Powered Code Security Analyzer               │
+│                                                     │
+╰─────────────────────────────────[hackbit.org]───────╯
+```
+
+[![PyPI version](https://badge.fury.io/py/pluto-security-scanner.svg)](https://badge.fury.io/py/pluto-security-scanner)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Python 3.7+](https://img.shields.io/badge/python-3.7+-blue.svg)](https://www.python.org/downloads/)
+
+**Pluto** is a powerful CLI tool that uses AI to detect security vulnerabilities in your code.
+
+[Features](#-features) • [Installation](#-installation) • [Usage](#-usage) • [Examples](#-examples) • [Contributing](#-contributing)
+
+</div>
+
+---
+
+## 🚀 Features
+
+- 🤖 **Multiple AI Providers**: Claude, OpenAI, Ollama (local)
+- 📁 **Flexible Input**: Analyze files, directories, or GitHub repositories
+- 📊 **Multiple Report Formats**: Terminal, PDF, JSON, Markdown
+- 🔒 **Privacy-First**: Local analysis with Ollama support
+- 🎯 **Severity Filtering**: Focus on CRITICAL, HIGH, MEDIUM, or LOW issues
+- 🌐 **Multi-Language Support**: Python, JavaScript, Java, C/C++, Go, Rust, PHP, Ruby, and more
+
+## 🔍 Security Checks
+
+Pluto detects:
+- SQL Injection
+- XSS (Cross-Site Scripting)
+- Authentication/Authorization flaws
+- Hardcoded secrets & credentials
+- Insecure cryptography
+- Path traversal
+- Command injection
+- CSRF vulnerabilities
+- Insecure dependencies
+- And many more...
+
+## 📦 Installation
+
+### From PyPI (Recommended)
+```bash
+pip install pluto-ai
+```
+
+### From Source
+```bash
+git clone https://github.com/0xsaikat/pluto.git
+cd pluto
+pip install -e .
+```
+
+## ⚙️ Setup
+
+### For Claude (Recommended)
+```bash
+export ANTHROPIC_API_KEY='your-api-key-here'
+```
+Get your API key from: https://console.anthropic.com/
+
+### For OpenAI
+```bash
+export OPENAI_API_KEY='your-api-key-here'
+```
+
+### For Ollama (Local, Free)
+```bash
+# Install Ollama from https://ollama.ai
+ollama pull phi
+ollama serve
+```
+
+## 💻 Usage
+
+### Basic Commands
+
+```bash
+# Analyze a single file
+pluto scan -code app.py
+
+# Analyze entire directory
+pluto scan -dir ./src --report pdf --output security_report
+
+# Analyze GitHub repository
+pluto scan -git https://github.com/user/repo --provider claude
+
+# Use local AI (Ollama)
+pluto scan -code app.py --provider ollama --model phi
+
+# Filter by severity
+pluto scan -dir ./src --min-severity HIGH
+```
+
+### Command Options
+
+```
+Options:
+  -code, --code-file PATH         Analyze a single code file
+  -dir, --directory PATH          Analyze entire directory
+  -git, --git-repo TEXT           Analyze GitHub repository
+  --provider [claude|openai|ollama]  AI provider (default: claude)
+  --model TEXT                    Model name
+  --report [terminal|pdf|json|markdown]  Report format (default: terminal)
+  --output TEXT                   Output file name
+  --min-severity [LOW|MEDIUM|HIGH|CRITICAL]  Minimum severity level
+  --help                          Show this message and exit
+```
+
+## 📚 Examples
+
+### Quick Security Scan
+```bash
+pluto scan -code myapp.py
+```
+
+### Full Project Audit
+```bash
+pluto scan -dir ./backend --provider claude --report pdf --output project_audit
+```
+
+### GitHub Repository Analysis
+```bash
+pluto scan -git https://github.com/user/vulnerable-app --report json
+```
+
+### Local Private Scan
+```bash
+pluto scan -code sensitive_code.py --provider ollama --model phi
+```
+
+### CI/CD Integration
+```bash
+pluto scan -dir ./src --report json --output results.json --min-severity HIGH
+```
+
+## 📊 Report Formats
+
+- **Terminal**: Colorful, real-time output with severity highlighting
+- **PDF**: Professional report with logo, charts, and detailed findings
+- **JSON**: Machine-readable format for automation and CI/CD
+- **Markdown**: Documentation-friendly format
+
+## 🎨 Supported Languages
+
+Python • JavaScript • TypeScript • Java • C/C++ • Go • Rust • PHP • Ruby • Swift • Kotlin
+
+## 🔧 Configuration
+
+Create a `.plutorc` file in your project root:
+
+```yaml
+provider: claude
+model: claude-sonnet-4-20250514
+min_severity: MEDIUM
+report_format: pdf
+output_dir: ./security-reports
+```
+
+## 🤝 Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request.
+
+1. Fork the repository
+2. Create your feature branch (`git checkout -b feature/AmazingFeature`)
+3. Commit your changes (`git commit -m 'Add some AmazingFeature'`)
+4. Push to the branch (`git push origin feature/AmazingFeature`)
+5. Open a Pull Request
+
+## 📝 License
+
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+
+## 👨‍💻 Author
+
+**0xSaikat**
+- Website: [hackbit.org](https://hackbit.org)
+- GitHub: [@0xsaikat](https://github.com/0xsaikat)
+
+## 🙏 Acknowledgments
+
+- Powered by Claude (Anthropic), OpenAI, and Ollama
+- Built with ❤️ for the security community
+
+## ⚠️ Disclaimer
+
+Pluto is a security analysis tool intended for educational and legitimate security testing purposes only. Always ensure you have permission before scanning code or repositories you don't own.
+
+---
+
+<div align="center">
+Made with 🛡️ by 0xSaikat | <a href="https://hackbit.org">hackbit.org</a>
+</div>

pluto_ai-1.0.0/README.md

@@ -0,0 +1,207 @@
+# 🛡️ Pluto - AI-Powered Code Security Analyzer
+
+<div align="center">
+
+```
+╭─────[By 0xSaikat]───────────────────────────────────╮
+│                                                     │
+│         ____  __      __                            │
+│        / __ \/ /_  __/ /_____                       │
+│       / /_/ / / / / / __/ __ \                      │
+│      / ____/ / /_/ / /_/ /_/ /                      │
+│     /_/   /_/\__,_/\__/\____/   V-1.0               │
+│                                                     │
+│     AI-Powered Code Security Analyzer               │
+│                                                     │
+╰─────────────────────────────────[hackbit.org]───────╯
+```
+
+[![PyPI version](https://badge.fury.io/py/pluto-security-scanner.svg)](https://badge.fury.io/py/pluto-security-scanner)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Python 3.7+](https://img.shields.io/badge/python-3.7+-blue.svg)](https://www.python.org/downloads/)
+
+**Pluto** is a powerful CLI tool that uses AI to detect security vulnerabilities in your code.
+
+[Features](#-features) • [Installation](#-installation) • [Usage](#-usage) • [Examples](#-examples) • [Contributing](#-contributing)
+
+</div>
+
+---
+
+## 🚀 Features
+
+- 🤖 **Multiple AI Providers**: Claude, OpenAI, Ollama (local)
+- 📁 **Flexible Input**: Analyze files, directories, or GitHub repositories
+- 📊 **Multiple Report Formats**: Terminal, PDF, JSON, Markdown
+- 🔒 **Privacy-First**: Local analysis with Ollama support
+- 🎯 **Severity Filtering**: Focus on CRITICAL, HIGH, MEDIUM, or LOW issues
+- 🌐 **Multi-Language Support**: Python, JavaScript, Java, C/C++, Go, Rust, PHP, Ruby, and more
+
+## 🔍 Security Checks
+
+Pluto detects:
+- SQL Injection
+- XSS (Cross-Site Scripting)
+- Authentication/Authorization flaws
+- Hardcoded secrets & credentials
+- Insecure cryptography
+- Path traversal
+- Command injection
+- CSRF vulnerabilities
+- Insecure dependencies
+- And many more...
+
+## 📦 Installation
+
+### From PyPI (Recommended)
+```bash
+pip install pluto-ai
+```
+
+### From Source
+```bash
+git clone https://github.com/0xsaikat/pluto.git
+cd pluto
+pip install -e .
+```
+
+## ⚙️ Setup
+
+### For Claude (Recommended)
+```bash
+export ANTHROPIC_API_KEY='your-api-key-here'
+```
+Get your API key from: https://console.anthropic.com/
+
+### For OpenAI
+```bash
+export OPENAI_API_KEY='your-api-key-here'
+```
+
+### For Ollama (Local, Free)
+```bash
+# Install Ollama from https://ollama.ai
+ollama pull phi
+ollama serve
+```
+
+## 💻 Usage
+
+### Basic Commands
+
+```bash
+# Analyze a single file
+pluto scan -code app.py
+
+# Analyze entire directory
+pluto scan -dir ./src --report pdf --output security_report
+
+# Analyze GitHub repository
+pluto scan -git https://github.com/user/repo --provider claude
+
+# Use local AI (Ollama)
+pluto scan -code app.py --provider ollama --model phi
+
+# Filter by severity
+pluto scan -dir ./src --min-severity HIGH
+```
+
+### Command Options
+
+```
+Options:
+  -code, --code-file PATH         Analyze a single code file
+  -dir, --directory PATH          Analyze entire directory
+  -git, --git-repo TEXT           Analyze GitHub repository
+  --provider [claude|openai|ollama]  AI provider (default: claude)
+  --model TEXT                    Model name
+  --report [terminal|pdf|json|markdown]  Report format (default: terminal)
+  --output TEXT                   Output file name
+  --min-severity [LOW|MEDIUM|HIGH|CRITICAL]  Minimum severity level
+  --help                          Show this message and exit
+```
+
+## 📚 Examples
+
+### Quick Security Scan
+```bash
+pluto scan -code myapp.py
+```
+
+### Full Project Audit
+```bash
+pluto scan -dir ./backend --provider claude --report pdf --output project_audit
+```
+
+### GitHub Repository Analysis
+```bash
+pluto scan -git https://github.com/user/vulnerable-app --report json
+```
+
+### Local Private Scan
+```bash
+pluto scan -code sensitive_code.py --provider ollama --model phi
+```
+
+### CI/CD Integration
+```bash
+pluto scan -dir ./src --report json --output results.json --min-severity HIGH
+```
+
+## 📊 Report Formats
+
+- **Terminal**: Colorful, real-time output with severity highlighting
+- **PDF**: Professional report with logo, charts, and detailed findings
+- **JSON**: Machine-readable format for automation and CI/CD
+- **Markdown**: Documentation-friendly format
+
+## 🎨 Supported Languages
+
+Python • JavaScript • TypeScript • Java • C/C++ • Go • Rust • PHP • Ruby • Swift • Kotlin
+
+## 🔧 Configuration
+
+Create a `.plutorc` file in your project root:
+
+```yaml
+provider: claude
+model: claude-sonnet-4-20250514
+min_severity: MEDIUM
+report_format: pdf
+output_dir: ./security-reports
+```
+
+## 🤝 Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request.
+
+1. Fork the repository
+2. Create your feature branch (`git checkout -b feature/AmazingFeature`)
+3. Commit your changes (`git commit -m 'Add some AmazingFeature'`)
+4. Push to the branch (`git push origin feature/AmazingFeature`)
+5. Open a Pull Request
+
+## 📝 License
+
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+
+## 👨‍💻 Author
+
+**0xSaikat**
+- Website: [hackbit.org](https://hackbit.org)
+- GitHub: [@0xsaikat](https://github.com/0xsaikat)
+
+## 🙏 Acknowledgments
+
+- Powered by Claude (Anthropic), OpenAI, and Ollama
+- Built with ❤️ for the security community
+
+## ⚠️ Disclaimer
+
+Pluto is a security analysis tool intended for educational and legitimate security testing purposes only. Always ensure you have permission before scanning code or repositories you don't own.
+
+---
+
+<div align="center">
+Made with 🛡️ by 0xSaikat | <a href="https://hackbit.org">hackbit.org</a>
+</div>

pluto_ai-1.0.0/pluto/__init__.py

@@ -0,0 +1,18 @@
+"""
+Pluto - AI-Powered Code Security Analyzer
+
+A powerful CLI tool that uses AI to detect security vulnerabilities in your code.
+
+Author: 0xSaikat
+Website: https://hackbit.org
+License: MIT
+"""
+
+__version__ = "1.0.0"
+__author__ = "0xSaikat"
+__email__ = "contact@hackbit.org"
+__license__ = "MIT"
+
+from pluto.cli import cli
+
+__all__ = ['cli']

pluto_ai-1.0.0/pluto/analyzers/__init__.py

@@ -0,0 +1,11 @@
+"""
+Code analysis modules for Pluto.
+
+This package contains analyzers for different types of code inputs
+including single files, directories, and git repositories.
+"""
+
+from pluto.analyzers.code_analyzer import CodeAnalyzer
+from pluto.analyzers.git_analyzer import GitAnalyzer
+
+__all__ = ['CodeAnalyzer', 'GitAnalyzer']

pluto_ai-1.0.0/pluto/analyzers/code_analyzer.py

@@ -0,0 +1,34 @@
+from typing import List, Dict, Optional
+import json
+
+class CodeAnalyzer:
+    def __init__(self, provider: str = 'claude', model: str = 'claude-sonnet-4-20250514'):
+        self.provider = provider
+        self.model = model
+        
+        if provider == 'claude':
+            from pluto.providers.claude_provider import ClaudeProvider
+            self.ai_provider = ClaudeProvider(model)
+        elif provider == 'openai':
+            from pluto.providers.openai_provider import OpenAIProvider
+            self.ai_provider = OpenAIProvider(model)
+        elif provider == 'ollama':
+            from pluto.providers.ollama_provider import OllamaProvider
+            self.ai_provider = OllamaProvider(model)
+        else:
+            raise ValueError(f"Unknown provider: {provider}")
+    
+    def analyze_file(self, file_path: str) -> List[Dict]:
+        """Analyze a single file for vulnerabilities"""
+        try:
+            with open(file_path, 'r', encoding='utf-8', errors='ignore') as f:
+                code = f.read()
+            
+            if not code.strip():
+                return []
+            
+            vulnerabilities = self.ai_provider.analyze_code(code, file_path)
+            return vulnerabilities
+        except Exception as e:
+            print(f"Error analyzing {file_path}: {str(e)}")
+            return []

pluto_ai-1.0.0/pluto/analyzers/git_analyzer.py

@@ -0,0 +1,15 @@
+import os
+import tempfile
+import shutil
+from git import Repo
+
+class GitAnalyzer:
+    def clone_repo(self, repo_url: str) -> str:
+        """Clone a git repository to a temporary directory"""
+        temp_dir = tempfile.mkdtemp(prefix='pluto_')
+        try:
+            Repo.clone_from(repo_url, temp_dir, depth=1)
+            return temp_dir
+        except Exception as e:
+            shutil.rmtree(temp_dir, ignore_errors=True)
+            raise Exception(f"Failed to clone repository: {str(e)}")

pluto_ai-1.0.0/pluto/cli.py

@@ -0,0 +1,131 @@
+import click
+import json
+import os
+from pathlib import Path
+from typing import Optional, List
+import sys
+
+def print_banner():
+    """Print the Pluto banner with styled text."""
+    banner = (
+        "\033[1;36m"  
+        "\n"
+        "╭─────[By 0xSaikat]───────────────────────────────────╮\n"
+        "│                                                     │\n"
+        "│         ____  __      __                            │\n"
+        "│        / __ \\/ /_  __/ /_____                       │\n"
+        "│       / /_/ / / / / / __/ __ \\                      │\n"
+        "│      / ____/ / /_/ / /_/ /_/ /                      │\n"
+        "│     /_/   /_/\\__,_/\\__/\\____/   V-1.0               │\n"
+        "│                                                     │\n"
+        "│     AI-Powered Code Security Analyzer               │\n"
+        "│                                                     │\n"
+        "╰─────────────────────────────────[hackbit.org]───────╯\n"
+        "\033[0m"  
+    )
+    print(banner)
+
+@click.group(invoke_without_command=True)
+@click.pass_context
+@click.version_option(version='1.0.0')
+def cli(ctx):
+    """Pluto - AI-Powered Code Security Analyzer"""
+    if ctx.invoked_subcommand is None:
+        print_banner()
+        click.echo("\nUse 'pluto scan --help' to see available options\n")
+
+@cli.command()
+@click.option('-code', '--code-file', type=click.Path(exists=True), help='Analyze a single code file')
+@click.option('-dir', '--directory', type=click.Path(exists=True), help='Analyze entire directory')
+@click.option('-git', '--git-repo', type=str, help='Analyze GitHub repository')
+@click.option('--provider', type=click.Choice(['claude', 'openai', 'ollama']), default='claude', help='AI provider')
+@click.option('--model', type=str, default='claude-sonnet-4-20250514', help='Model name')
+@click.option('--report', type=click.Choice(['terminal', 'pdf', 'json', 'html', 'markdown']), default='terminal', help='Report format')
+@click.option('--output', type=str, default='pluto_report', help='Output file name (without extension)')
+@click.option('--min-severity', type=click.Choice(['LOW', 'MEDIUM', 'HIGH', 'CRITICAL']), default='LOW', help='Minimum severity level')
+def scan(code_file, directory, git_repo, provider, model, report, output, min_severity):
+    """Scan code for security vulnerabilities"""
+    print_banner()  
+    from pluto.analyzers.code_analyzer import CodeAnalyzer
+    from pluto.reporters.terminal_reporter import TerminalReporter
+    from pluto.reporters.pdf_reporter import PDFReporter
+    from pluto.reporters.json_reporter import JSONReporter
+    from pluto.reporters.markdown_reporter import MarkdownReporter
+    
+    analyzer = CodeAnalyzer(provider=provider, model=model)
+    
+    
+    files_to_analyze = []
+    
+    if code_file:
+        files_to_analyze.append(code_file)
+    elif directory:
+        files_to_analyze = get_code_files(directory)
+    elif git_repo:
+        click.echo("Cloning repository...")
+        from pluto.analyzers.git_analyzer import GitAnalyzer
+        git_analyzer = GitAnalyzer()
+        repo_path = git_analyzer.clone_repo(git_repo)
+        files_to_analyze = get_code_files(repo_path)
+    else:
+        click.echo("Error: Please specify -code, -dir, or -git")
+        return
+    
+    if not files_to_analyze:
+        click.echo("No code files found to analyze")
+        return
+    
+    click.echo(f"Analyzing {len(files_to_analyze)} file(s)...")
+    
+    
+    all_results = []
+    for file_path in files_to_analyze:
+        click.echo(f"Scanning: {file_path}")
+        results = analyzer.analyze_file(file_path)
+        if results:
+            all_results.extend(results)
+    
+    
+    severity_order = {'LOW': 0, 'MEDIUM': 1, 'HIGH': 2, 'CRITICAL': 3}
+    min_level = severity_order[min_severity]
+    filtered_results = [r for r in all_results if severity_order.get(r.get('severity', 'LOW'), 0) >= min_level]
+    
+    if report == 'terminal' or report == 'terminal':
+        reporter = TerminalReporter()
+        reporter.generate(filtered_results)
+    
+    if report == 'pdf':
+        reporter = PDFReporter()
+        reporter.generate(filtered_results, f"{output}.pdf")
+        click.echo(f"\nPDF report saved to: {output}.pdf")
+    
+    if report == 'json':
+        reporter = JSONReporter()
+        reporter.generate(filtered_results, f"{output}.json")
+        click.echo(f"\nJSON report saved to: {output}.json")
+    
+    if report == 'markdown':
+        reporter = MarkdownReporter()
+        reporter.generate(filtered_results, f"{output}.md")
+        click.echo(f"\nMarkdown report saved to: {output}.md")
+
+def get_code_files(path):
+    """Get all code files from a directory"""
+    code_extensions = {'.py', '.js', '.jsx', '.ts', '.tsx', '.java', '.cpp', '.c', '.go', '.rs', '.php', '.rb', '.swift', '.kt'}
+    files = []
+    path_obj = Path(path)
+    
+    if path_obj.is_file():
+        return [str(path_obj)]
+    
+    for file in path_obj.rglob('*'):
+        if file.is_file() and file.suffix in code_extensions:
+            
+            if any(skip in file.parts for skip in ['node_modules', 'venv', '.git', '__pycache__', 'dist', 'build']):
+                continue
+            files.append(str(file))
+    
+    return files
+
+if __name__ == '__main__':
+    cli()

pluto_ai-1.0.0/pluto/providers/__init__.py

@@ -0,0 +1,12 @@
+"""
+AI provider integrations for Pluto.
+
+This package contains integrations with various AI providers
+including Claude (Anthropic), OpenAI, and Ollama (local).
+"""
+
+from pluto.providers.claude_provider import ClaudeProvider
+from pluto.providers.openai_provider import OpenAIProvider
+from pluto.providers.ollama_provider import OllamaProvider
+
+__all__ = ['ClaudeProvider', 'OpenAIProvider', 'OllamaProvider']