vulnerability-scan 0.1.0__tar.gz

vulnerability_scan-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 CBRS-503
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

vulnerability_scan-0.1.0/PKG-INFO

@@ -0,0 +1,262 @@
+Metadata-Version: 2.4
+Name: vulnerability-scan
+Version: 0.1.0
+Summary: AI-powered multi-agent OWASP vulnerability scanner using LangChain and Groq
+Author: CBRS-503
+License: MIT License
+        
+        Copyright (c) 2026 CBRS-503
+        
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+        
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE.
+        
+Project-URL: Homepage, https://github.com/alinoureldin707/vulnerability-scan
+Project-URL: Repository, https://github.com/alinoureldin707/vulnerability-scan
+Project-URL: Bug Tracker, https://github.com/alinoureldin707/vulnerability-scan/issues
+Project-URL: Changelog, https://github.com/alinoureldin707/vulnerability-scan/releases
+Keywords: security,owasp,vulnerability,scanner,langchain,groq,sast,ai
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Topic :: Software Development :: Testing
+Classifier: Natural Language :: English
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: langchain>=0.3
+Requires-Dist: langchain-groq>=0.2
+Requires-Dist: pydantic>=2.0
+Requires-Dist: python-dotenv>=1.0
+Requires-Dist: rich>=13.0
+Requires-Dist: python-docx>=1.1
+Requires-Dist: matplotlib>=3.8
+Provides-Extra: dev
+Requires-Dist: build>=1.0; extra == "dev"
+Requires-Dist: twine>=5.0; extra == "dev"
+Dynamic: license-file
+
+# OWASP Security Scanner
+
+[![PyPI version](https://img.shields.io/pypi/v/vulnerability-scan)](https://pypi.org/project/vulnerability-scan/)
+[![Python](https://img.shields.io/pypi/pyversions/vulnerability-scan)](https://pypi.org/project/vulnerability-scan/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+A multi-agent static analysis pipeline that scans source files **in any programming language** for OWASP Top-10 vulnerabilities. It produces a structured `report.json` and a human-readable `report.md`.
+
+---
+
+## Quick Start
+
+```bash
+pip install vulnerability-scan
+export GROQ_API_KEY=gsk_...   # or add to a .env file
+vulnerability-scan ./your-project
+```
+
+---
+
+---
+
+## Pipeline Overview
+
+```
+Source files
+    │
+    ▼
+[agent_splitter]  ── LLM splits each file into logical chunks (functions / classes / routes)
+    │
+    ▼
+[agent_finder]  ── identifies OWASP Top-10 vulnerabilities per chunk
+    │
+    ▼
+[agent_mitigator]  ── produces fix recommendation + corrected code per finding
+    │
+    ▼
+[agent_verifier]  ── drops false positives, adjusts confidence scores
+    │
+    ▼
+[aggregator]  ── deduplicates by (file, OWASP ID, line)
+    │
+    ▼
+report.json + report.md
+```
+
+---
+
+## Prerequisites
+
+| Requirement  | Version                                      |
+| ------------ | -------------------------------------------- |
+| Python       | ≥ 3.11                                       |
+| Groq API key | [console.groq.com](https://console.groq.com) |
+
+### Install from PyPI
+
+```bash
+pip install vulnerability-scan
+```
+
+### Install from source
+
+```bash
+git clone https://github.com/alinoureldin707/vulnerability-scan.git
+cd vulnerability-scan
+pip install .
+```
+
+---
+
+## Configuration
+
+Create a `.env` file in the project root:
+
+```env
+GROQ_API_KEY=gsk_...
+```
+
+The model and temperature are set in `config.py`:
+
+```python
+MODEL_NAME  = "openai/gpt-oss-20b"   # any Groq-hosted model
+TEMPERATURE = 0.0
+```
+
+---
+
+## Usage
+
+```bash
+# Scan a directory (all supported source files)
+vulnerability-scan ./project
+
+# Scan a single file
+vulnerability-scan ./project/vulnerable_app.py
+
+# Also generate a .docx professional report
+vulnerability-scan ./project --report
+
+# Default (scans ./project if no argument given)
+vulnerability-scan
+
+# Alternatively, run as a module
+python -m vul_scan ./project
+```
+
+Outputs are written to the current working directory:
+
+| File          | Description                                                          |
+| ------------- | -------------------------------------------------------------------- |
+| `report.json` | Machine-readable findings with risk analysis                         |
+| `report.md`   | Human-readable report with severity tables, evidence, and fixed code |
+
+---
+
+## Output Format
+
+### `report.json` structure
+
+```jsonc
+{
+  "generated_at": "2026-02-20T19:22:13Z",
+  "scanned_path": "...",
+  "total_files": 5,
+  "total_chunks": 7,
+  "total_findings": 2,
+  "risk_analysis": {
+    // aggregate across all findings
+    "overall_risk": "HIGH",
+    "severity_breakdown": { "high": 2, "medium": 0, "low": 0 },
+    "owasp_category_breakdown": { "A03:2021": 1 },
+    "most_affected_files": [{ "file": "...", "findings": 2 }],
+  },
+  "findings": [
+    {
+      "file": "...",
+      "owasp_id": "A03:2021",
+      "name": "SQL Injection",
+      "risk_summary": "...",
+      "description": "...",
+      "evidence": "...",
+      "line_start": 10,
+      "line_end": 14,
+      "exploitation_steps": ["..."],
+      "impact": "...",
+      "confidence": 0.97,
+      "mitigation": "...",
+      "fix_line_start": 10,
+      "fix_line_end": 14,
+      "fixed_code": "...",
+      "risk_analysis": {
+        // per-finding risk analysis
+        "severity": "HIGH",
+        "likelihood": "HIGH",
+        "risk_score": 9.7,
+        "remediation_priority": "P1 — Immediate",
+        "attack_vector": "Injection",
+      },
+    },
+  ],
+}
+```
+
+### Exit codes
+
+| Code | Meaning                              |
+| ---- | ------------------------------------ |
+| `0`  | No verified vulnerabilities found    |
+| `1`  | One or more vulnerabilities detected |
+
+---
+
+## Project Structure
+
+```
+.
+├── __main__.py          # Orchestration entry point
+├── agent.py             # LLM agent definitions (finder, mitigator, verifier)
+├── chuncks_splitter.py  # agent_splitter (LLM) file → CodeChunk splitting
+├── config.py            # Model name, temperature, API key loading
+├── models.py            # Pydantic data models for all pipeline stages
+├── printer.py           # Rich terminal output helpers
+├── prompt.py            # System prompts for all agents
+├── report_writer.py     # report.json + report.md generation
+├── .env                 # GROQ_API_KEY (not committed)
+└── project/             # Example target code
+    ├── vulnerable_app.py
+    ├── no_vulnerable.py
+    ├── test.py
+    ├── test.js
+    └── test.ts
+```
+
+---
+
+## Supported Languages
+
+| Language   | Extensions    |
+| ---------- | ------------- |
+| Python     | `.py`         |
+| JavaScript | `.js`, `.jsx` |
+| TypeScript | `.ts`, `.tsx` |

vulnerability_scan-0.1.0/pyproject.toml

@@ -0,0 +1,62 @@
+[build-system]
+requires = ["setuptools>=68", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "vulnerability-scan"
+version = "0.1.0"
+description = "AI-powered multi-agent OWASP vulnerability scanner using LangChain and Groq"
+readme = "vul-scan/README.md"
+requires-python = ">=3.11"
+license = { file = "LICENSE" }
+authors = [
+    { name = "CBRS-503" },
+]
+keywords = ["security", "owasp", "vulnerability", "scanner", "langchain", "groq", "sast", "ai"]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Intended Audience :: Developers",
+    "Intended Audience :: Information Technology",
+    "License :: OSI Approved :: MIT License",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Security",
+    "Topic :: Software Development :: Quality Assurance",
+    "Topic :: Software Development :: Testing",
+    "Natural Language :: English",
+]
+dependencies = [
+    "langchain>=0.3",
+    "langchain-groq>=0.2",
+    "pydantic>=2.0",
+    "python-dotenv>=1.0",
+    "rich>=13.0",
+    "python-docx>=1.1",
+    "matplotlib>=3.8",
+]
+
+[project.urls]
+Homepage = "https://github.com/alinoureldin707/vulnerability-scan"
+Repository = "https://github.com/alinoureldin707/vulnerability-scan"
+"Bug Tracker" = "https://github.com/alinoureldin707/vulnerability-scan/issues"
+Changelog = "https://github.com/alinoureldin707/vulnerability-scan/releases"
+
+[project.scripts]
+vulnerability-scan = "vul_scan.__main__:main"
+
+[project.optional-dependencies]
+dev = [
+    "build>=1.0",
+    "twine>=5.0",
+]
+
+[tool.setuptools]
+packages = ["vul_scan"]
+
+[tool.setuptools.package-dir]
+"vul_scan" = "vul-scan"
+
+[tool.setuptools.package-data]
+"vul_scan" = ["*.md"]

vulnerability_scan-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

vulnerability_scan-0.1.0/vul-scan/README.md

@@ -0,0 +1,203 @@
+# OWASP Security Scanner
+
+[![PyPI version](https://img.shields.io/pypi/v/vulnerability-scan)](https://pypi.org/project/vulnerability-scan/)
+[![Python](https://img.shields.io/pypi/pyversions/vulnerability-scan)](https://pypi.org/project/vulnerability-scan/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+A multi-agent static analysis pipeline that scans source files **in any programming language** for OWASP Top-10 vulnerabilities. It produces a structured `report.json` and a human-readable `report.md`.
+
+---
+
+## Quick Start
+
+```bash
+pip install vulnerability-scan
+export GROQ_API_KEY=gsk_...   # or add to a .env file
+vulnerability-scan ./your-project
+```
+
+---
+
+---
+
+## Pipeline Overview
+
+```
+Source files
+    │
+    ▼
+[agent_splitter]  ── LLM splits each file into logical chunks (functions / classes / routes)
+    │
+    ▼
+[agent_finder]  ── identifies OWASP Top-10 vulnerabilities per chunk
+    │
+    ▼
+[agent_mitigator]  ── produces fix recommendation + corrected code per finding
+    │
+    ▼
+[agent_verifier]  ── drops false positives, adjusts confidence scores
+    │
+    ▼
+[aggregator]  ── deduplicates by (file, OWASP ID, line)
+    │
+    ▼
+report.json + report.md
+```
+
+---
+
+## Prerequisites
+
+| Requirement  | Version                                      |
+| ------------ | -------------------------------------------- |
+| Python       | ≥ 3.11                                       |
+| Groq API key | [console.groq.com](https://console.groq.com) |
+
+### Install from PyPI
+
+```bash
+pip install vulnerability-scan
+```
+
+### Install from source
+
+```bash
+git clone https://github.com/alinoureldin707/vulnerability-scan.git
+cd vulnerability-scan
+pip install .
+```
+
+---
+
+## Configuration
+
+Create a `.env` file in the project root:
+
+```env
+GROQ_API_KEY=gsk_...
+```
+
+The model and temperature are set in `config.py`:
+
+```python
+MODEL_NAME  = "openai/gpt-oss-20b"   # any Groq-hosted model
+TEMPERATURE = 0.0
+```
+
+---
+
+## Usage
+
+```bash
+# Scan a directory (all supported source files)
+vulnerability-scan ./project
+
+# Scan a single file
+vulnerability-scan ./project/vulnerable_app.py
+
+# Also generate a .docx professional report
+vulnerability-scan ./project --report
+
+# Default (scans ./project if no argument given)
+vulnerability-scan
+
+# Alternatively, run as a module
+python -m vul_scan ./project
+```
+
+Outputs are written to the current working directory:
+
+| File          | Description                                                          |
+| ------------- | -------------------------------------------------------------------- |
+| `report.json` | Machine-readable findings with risk analysis                         |
+| `report.md`   | Human-readable report with severity tables, evidence, and fixed code |
+
+---
+
+## Output Format
+
+### `report.json` structure
+
+```jsonc
+{
+  "generated_at": "2026-02-20T19:22:13Z",
+  "scanned_path": "...",
+  "total_files": 5,
+  "total_chunks": 7,
+  "total_findings": 2,
+  "risk_analysis": {
+    // aggregate across all findings
+    "overall_risk": "HIGH",
+    "severity_breakdown": { "high": 2, "medium": 0, "low": 0 },
+    "owasp_category_breakdown": { "A03:2021": 1 },
+    "most_affected_files": [{ "file": "...", "findings": 2 }],
+  },
+  "findings": [
+    {
+      "file": "...",
+      "owasp_id": "A03:2021",
+      "name": "SQL Injection",
+      "risk_summary": "...",
+      "description": "...",
+      "evidence": "...",
+      "line_start": 10,
+      "line_end": 14,
+      "exploitation_steps": ["..."],
+      "impact": "...",
+      "confidence": 0.97,
+      "mitigation": "...",
+      "fix_line_start": 10,
+      "fix_line_end": 14,
+      "fixed_code": "...",
+      "risk_analysis": {
+        // per-finding risk analysis
+        "severity": "HIGH",
+        "likelihood": "HIGH",
+        "risk_score": 9.7,
+        "remediation_priority": "P1 — Immediate",
+        "attack_vector": "Injection",
+      },
+    },
+  ],
+}
+```
+
+### Exit codes
+
+| Code | Meaning                              |
+| ---- | ------------------------------------ |
+| `0`  | No verified vulnerabilities found    |
+| `1`  | One or more vulnerabilities detected |
+
+---
+
+## Project Structure
+
+```
+.
+├── __main__.py          # Orchestration entry point
+├── agent.py             # LLM agent definitions (finder, mitigator, verifier)
+├── chuncks_splitter.py  # agent_splitter (LLM) file → CodeChunk splitting
+├── config.py            # Model name, temperature, API key loading
+├── models.py            # Pydantic data models for all pipeline stages
+├── printer.py           # Rich terminal output helpers
+├── prompt.py            # System prompts for all agents
+├── report_writer.py     # report.json + report.md generation
+├── .env                 # GROQ_API_KEY (not committed)
+└── project/             # Example target code
+    ├── vulnerable_app.py
+    ├── no_vulnerable.py
+    ├── test.py
+    ├── test.js
+    └── test.ts
+```
+
+---
+
+## Supported Languages
+
+| Language   | Extensions    |
+| ---------- | ------------- |
+| Python     | `.py`         |
+| JavaScript | `.js`, `.jsx` |
+| TypeScript | `.ts`, `.tsx` |

vulnerability_scan-0.1.0/vul-scan/__init__.py

@@ -0,0 +1 @@
+# vul_scan package