PyPI - zen-ai-pentest - Versions diffs - 2.0.0__py3-none-any.whl - Mend

zen-ai-pentest 2.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (75) hide show

agents/__init__.py +28 -0
agents/agent_base.py +239 -0
agents/agent_orchestrator.py +346 -0
agents/analysis_agent.py +225 -0
agents/cli.py +258 -0
agents/exploit_agent.py +224 -0
agents/integration.py +211 -0
agents/post_scan_agent.py +937 -0
agents/react_agent.py +384 -0
agents/react_agent_enhanced.py +616 -0
agents/react_agent_vm.py +298 -0
agents/research_agent.py +176 -0
api/__init__.py +11 -0
api/auth.py +123 -0
api/main.py +1027 -0
api/schemas.py +357 -0
api/websocket.py +97 -0
autonomous/__init__.py +122 -0
autonomous/agent.py +253 -0
autonomous/agent_loop.py +1370 -0
autonomous/exploit_validator.py +1537 -0
autonomous/memory.py +448 -0
autonomous/react.py +339 -0
autonomous/tool_executor.py +488 -0
backends/__init__.py +16 -0
backends/chatgpt_direct.py +133 -0
backends/claude_direct.py +130 -0
backends/duckduckgo.py +138 -0
backends/openrouter.py +120 -0
benchmarks/__init__.py +149 -0
benchmarks/benchmark_engine.py +904 -0
benchmarks/ci_benchmark.py +785 -0
benchmarks/comparison.py +729 -0
benchmarks/metrics.py +553 -0
benchmarks/run_benchmarks.py +809 -0
ci_cd/__init__.py +2 -0
core/__init__.py +17 -0
core/async_pool.py +282 -0
core/asyncio_fix.py +222 -0
core/cache.py +472 -0
core/container.py +277 -0
core/database.py +114 -0
core/input_validator.py +353 -0
core/models.py +288 -0
core/orchestrator.py +611 -0
core/plugin_manager.py +571 -0
core/rate_limiter.py +405 -0
core/secure_config.py +328 -0
core/shield_integration.py +296 -0
modules/__init__.py +46 -0
modules/cve_database.py +362 -0
modules/exploit_assist.py +330 -0
modules/nuclei_integration.py +480 -0
modules/osint.py +604 -0
modules/protonvpn.py +554 -0
modules/recon.py +165 -0
modules/sql_injection_db.py +826 -0
modules/tool_orchestrator.py +498 -0
modules/vuln_scanner.py +292 -0
modules/wordlist_generator.py +566 -0
risk_engine/__init__.py +99 -0
risk_engine/business_impact.py +267 -0
risk_engine/business_impact_calculator.py +563 -0
risk_engine/cvss.py +156 -0
risk_engine/epss.py +190 -0
risk_engine/example_usage.py +294 -0
risk_engine/false_positive_engine.py +1073 -0
risk_engine/scorer.py +304 -0
web_ui/backend/main.py +471 -0
zen_ai_pentest-2.0.0.dist-info/METADATA +795 -0
zen_ai_pentest-2.0.0.dist-info/RECORD +75 -0
zen_ai_pentest-2.0.0.dist-info/WHEEL +5 -0
zen_ai_pentest-2.0.0.dist-info/entry_points.txt +2 -0
zen_ai_pentest-2.0.0.dist-info/licenses/LICENSE +21 -0
zen_ai_pentest-2.0.0.dist-info/top_level.txt +10 -0

modules/recon.py ADDED Viewed

@@ -0,0 +1,165 @@
+#!/usr/bin/env python3
+"""
+Reconnaissance Module
+Intelligent target reconnaissance using LLM analysis
+Author: SHAdd0WTAka
+"""
+import asyncio
+import logging
+import socket
+import subprocess
+from typing import Dict, List, Optional
+logger = logging.getLogger("ZenAI")
+class ReconModule:
+    """
+    Automated reconnaissance with LLM-powered analysis
+    """
+    def __init__(self, orchestrator):
+        self.orchestrator = orchestrator
+        self.results = {}
+    async def analyze_target(self, target: str) -> Dict:
+        """
+        Perform comprehensive target analysis
+        """
+        logger.info(f"[Recon] Starting analysis of {target}")
+        # Gather basic info
+        target_info = {
+            "target": target,
+            "ip": await self._resolve_ip(target),
+            "dns_records": await self._get_dns_records(target),
+            "whois": await self._get_whois(target),
+        }
+        # Use LLM to analyze and suggest next steps
+        prompt = f"""
+Analyze this target for penetration testing:
+Target: {target}
+IP: {target_info['ip']}
+DNS Records: {target_info['dns_records']}
+Provide a structured reconnaissance plan including:
+1. Potential attack vectors
+2. Suggested tools (nmap, gobuster, etc.)
+3. Likely vulnerabilities based on common patterns
+4. OSINT sources to check
+"""
+        llm_response = await self.orchestrator.process(prompt)
+        target_info["llm_analysis"] = llm_response.content
+        target_info["attack_vectors"] = self._parse_attack_vectors(llm_response.content)
+        self.results[target] = target_info
+        return target_info
+    async def _resolve_ip(self, target: str) -> str:
+        """Resolve target to IP address"""
+        try:
+            ip = socket.gethostbyname(target)
+            return ip
+        except:
+            return "Could not resolve"
+    async def _get_dns_records(self, target: str) -> List[str]:
+        """Get DNS records for target"""
+        records = []
+        record_types = ["A", "MX", "NS", "TXT", "CNAME"]
+        for rtype in record_types:
+            try:
+                result = subprocess.run(
+                    ["nslookup", "-type=" + rtype, target],
+                    capture_output=True,
+                    text=True,
+                    timeout=10,
+                )
+                if result.returncode == 0:
+                    records.append(f"{rtype}: {result.stdout[:200]}...")
+            except:
+                continue
+        return records if records else ["No DNS records found"]
+    async def _get_whois(self, target: str) -> str:
+        """Get WHOIS information"""
+        try:
+            result = subprocess.run(
+                ["whois", target], capture_output=True, text=True, timeout=15
+            )
+            # Return first 500 chars of relevant info
+            return result.stdout[:500] if result.returncode == 0 else "WHOIS failed"
+        except:
+            return "WHOIS not available"
+    def _parse_attack_vectors(self, llm_content: str) -> List[str]:
+        """Extract attack vectors from LLM response"""
+        vectors = []
+        lines = llm_content.split("\n")
+        for line in lines:
+            if any(
+                keyword in line.lower()
+                for keyword in ["vector", "attack", "exploit", "vulnerability"]
+            ):
+                vectors.append(line.strip())
+        return vectors[:10]  # Limit to top 10
+    async def generate_nmap_command(
+        self, target: str, intensity: str = "normal"
+    ) -> str:
+        """
+        Generate optimized nmap command based on target analysis
+        """
+        prompt = f"""
+Generate an nmap command for target {target} with {intensity} intensity.
+Consider:
+- Stealth vs speed requirements
+- Most common ports for web services
+- Version detection
+- Script scanning for vulnerabilities
+Return ONLY the nmap command, nothing else.
+"""
+        response = await self.orchestrator.process(prompt)
+        # Extract command from response
+        cmd = response.content.strip()
+        # Basic validation
+        if not cmd.startswith("nmap"):
+            # Fallback to default
+            cmd = f"nmap -sV -sC -O {target}"
+        return cmd
+    async def subdomain_enum(self, domain: str, wordlist: str = "common") -> List[str]:
+        """
+        LLM-assisted subdomain enumeration
+        """
+        prompt = f"""
+Generate a list of likely subdomains for {domain}.
+Include common patterns like:
+- admin, api, dev, staging, test
+- mail, ftp, vpn, remote
+- www, blog, shop, app
+Return as a comma-separated list.
+"""
+        response = await self.orchestrator.process(prompt)
+        # Parse subdomains from response
+        subdomains = []
+        for line in response.content.split("\n"):
+            for item in line.split(","):
+                item = item.strip().lower()
+                if item and "." not in item:
+                    subdomains.append(f"{item}.{domain}")
+        return list(set(subdomains))[:20]  # Return unique, limited