zen-ai-pentest 2.0.0__py3-none-any.whl

backends/claude_direct.py

@@ -0,0 +1,130 @@
+#!/usr/bin/env python3
+"""
+Claude Direct Backend (Reverse Engineered)
+Uses internal API for Claude.ai
+Requires session cookie extraction
+"""
+
+import logging
+import os
+import sys
+from typing import Optional
+
+import aiohttp
+
+sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+from utils.async_fixes import safe_close_session
+
+logger = logging.getLogger("ZenAI")
+
+
+class ClaudeDirectBackend:
+    """
+    Direct Claude API Backend
+    - Uses session key from browser
+    - Optimized for long-form analysis
+    - Good for code review and complex reasoning
+    """
+
+    def __init__(self, session_key: str = None):
+        self.name = "Claude-Direct"
+        self.priority = 3
+        self.session_key = session_key
+        self.session: Optional[aiohttp.ClientSession] = None
+
+    async def __aenter__(self):
+        self.session = aiohttp.ClientSession()
+        return self
+
+    async def __aexit__(self, exc_type, exc_val, exc_tb):
+        if self.session:
+            await safe_close_session(self.session)
+
+    async def chat(self, prompt: str, context: str = "") -> Optional[str]:
+        """Send chat request to Claude"""
+        if not self.session_key:
+            logger.warning("[Claude-Direct] No session key provided")
+            return None
+
+        try:
+            headers = {
+                "Cookie": f"sessionKey={self.session_key}",
+                "Content-Type": "application/json",
+                "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
+                "Accept": "text/event-stream",
+            }
+
+            # Organization ID required for Claude
+            org_id = await self._get_org_id()
+            if not org_id:
+                logger.error("[Claude-Direct] Could not get organization ID")
+                return None
+
+            payload = {
+                "prompt": prompt,
+                "model": "claude-3-5-sonnet-20241022",
+                "timezone": "Europe/Berlin",
+                "attachments": [],
+            }
+
+            logger.info("[Claude-Direct] Sending request...")
+
+            async with self.session.post(
+                f"https://claude.ai/api/organizations/{org_id}/chat_conversations",
+                json=payload,
+                headers=headers,
+                timeout=aiohttp.ClientTimeout(total=120),
+            ) as resp:
+                if resp.status == 401:
+                    logger.error("[Claude-Direct] Session expired")
+                    return None
+                elif resp.status != 200:
+                    logger.error(f"[Claude-Direct] HTTP Error: {resp.status}")
+                    return None
+
+                # Claude uses SSE (Server-Sent Events)
+                full_response = ""
+                async for line in resp.content:
+                    line = line.decode("utf-8").strip()
+                    if line.startswith("data: "):
+                        try:
+                            import json
+
+                            data = json.loads(line[6:])
+                            if data.get("completion"):
+                                full_response += data["completion"]
+                        except:
+                            continue
+
+                return full_response
+
+        except Exception as e:
+            logger.error(f"[Claude-Direct] Error: {e}")
+            return None
+
+    async def _get_org_id(self) -> Optional[str]:
+        """Get organization ID from session"""
+        try:
+            headers = {
+                "Cookie": f"sessionKey={self.session_key}",
+                "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
+            }
+
+            async with self.session.get(
+                "https://claude.ai/api/organizations", headers=headers
+            ) as resp:
+                if resp.status == 200:
+                    import json
+
+                    data = await resp.json()
+                    if data and len(data) > 0:
+                        return data[0].get("uuid")
+                return None
+        except:
+            return None
+
+    async def health_check(self) -> bool:
+        """Check if backend is available"""
+        if not self.session_key:
+            return False
+        return await self._get_org_id() is not None

backends/duckduckgo.py

@@ -0,0 +1,138 @@
+#!/usr/bin/env python3
+"""
+DuckDuckGo AI Backend
+Free, no authentication required
+Supports GPT-4o-mini, Claude-3-haiku, Llama-3.1-70B
+"""
+
+import logging
+import os
+import sys
+from typing import Optional
+
+import aiohttp
+
+sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+from utils.async_fixes import safe_close_session
+
+logger = logging.getLogger("ZenAI")
+
+
+class DuckDuckGoBackend:
+    """
+    DuckDuckGo AI Chat Backend
+    - No API key required
+    - ~50-100 requests per day limit
+    - Automatic model rotation on rate limit
+    """
+
+    def __init__(self):
+        self.name = "DuckDuckGo"
+        self.priority = 1  # Highest priority (free, fast)
+        self.vqd_token = None
+        self.session: Optional[aiohttp.ClientSession] = None
+        self.models = [
+            "gpt-4o-mini",
+            "claude-3-haiku",
+            "meta-llama/Meta-Llama-3.1-70B-Instruct-Turbo",
+        ]
+        self.current_model = 0
+
+    async def __aenter__(self):
+        self.session = aiohttp.ClientSession()
+        return self
+
+    async def __aexit__(self, exc_type, exc_val, exc_tb):
+        if self.session:
+            await safe_close_session(self.session)
+
+    async def _get_vqd_token(self):
+        """Get anti-CSRF token from DDG"""
+        if self.vqd_token:
+            return
+
+        headers = {
+            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
+            "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+            "Accept-Language": "de-DE,de;q=0.9,en;q=0.8",
+        }
+
+        try:
+            async with self.session.get(
+                "https://duckduckgo.com/?q=DuckDuckGo+AI+Chat&ia=chat", headers=headers
+            ) as resp:
+                text = await resp.text()
+                if 'vqd="' in text:
+                    self.vqd_token = text.split('vqd="')[1].split('"')[0]
+                    logger.info(f"[DDG] VQD Token acquired: {self.vqd_token[:10]}...")
+        except Exception as e:
+            logger.error(f"[DDG] Token acquisition failed: {e}")
+
+    async def chat(self, prompt: str, context: str = "") -> Optional[str]:
+        """Send chat request to DuckDuckGo AI"""
+        try:
+            await self._get_vqd_token()
+
+            if not self.vqd_token:
+                return None
+
+            model = self.models[self.current_model % len(self.models)]
+
+            payload = {
+                "model": model,
+                "messages": [{"role": "user", "content": prompt}],
+            }
+
+            headers = {
+                "X-Vqd-4": self.vqd_token,
+                "Content-Type": "application/json",
+                "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)",
+                "Referer": "https://duckduckgo.com/",
+            }
+
+            logger.info(f"[DDG] Sending to {model}...")
+
+            async with self.session.post(
+                "https://duckduckgo.com/duckchat/v1/chat", json=payload, headers=headers
+            ) as resp:
+                if resp.status == 429:
+                    logger.warning("[DDG] Rate limited, rotating model...")
+                    self.current_model += 1
+                    return None
+
+                if resp.status == 418:
+                    logger.warning("[DDG] Teapot error (rate limit or invalid token)")
+                    self.vqd_token = None  # Force token refresh
+                    return None
+
+                if resp.status != 200:
+                    logger.error(f"[DDG] HTTP Error: {resp.status}")
+                    return None
+
+                # DDG streams JSON Lines
+                full_response = ""
+                async for line in resp.content:
+                    line = line.decode("utf-8").strip()
+                    if line.startswith("data: "):
+                        try:
+                            import json
+
+                            data = json.loads(line[6:])
+                            if "message" in data:
+                                full_response += data["message"]
+                        except:
+                            continue
+
+                return full_response
+
+        except Exception as e:
+            logger.error(f"[DDG] Error: {e}")
+            return None
+
+    async def health_check(self) -> bool:
+        """Check if backend is available"""
+        try:
+            await self._get_vqd_token()
+            return self.vqd_token is not None
+        except:
+            return False

backends/openrouter.py

@@ -0,0 +1,120 @@
+#!/usr/bin/env python3
+"""
+OpenRouter Backend
+One API key, many free models
+Supports multiple LLMs through unified API
+"""
+
+import logging
+import os
+import random
+import sys
+from typing import Optional
+
+import aiohttp
+
+sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+from utils.async_fixes import safe_close_session
+
+logger = logging.getLogger("ZenAI")
+
+
+class OpenRouterBackend:
+    """
+    OpenRouter API Backend
+    - Single key access to multiple models
+    - Generous free tier with rate limits
+    - Automatic model rotation
+    """
+
+    def __init__(self, api_key: str = None):
+        self.name = "OpenRouter"
+        self.priority = 2  # Medium priority (requires key)
+        self.api_key = api_key
+        self.session: Optional[aiohttp.ClientSession] = None
+
+        # Free tier models
+        self.models = [
+            "meta-llama/llama-3.2-3b-instruct:free",
+            "google/gemini-flash-1.5:free",
+            "microsoft/phi-3-mini-128k-instruct:free",
+            "nvidia/llama-3.1-nemotron-70b-instruct:free",
+        ]
+
+    async def __aenter__(self):
+        self.session = aiohttp.ClientSession()
+        return self
+
+    async def __aexit__(self, exc_type, exc_val, exc_tb):
+        if self.session:
+            await safe_close_session(self.session)
+
+    async def chat(self, prompt: str, context: str = "") -> Optional[str]:
+        """Send chat request to OpenRouter"""
+        if not self.api_key:
+            logger.warning("[OpenRouter] No API key provided")
+            return None
+
+        try:
+            model = random.choice(self.models)
+
+            headers = {
+                "Authorization": f"Bearer {self.api_key}",
+                "Content-Type": "application/json",
+                "HTTP-Referer": "https://localhost",
+                "X-Title": "ZenAI-Pentest",
+            }
+
+            payload = {
+                "model": model,
+                "messages": [
+                    {
+                        "role": "system",
+                        "content": "You are a cybersecurity expert and penetration testing assistant.",
+                    },
+                    {"role": "user", "content": prompt},
+                ],
+                "temperature": 0.7,
+            }
+
+            logger.info(f"[OpenRouter] Using {model}...")
+
+            async with self.session.post(
+                "https://openrouter.ai/api/v1/chat/completions",
+                json=payload,
+                headers=headers,
+            ) as resp:
+                if resp.status == 429:
+                    logger.warning("[OpenRouter] Rate limit hit")
+                    return None
+                elif resp.status == 401:
+                    logger.error("[OpenRouter] Invalid API key")
+                    return None
+                elif resp.status != 200:
+                    logger.error(f"[OpenRouter] HTTP Error: {resp.status}")
+                    return None
+
+                data = await resp.json()
+
+                if "choices" in data and len(data["choices"]) > 0:
+                    return data["choices"][0]["message"]["content"]
+
+                return None
+
+        except Exception as e:
+            logger.error(f"[OpenRouter] Error: {e}")
+            return None
+
+    async def health_check(self) -> bool:
+        """Check if backend is available"""
+        if not self.api_key:
+            return False
+        try:
+            # Try a simple request
+            headers = {"Authorization": f"Bearer {self.api_key}"}
+            async with self.session.get(
+                "https://openrouter.ai/api/v1/auth/key", headers=headers
+            ) as resp:
+                return resp.status == 200
+        except:
+            return False

benchmarks/__init__.py

@@ -0,0 +1,149 @@
+"""
+Zen-AI-Pentest Benchmarking & Testing Framework
+
+Comprehensive benchmark suite for evaluating security testing performance.
+"""
+
+__version__ = "1.0.0"
+__author__ = "Zen-AI-Pentest Team"
+
+# Main components
+from .benchmark_engine import (
+    BenchmarkEngine,
+    BenchmarkConfig,
+    BenchmarkReport,
+    BenchmarkStatus,
+    ScenarioResult
+)
+
+from .metrics import (
+    BenchmarkMetrics,
+    ClassificationMetrics,
+    CoverageMetrics,
+    PerformanceMetrics,
+    ExploitMetrics,
+    TokenUsage,
+    FindingMetrics,
+    SeverityLevel,
+    FindingType,
+    MetricsAggregator,
+    compare_metrics,
+    calculate_confidence_interval
+)
+
+from .scenarios import (
+    TestScenario,
+    ScenarioType,
+    DifficultyLevel,
+    VulnerabilityProfile,
+    get_scenario,
+    get_scenarios_by_type,
+    get_scenarios_by_difficulty,
+    get_scenarios_by_tag,
+    list_all_scenarios,
+    create_benchmark_suite,
+    ALL_SCENARIOS,
+    # Pre-defined scenarios
+    OWASP_JUICE_SHOP,
+    DVWA_SCENARIO,
+    METASPLOITABLE2_SCENARIO,
+    METASPLOITABLE3_SCENARIO,
+    WEBGOAT_SCENARIO,
+    HTB_STARTING_POINT_TIER1,
+    THM_OWASP_TOP10
+)
+
+from .comparison import (
+    ComparisonFramework,
+    ComparisonResult,
+    CompetitorTool,
+    ToolMetadata,
+    ToolCapabilities,
+    ToolCategory,
+    ToolBenchmarkResult,
+    PentestGPTCompetitor,
+    AutoPentestDRLCompetitor,
+    PENTESTGPT_METADATA,
+    AUTOPENTEST_METADATA,
+    NESSUS_METADATA,
+    OPENVAS_METADATA,
+    BURP_SUITE_METADATA,
+    OWASP_ZAP_METADATA,
+    NIKTO_METADATA,
+    NUCLEI_METADATA,
+    SQLMAP_METADATA
+)
+
+from .ci_benchmark import (
+    CIBenchmarkRunner,
+    CIConfig,
+    PerformanceGate,
+    GateResult,
+    RegressionCheck,
+    RegressionSeverity
+)
+
+__all__ = [
+    # Engine
+    "BenchmarkEngine",
+    "BenchmarkConfig",
+    "BenchmarkReport",
+    "BenchmarkStatus",
+    "ScenarioResult",
+    
+    # Metrics
+    "BenchmarkMetrics",
+    "ClassificationMetrics",
+    "CoverageMetrics",
+    "PerformanceMetrics",
+    "ExploitMetrics",
+    "TokenUsage",
+    "FindingMetrics",
+    "SeverityLevel",
+    "FindingType",
+    "MetricsAggregator",
+    
+    # Scenarios
+    "TestScenario",
+    "ScenarioType",
+    "DifficultyLevel",
+    "VulnerabilityProfile",
+    "get_scenario",
+    "get_scenarios_by_type",
+    "get_scenarios_by_difficulty",
+    "get_scenarios_by_tag",
+    "list_all_scenarios",
+    "create_benchmark_suite",
+    
+    # Comparison
+    "ComparisonFramework",
+    "ComparisonResult",
+    "CompetitorTool",
+    "ToolMetadata",
+    "ToolCapabilities",
+    "ToolCategory",
+    "ToolBenchmarkResult",
+    
+    # CI/CD
+    "CIBenchmarkRunner",
+    "CIConfig",
+    "PerformanceGate",
+    "GateResult",
+    "RegressionCheck",
+    "RegressionSeverity",
+]
+
+
+def get_version() -> str:
+    """Get framework version."""
+    return __version__
+
+
+def get_available_scenarios() -> list:
+    """Get list of all available scenario IDs."""
+    return list(ALL_SCENARIOS.keys())
+
+
+def create_default_engine(output_dir: str = "benchmark_results") -> BenchmarkEngine:
+    """Create a benchmark engine with default configuration."""
+    return BenchmarkEngine(output_dir=output_dir)