zen-ai-pentest 2.0.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- agents/__init__.py +28 -0
- agents/agent_base.py +239 -0
- agents/agent_orchestrator.py +346 -0
- agents/analysis_agent.py +225 -0
- agents/cli.py +258 -0
- agents/exploit_agent.py +224 -0
- agents/integration.py +211 -0
- agents/post_scan_agent.py +937 -0
- agents/react_agent.py +384 -0
- agents/react_agent_enhanced.py +616 -0
- agents/react_agent_vm.py +298 -0
- agents/research_agent.py +176 -0
- api/__init__.py +11 -0
- api/auth.py +123 -0
- api/main.py +1027 -0
- api/schemas.py +357 -0
- api/websocket.py +97 -0
- autonomous/__init__.py +122 -0
- autonomous/agent.py +253 -0
- autonomous/agent_loop.py +1370 -0
- autonomous/exploit_validator.py +1537 -0
- autonomous/memory.py +448 -0
- autonomous/react.py +339 -0
- autonomous/tool_executor.py +488 -0
- backends/__init__.py +16 -0
- backends/chatgpt_direct.py +133 -0
- backends/claude_direct.py +130 -0
- backends/duckduckgo.py +138 -0
- backends/openrouter.py +120 -0
- benchmarks/__init__.py +149 -0
- benchmarks/benchmark_engine.py +904 -0
- benchmarks/ci_benchmark.py +785 -0
- benchmarks/comparison.py +729 -0
- benchmarks/metrics.py +553 -0
- benchmarks/run_benchmarks.py +809 -0
- ci_cd/__init__.py +2 -0
- core/__init__.py +17 -0
- core/async_pool.py +282 -0
- core/asyncio_fix.py +222 -0
- core/cache.py +472 -0
- core/container.py +277 -0
- core/database.py +114 -0
- core/input_validator.py +353 -0
- core/models.py +288 -0
- core/orchestrator.py +611 -0
- core/plugin_manager.py +571 -0
- core/rate_limiter.py +405 -0
- core/secure_config.py +328 -0
- core/shield_integration.py +296 -0
- modules/__init__.py +46 -0
- modules/cve_database.py +362 -0
- modules/exploit_assist.py +330 -0
- modules/nuclei_integration.py +480 -0
- modules/osint.py +604 -0
- modules/protonvpn.py +554 -0
- modules/recon.py +165 -0
- modules/sql_injection_db.py +826 -0
- modules/tool_orchestrator.py +498 -0
- modules/vuln_scanner.py +292 -0
- modules/wordlist_generator.py +566 -0
- risk_engine/__init__.py +99 -0
- risk_engine/business_impact.py +267 -0
- risk_engine/business_impact_calculator.py +563 -0
- risk_engine/cvss.py +156 -0
- risk_engine/epss.py +190 -0
- risk_engine/example_usage.py +294 -0
- risk_engine/false_positive_engine.py +1073 -0
- risk_engine/scorer.py +304 -0
- web_ui/backend/main.py +471 -0
- zen_ai_pentest-2.0.0.dist-info/METADATA +795 -0
- zen_ai_pentest-2.0.0.dist-info/RECORD +75 -0
- zen_ai_pentest-2.0.0.dist-info/WHEEL +5 -0
- zen_ai_pentest-2.0.0.dist-info/entry_points.txt +2 -0
- zen_ai_pentest-2.0.0.dist-info/licenses/LICENSE +21 -0
- zen_ai_pentest-2.0.0.dist-info/top_level.txt +10 -0
autonomous/agent.py
ADDED
|
@@ -0,0 +1,253 @@
|
|
|
1
|
+
"""
|
|
2
|
+
Autonomous Agent - Main Entry Point
|
|
3
|
+
|
|
4
|
+
Combines ReAct reasoning, tool execution, and memory into a unified agent.
|
|
5
|
+
"""
|
|
6
|
+
|
|
7
|
+
import asyncio
|
|
8
|
+
import json
|
|
9
|
+
import logging
|
|
10
|
+
from dataclasses import dataclass, field
|
|
11
|
+
from datetime import datetime
|
|
12
|
+
from typing import Any, Callable, Dict, List, Optional
|
|
13
|
+
|
|
14
|
+
from .react import ReActLoop, Thought, Action, Observation
|
|
15
|
+
from .tool_executor import ToolExecutor, ToolRegistry, SafetyLevel
|
|
16
|
+
from .memory import MemoryManager
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
@dataclass
|
|
20
|
+
class AgentConfig:
|
|
21
|
+
"""Configuration for the autonomous agent."""
|
|
22
|
+
max_iterations: int = 50
|
|
23
|
+
safety_level: SafetyLevel = SafetyLevel.NON_DESTRUCTIVE
|
|
24
|
+
human_in_the_loop: bool = False
|
|
25
|
+
enable_memory: bool = True
|
|
26
|
+
use_docker: bool = False
|
|
27
|
+
timeout: int = 300
|
|
28
|
+
output_dir: Optional[str] = None
|
|
29
|
+
|
|
30
|
+
|
|
31
|
+
class AutonomousAgent:
|
|
32
|
+
"""
|
|
33
|
+
Fully autonomous penetration testing agent.
|
|
34
|
+
|
|
35
|
+
Capabilities:
|
|
36
|
+
- Goal-directed hacking
|
|
37
|
+
- Real tool execution
|
|
38
|
+
- Persistent memory
|
|
39
|
+
- Self-correction
|
|
40
|
+
- Safety controls
|
|
41
|
+
|
|
42
|
+
Example:
|
|
43
|
+
agent = AutonomousAgent(
|
|
44
|
+
llm_client=my_llm,
|
|
45
|
+
config=AgentConfig(safety_level=SafetyLevel.READ_ONLY)
|
|
46
|
+
)
|
|
47
|
+
|
|
48
|
+
result = await agent.run(
|
|
49
|
+
goal="Find all open ports on 192.168.1.1",
|
|
50
|
+
target="192.168.1.1"
|
|
51
|
+
)
|
|
52
|
+
"""
|
|
53
|
+
|
|
54
|
+
def __init__(
|
|
55
|
+
self,
|
|
56
|
+
llm_client,
|
|
57
|
+
config: Optional[AgentConfig] = None,
|
|
58
|
+
tool_registry: Optional[ToolRegistry] = None,
|
|
59
|
+
memory_manager: Optional[MemoryManager] = None
|
|
60
|
+
):
|
|
61
|
+
self.llm = llm_client
|
|
62
|
+
self.config = config or AgentConfig()
|
|
63
|
+
self.logger = logging.getLogger(__name__)
|
|
64
|
+
|
|
65
|
+
# Initialize components
|
|
66
|
+
self.tools = ToolExecutor(
|
|
67
|
+
registry=tool_registry,
|
|
68
|
+
safety_level=self.config.safety_level,
|
|
69
|
+
use_docker=self.config.use_docker,
|
|
70
|
+
output_dir=self.config.output_dir
|
|
71
|
+
)
|
|
72
|
+
|
|
73
|
+
self.memory = memory_manager or MemoryManager(
|
|
74
|
+
enable_embeddings=False
|
|
75
|
+
)
|
|
76
|
+
|
|
77
|
+
self.react = ReActLoop(
|
|
78
|
+
llm_client=llm_client,
|
|
79
|
+
tool_executor=self.tools,
|
|
80
|
+
memory_manager=self.memory,
|
|
81
|
+
max_iterations=self.config.max_iterations,
|
|
82
|
+
human_in_the_loop=self.config.human_in_the_loop
|
|
83
|
+
)
|
|
84
|
+
|
|
85
|
+
self.execution_history: List[Dict] = []
|
|
86
|
+
|
|
87
|
+
async def run(
|
|
88
|
+
self,
|
|
89
|
+
goal: str,
|
|
90
|
+
target: Optional[str] = None,
|
|
91
|
+
scope: Optional[Dict] = None,
|
|
92
|
+
callbacks: Optional[Dict[str, Callable]] = None
|
|
93
|
+
) -> Dict[str, Any]:
|
|
94
|
+
"""
|
|
95
|
+
Execute an autonomous penetration test.
|
|
96
|
+
|
|
97
|
+
Args:
|
|
98
|
+
goal: High-level objective (e.g., "Find RCE vulnerability")
|
|
99
|
+
target: Target system (IP, URL, etc.)
|
|
100
|
+
scope: Scope limitations and rules
|
|
101
|
+
callbacks: Optional callbacks for events
|
|
102
|
+
|
|
103
|
+
Returns:
|
|
104
|
+
Complete execution result with findings
|
|
105
|
+
"""
|
|
106
|
+
self.logger.info(f"Starting autonomous execution: {goal}")
|
|
107
|
+
|
|
108
|
+
# Prepare context
|
|
109
|
+
context = {
|
|
110
|
+
'target': target,
|
|
111
|
+
'scope': scope or {},
|
|
112
|
+
'safety_level': self.config.safety_level.name,
|
|
113
|
+
'start_time': datetime.now().isoformat()
|
|
114
|
+
}
|
|
115
|
+
|
|
116
|
+
# Execute ReAct loop
|
|
117
|
+
result = await self.react.run(goal, context)
|
|
118
|
+
|
|
119
|
+
# Record episode
|
|
120
|
+
await self.memory.record_episode(
|
|
121
|
+
outcome=result.get('execution_trace', ''),
|
|
122
|
+
success=result.get('completed', False)
|
|
123
|
+
)
|
|
124
|
+
|
|
125
|
+
# Compile final report
|
|
126
|
+
report = self._compile_report(result, target)
|
|
127
|
+
|
|
128
|
+
self.execution_history.append(report)
|
|
129
|
+
|
|
130
|
+
return report
|
|
131
|
+
|
|
132
|
+
def _compile_report(
|
|
133
|
+
self,
|
|
134
|
+
result: Dict,
|
|
135
|
+
target: Optional[str]
|
|
136
|
+
) -> Dict[str, Any]:
|
|
137
|
+
"""Compile execution result into a comprehensive report."""
|
|
138
|
+
|
|
139
|
+
# Extract findings
|
|
140
|
+
findings = []
|
|
141
|
+
for entry in result.get('history', []):
|
|
142
|
+
if entry.get('type') == 'observation':
|
|
143
|
+
obs_result = entry.get('result', {})
|
|
144
|
+
if isinstance(obs_result, dict):
|
|
145
|
+
if 'findings' in obs_result:
|
|
146
|
+
findings.extend(obs_result['findings'])
|
|
147
|
+
if 'open_ports' in obs_result:
|
|
148
|
+
for port in obs_result['open_ports']:
|
|
149
|
+
findings.append({
|
|
150
|
+
'type': 'open_port',
|
|
151
|
+
'severity': 'info',
|
|
152
|
+
'details': port
|
|
153
|
+
})
|
|
154
|
+
|
|
155
|
+
# Calculate statistics
|
|
156
|
+
tools_used = set()
|
|
157
|
+
for entry in result.get('history', []):
|
|
158
|
+
if entry.get('type') == 'action' and entry.get('tool'):
|
|
159
|
+
tools_used.add(entry.get('tool'))
|
|
160
|
+
|
|
161
|
+
return {
|
|
162
|
+
'summary': {
|
|
163
|
+
'goal': result.get('goal'),
|
|
164
|
+
'target': target,
|
|
165
|
+
'completed': result.get('completed'),
|
|
166
|
+
'steps_taken': result.get('steps_taken'),
|
|
167
|
+
'tools_used': list(tools_used),
|
|
168
|
+
'findings_count': len(findings),
|
|
169
|
+
'duration': self._calculate_duration(result)
|
|
170
|
+
},
|
|
171
|
+
'findings': findings,
|
|
172
|
+
'execution_trace': result.get('history', []),
|
|
173
|
+
'timestamp': datetime.now().isoformat(),
|
|
174
|
+
'agent_version': '2.0.0'
|
|
175
|
+
}
|
|
176
|
+
|
|
177
|
+
def _calculate_duration(self, result: Dict) -> float:
|
|
178
|
+
"""Calculate execution duration from history."""
|
|
179
|
+
history = result.get('history', [])
|
|
180
|
+
if not history:
|
|
181
|
+
return 0.0
|
|
182
|
+
|
|
183
|
+
# This is a simplified calculation
|
|
184
|
+
# In production, track actual timestamps
|
|
185
|
+
return result.get('steps_taken', 0) * 5.0 # Estimate 5s per step
|
|
186
|
+
|
|
187
|
+
async def scan_target(
|
|
188
|
+
self,
|
|
189
|
+
target: str,
|
|
190
|
+
scan_type: str = 'comprehensive'
|
|
191
|
+
) -> Dict[str, Any]:
|
|
192
|
+
"""
|
|
193
|
+
Quick scan method for common use cases.
|
|
194
|
+
|
|
195
|
+
Args:
|
|
196
|
+
target: Target to scan
|
|
197
|
+
scan_type: 'quick', 'standard', or 'comprehensive'
|
|
198
|
+
|
|
199
|
+
Returns:
|
|
200
|
+
Scan results
|
|
201
|
+
"""
|
|
202
|
+
goals = {
|
|
203
|
+
'quick': f"Quick reconnaissance of {target}",
|
|
204
|
+
'standard': f"Standard vulnerability assessment of {target}",
|
|
205
|
+
'comprehensive': f"Comprehensive penetration test of {target}"
|
|
206
|
+
}
|
|
207
|
+
|
|
208
|
+
goal = goals.get(scan_type, goals['standard'])
|
|
209
|
+
|
|
210
|
+
return await self.run(
|
|
211
|
+
goal=goal,
|
|
212
|
+
target=target,
|
|
213
|
+
scope={'depth': scan_type}
|
|
214
|
+
)
|
|
215
|
+
|
|
216
|
+
async def exploit_target(
|
|
217
|
+
self,
|
|
218
|
+
target: str,
|
|
219
|
+
vulnerability: str
|
|
220
|
+
) -> Dict[str, Any]:
|
|
221
|
+
"""
|
|
222
|
+
Attempt to exploit a specific vulnerability.
|
|
223
|
+
|
|
224
|
+
Requires SafetyLevel.EXPLOIT or higher.
|
|
225
|
+
"""
|
|
226
|
+
if self.config.safety_level.value < SafetyLevel.EXPLOIT.value:
|
|
227
|
+
return {
|
|
228
|
+
'error': 'Safety level too low for exploitation',
|
|
229
|
+
'required': SafetyLevel.EXPLOIT.name,
|
|
230
|
+
'current': self.config.safety_level.name
|
|
231
|
+
}
|
|
232
|
+
|
|
233
|
+
return await self.run(
|
|
234
|
+
goal=f"Exploit {vulnerability} on {target}",
|
|
235
|
+
target=target,
|
|
236
|
+
scope={'exploitation': True, 'target_vuln': vulnerability}
|
|
237
|
+
)
|
|
238
|
+
|
|
239
|
+
def get_capabilities(self) -> Dict[str, Any]:
|
|
240
|
+
"""Get information about agent capabilities."""
|
|
241
|
+
return {
|
|
242
|
+
'version': '2.0.0',
|
|
243
|
+
'safety_level': self.config.safety_level.name,
|
|
244
|
+
'max_iterations': self.config.max_iterations,
|
|
245
|
+
'available_tools': self.tools.get_available_tools(),
|
|
246
|
+
'features': [
|
|
247
|
+
'ReAct reasoning loop',
|
|
248
|
+
'Real tool execution',
|
|
249
|
+
'Persistent memory',
|
|
250
|
+
'Self-correction',
|
|
251
|
+
'Safety controls'
|
|
252
|
+
]
|
|
253
|
+
}
|