PyPI - zen-ai-pentest - Versions diffs - 2.0.4__py3-none-any.whl → 2.2.0__py3-none-any.whl - Mend

zen-ai-pentest 2.0.4py3-none-any.whl → 2.2.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

api/main.py CHANGED Viewed

@@ -60,7 +60,7 @@ async def lifespan(app: FastAPI):
 app = FastAPI(
     title="Zen-AI-Pentest API",
     description="Professional Pentesting Framework API",
-    version="2.0.0",
+    version="2.2.0",
     lifespan=lifespan
 )
@@ -500,7 +500,7 @@ async def health_check():
     """Health check endpoint"""
     return {
         "status": "healthy",
-        "version": "2.0.0",
+        "version": "2.2.0",
         "timestamp": datetime.utcnow().isoformat()
     }
@@ -1022,6 +1022,18 @@ async def create_jira_ticket(
 # Import models for reports
 from database.models import Report
+# ============================================================================
+# API v1.0 (Q1 2026)
+# ============================================================================
+# Import v1 router
+try:
+    from api.v1.siem import router as siem_v1_router
+    app.include_router(siem_v1_router, prefix="/api/v1/siem", tags=["SIEM v1.0"])
+    logger.info("API v1.0 SIEM endpoints loaded")
+except ImportError as e:
+    logger.warning(f"Could not load API v1.0 endpoints: {e}")
 if __name__ == "__main__":
     import uvicorn
     uvicorn.run(app, host="0.0.0.0", port=8000)

api/websocket_v2.py ADDED Viewed

@@ -0,0 +1,181 @@
+"""
+WebSocket v2.0 - Real-time Updates
+Q2 2026 Feature
+"""
+import json
+import logging
+from typing import Dict, Set
+from fastapi import WebSocket, WebSocketDisconnect
+from datetime import datetime
+logger = logging.getLogger(__name__)
+class ConnectionManagerV2:
+    """Advanced WebSocket connection manager with rooms"""
+    def __init__(self):
+        # Active connections by room
+        self.rooms: Dict[str, Set[WebSocket]] = {
+            "dashboard": set(),
+            "scans": set(),
+            "findings": set(),
+            "notifications": set()
+        }
+        # User connections
+        self.user_connections: Dict[str, WebSocket] = {}
+    async def connect(self, websocket: WebSocket, room: str = "dashboard", user_id: str = None):
+        """Connect client to room"""
+        await websocket.accept()
+        if room in self.rooms:
+            self.rooms[room].add(websocket)
+        if user_id:
+            self.user_connections[user_id] = websocket
+        logger.info(f"Client connected to room: {room}")
+        # Send welcome message
+        await websocket.send_json({
+            "type": "connection",
+            "status": "connected",
+            "room": room,
+            "timestamp": datetime.utcnow().isoformat()
+        })
+    def disconnect(self, websocket: WebSocket, room: str = None):
+        """Disconnect client"""
+        if room and room in self.rooms:
+            self.rooms[room].discard(websocket)
+        else:
+            # Remove from all rooms
+            for room_set in self.rooms.values():
+                room_set.discard(websocket)
+        # Remove from user connections
+        for user_id, conn in list(self.user_connections.items()):
+            if conn == websocket:
+                del self.user_connections[user_id]
+        logger.info("Client disconnected")
+    async def broadcast_to_room(self, room: str, message: dict):
+        """Broadcast message to all clients in room"""
+        if room not in self.rooms:
+            return
+        disconnected = set()
+        for connection in self.rooms[room]:
+            try:
+                await connection.send_json(message)
+            except Exception:
+                disconnected.add(connection)
+        # Clean up disconnected clients
+        for conn in disconnected:
+            self.rooms[room].discard(conn)
+    async def send_to_user(self, user_id: str, message: dict):
+        """Send message to specific user"""
+        if user_id in self.user_connections:
+            try:
+                await self.user_connections[user_id].send_json(message)
+            except Exception:
+                del self.user_connections[user_id]
+    async def broadcast_scan_update(self, scan_id: str, status: str, progress: int = None):
+        """Broadcast scan progress update"""
+        await self.broadcast_to_room("scans", {
+            "type": "scan_update",
+            "scan_id": scan_id,
+            "status": status,
+            "progress": progress,
+            "timestamp": datetime.utcnow().isoformat()
+        })
+    async def broadcast_finding(self, finding: dict):
+        """Broadcast new finding discovery"""
+        await self.broadcast_to_room("findings", {
+            "type": "new_finding",
+            "finding": finding,
+            "timestamp": datetime.utcnow().isoformat()
+        })
+    async def broadcast_notification(self, title: str, message: str, severity: str = "info"):
+        """Broadcast system notification"""
+        await self.broadcast_to_room("notifications", {
+            "type": "notification",
+            "title": title,
+            "message": message,
+            "severity": severity,
+            "timestamp": datetime.utcnow().isoformat()
+        })
+    def get_room_stats(self) -> dict:
+        """Get connection statistics"""
+        return {
+            room: len(connections)
+            for room, connections in self.rooms.items()
+        }
+# Global manager instance
+manager_v2 = ConnectionManagerV2()
+async def websocket_dashboard_endpoint(websocket: WebSocket):
+    """Dashboard real-time updates"""
+    await manager_v2.connect(websocket, room="dashboard")
+    try:
+        while True:
+            # Receive ping from client
+            data = await websocket.receive_text()
+            message = json.loads(data)
+            if message.get("action") == "ping":
+                await websocket.send_json({
+                    "type": "pong",
+                    "timestamp": datetime.utcnow().isoformat()
+                })
+    except WebSocketDisconnect:
+        manager_v2.disconnect(websocket, room="dashboard")
+async def websocket_scans_endpoint(websocket: WebSocket):
+    """Scan progress real-time updates"""
+    await manager_v2.connect(websocket, room="scans")
+    try:
+        while True:
+            data = await websocket.receive_text()
+            # Handle scan subscription requests
+            message = json.loads(data)
+            if message.get("action") == "subscribe_scan":
+                scan_id = message.get("scan_id")
+                await websocket.send_json({
+                    "type": "subscribed",
+                    "scan_id": scan_id,
+                    "message": f"Subscribed to scan {scan_id} updates"
+                })
+    except WebSocketDisconnect:
+        manager_v2.disconnect(websocket, room="scans")
+async def websocket_notifications_endpoint(websocket: WebSocket, user_id: str = None):
+    """User-specific notifications"""
+    await manager_v2.connect(websocket, room="notifications", user_id=user_id)
+    try:
+        while True:
+            data = await websocket.receive_text()
+            # Acknowledge receipt
+            await websocket.send_json({
+                "type": "ack",
+                "received": True
+            })
+    except WebSocketDisconnect:
+        manager_v2.disconnect(websocket, room="notifications")

modules/__init__.py CHANGED Viewed

@@ -10,7 +10,7 @@ from .osint import (DomainInfo, EmailProfile, OSINTModule, OSINTResult,
 from .protonvpn import (ProtonVPNManager, VPNProtocol, VPNSecurityLevel,
                         VPNServer, VPNStatus, quick_connect, secure_connect)
 from .recon import ReconModule
-from .report_gen import ReportGenerator
+# from .report_gen import ReportGenerator  # Module not available
 from .sql_injection_db import (DBType, SQLInjectionDatabase, SQLITechnique,
                                SQLPayload)
 from .vuln_scanner import VulnScannerModule
@@ -19,7 +19,7 @@ __all__ = [
     "ReconModule",
     "VulnScannerModule",
     "ExploitAssistModule",
-    "ReportGenerator",
+    # "ReportGenerator",  # Module not available
     "NucleiIntegration",
     "NucleiTemplateManager",
     "SQLInjectionDatabase",

modules/report_export.py ADDED Viewed

@@ -0,0 +1,207 @@
+"""
+Report Export Module
+Q2 2026 - PDF & CSV Export
+"""
+import csv
+import io
+import logging
+from datetime import datetime
+from typing import List, Dict, Any
+from dataclasses import dataclass
+try:
+    from weasyprint import HTML, CSS
+    WEASYPRINT_AVAILABLE = True
+except ImportError:
+    WEASYPRINT_AVAILABLE = False
+logger = logging.getLogger(__name__)
+@dataclass
+class ReportData:
+    """Report data structure"""
+    title: str
+    scan_date: datetime
+    target: str
+    findings: List[Dict[str, Any]]
+    summary: Dict[str, int]
+    recommendations: List[str]
+class ReportExporter:
+    """Export reports to various formats"""
+    def __init__(self):
+        self.templates = {
+            "executive": self._executive_template,
+            "technical": self._technical_template,
+            "compliance": self._compliance_template
+        }
+    def export_csv(self, findings: List[Dict], filename: str = None) -> bytes:
+        """Export findings to CSV"""
+        if not filename:
+            filename = f"findings_{datetime.now().strftime('%Y%m%d_%H%M%S')}.csv"
+        output = io.StringIO()
+        writer = csv.writer(output)
+        # Header
+        writer.writerow([
+            "ID", "Severity", "Title", "Description", "Target",
+            "CVE", "CVSS", "Status", "Discovered"
+        ])
+        # Data
+        for finding in findings:
+            writer.writerow([
+                finding.get("id", ""),
+                finding.get("severity", ""),
+                finding.get("title", ""),
+                finding.get("description", ""),
+                finding.get("target", ""),
+                finding.get("cve_id", ""),
+                finding.get("cvss_score", ""),
+                finding.get("status", "open"),
+                finding.get("discovered_at", "")
+            ])
+        return output.getvalue().encode('utf-8')
+    def export_pdf(self, report: ReportData, template: str = "executive") -> bytes:
+        """Export report to PDF"""
+        if not WEASYPRINT_AVAILABLE:
+            logger.error("WeasyPrint not available. Install: pip install weasyprint")
+            raise RuntimeError("PDF generation requires WeasyPrint")
+        html_content = self.templates.get(template, self._executive_template)(report)
+        pdf = HTML(string=html_content).write_pdf()
+        return pdf
+    def _executive_template(self, report: ReportData) -> str:
+        """Executive summary template"""
+        findings_html = ""
+        for f in report.findings[:10]:  # Top 10
+            severity_color = {
+                "critical": "#dc2626",
+                "high": "#ea580c",
+                "medium": "#ca8a04",
+                "low": "#16a34a"
+            }.get(f.get("severity", "low"), "#6b7280")
+            findings_html += f"""
+            <div style="margin: 10px 0; padding: 10px; border-left: 4px solid {severity_color}; background: #f9fafb;">
+                <strong>{f.get('title', 'Unknown')}</strong>
+                <span style="color: {severity_color}; text-transform: uppercase; font-size: 0.8em;">
+                    {f.get('severity', 'unknown')}
+                </span>
+                <p style="margin: 5px 0; color: #4b5563;">{f.get('description', '')[:200]}...</p>
+            </div>
+            """
+        return f"""
+        <!DOCTYPE html>
+        <html>
+        <head>
+            <meta charset="UTF-8">
+            <title>{report.title}</title>
+            <style>
+                body {{ font-family: Arial, sans-serif; margin: 40px; }}
+                h1 {{ color: #111827; border-bottom: 2px solid #059669; padding-bottom: 10px; }}
+                .summary {{ background: #f3f4f6; padding: 20px; border-radius: 8px; margin: 20px 0; }}
+                .metric {{ display: inline-block; margin: 10px 20px; }}
+                .metric-value {{ font-size: 2em; font-weight: bold; color: #059669; }}
+                .metric-label {{ color: #6b7280; font-size: 0.9em; }}
+                .findings {{ margin-top: 30px; }}
+            </style>
+        </head>
+        <body>
+            <h1>{report.title}</h1>
+            <p><strong>Target:</strong> {report.target}</p>
+            <p><strong>Scan Date:</strong> {report.scan_date.strftime('%Y-%m-%d %H:%M')}</p>
+            <div class="summary">
+                <h2>Summary</h2>
+                <div class="metric">
+                    <div class="metric-value">{report.summary.get('critical', 0)}</div>
+                    <div class="metric-label">Critical</div>
+                </div>
+                <div class="metric">
+                    <div class="metric-value">{report.summary.get('high', 0)}</div>
+                    <div class="metric-label">High</div>
+                </div>
+                <div class="metric">
+                    <div class="metric-value">{report.summary.get('medium', 0)}</div>
+                    <div class="metric-label">Medium</div>
+                </div>
+                <div class="metric">
+                    <div class="metric-value">{report.summary.get('low', 0)}</div>
+                    <div class="metric-label">Low</div>
+                </div>
+            </div>
+            <div class="findings">
+                <h2>Top Findings</h2>
+                {findings_html}
+            </div>
+            <div style="margin-top: 40px; padding-top: 20px; border-top: 1px solid #e5e7eb; color: #6b7280; font-size: 0.9em;">
+                <p>Generated by Zen AI Pentest v2.1.0</p>
+                <p>Confidential - For authorized eyes only</p>
+            </div>
+        </body>
+        </html>
+        """
+    def _technical_template(self, report: ReportData) -> str:
+        """Technical detailed template"""
+        # Similar to executive but with more technical details
+        return self._executive_template(report)  # Simplified for now
+    def _compliance_template(self, report: ReportData) -> str:
+        """Compliance-focused template"""
+        # For compliance reporting (PCI-DSS, GDPR, etc.)
+        return self._executive_template(report)  # Simplified for now
+    def export_json(self, findings: List[Dict]) -> str:
+        """Export findings to JSON"""
+        import json
+        return json.dumps(findings, indent=2)
+    def get_export_formats(self) -> List[str]:
+        """List available export formats"""
+        formats = ["csv", "json"]
+        if WEASYPRINT_AVAILABLE:
+            formats.append("pdf")
+        return formats
+# Convenience function
+def export_findings(findings: List[Dict], format: str = "csv") -> bytes:
+    """Quick export function"""
+    exporter = ReportExporter()
+    if format == "csv":
+        return exporter.export_csv(findings)
+    elif format == "json":
+        return exporter.export_json(findings).encode('utf-8')
+    elif format == "pdf":
+        report = ReportData(
+            title="Security Assessment Report",
+            scan_date=datetime.now(),
+            target="Multiple Targets",
+            findings=findings,
+            summary={
+                "critical": len([f for f in findings if f.get("severity") == "critical"]),
+                "high": len([f for f in findings if f.get("severity") == "high"]),
+                "medium": len([f for f in findings if f.get("severity") == "medium"]),
+                "low": len([f for f in findings if f.get("severity") == "low"])
+            },
+            recommendations=[]
+        )
+        return exporter.export_pdf(report)
+    else:
+        raise ValueError(f"Unsupported format: {format}")

modules/siem_integration.py ADDED Viewed

@@ -0,0 +1,501 @@
+"""
+SIEM Integration Module for Zen AI Pentest
+Supports: Splunk, Elastic, Azure Sentinel, IBM QRadar
+"""
+import json
+import logging
+from abc import ABC, abstractmethod
+from dataclasses import dataclass
+from datetime import datetime
+from typing import Dict, List, Optional, Any
+import requests
+from urllib.parse import urljoin
+logger = logging.getLogger(__name__)
+@dataclass
+class SIEMConfig:
+    """SIEM connection configuration"""
+    name: str
+    type: str  # splunk, elastic, sentinel, qradar
+    url: str
+    api_key: Optional[str] = None
+    username: Optional[str] = None
+    password: Optional[str] = None
+    index: Optional[str] = None
+    verify_ssl: bool = True
+    timeout: int = 30
+@dataclass
+class SecurityEvent:
+    """Normalized security event for SIEM ingestion"""
+    timestamp: datetime
+    severity: str  # critical, high, medium, low, info
+    event_type: str
+    source: str
+    target: str
+    description: str
+    cve_id: Optional[str] = None
+    cvss_score: Optional[float] = None
+    raw_data: Optional[Dict] = None
+class BaseSIEMConnector(ABC):
+    """Base class for SIEM connectors"""
+    def __init__(self, config: SIEMConfig):
+        self.config = config
+        self.session = requests.Session()
+        self.session.verify = config.verify_ssl
+        self.session.timeout = config.timeout
+    @abstractmethod
+    def connect(self) -> bool:
+        """Test connection to SIEM"""
+        pass
+    @abstractmethod
+    def send_event(self, event: SecurityEvent) -> bool:
+        """Send security event to SIEM"""
+        pass
+    @abstractmethod
+    def send_events_batch(self, events: List[SecurityEvent]) -> bool:
+        """Send multiple events to SIEM"""
+        pass
+    @abstractmethod
+    def query_threat_intel(self, indicator: str) -> Optional[Dict]:
+        """Query SIEM for threat intelligence"""
+        pass
+class SplunkConnector(BaseSIEMConnector):
+    """Splunk HTTP Event Collector (HEC) connector"""
+    def connect(self) -> bool:
+        try:
+            url = urljoin(self.config.url, "/services/collector/health")
+            headers = {"Authorization": f"Splunk {self.config.api_key}"}
+            response = self.session.get(url, headers=headers)
+            return response.status_code == 200
+        except Exception as e:
+            logger.error(f"Splunk connection failed: {e}")
+            return False
+    def send_event(self, event: SecurityEvent) -> bool:
+        try:
+            url = urljoin(self.config.url, "/services/collector/event")
+            headers = {
+                "Authorization": f"Splunk {self.config.api_key}",
+                "Content-Type": "application/json"
+            }
+            payload = {
+                "time": event.timestamp.timestamp(),
+                "sourcetype": "zen_ai_pentest",
+                "index": self.config.index or "security",
+                "event": {
+                    "severity": event.severity,
+                    "event_type": event.event_type,
+                    "source": event.source,
+                    "target": event.target,
+                    "description": event.description,
+                    "cve_id": event.cve_id,
+                    "cvss_score": event.cvss_score,
+                    **(event.raw_data or {})
+                }
+            }
+            response = self.session.post(url, headers=headers, json=payload)
+            return response.status_code == 200
+        except Exception as e:
+            logger.error(f"Failed to send event to Splunk: {e}")
+            return False
+    def send_events_batch(self, events: List[SecurityEvent]) -> bool:
+        """Send multiple events to Splunk"""
+        try:
+            url = urljoin(self.config.url, "/services/collector/event")
+            headers = {
+                "Authorization": f"Splunk {self.config.api_key}",
+                "Content-Type": "application/json"
+            }
+            batch_data = ""
+            for event in events:
+                payload = {
+                    "time": event.timestamp.timestamp(),
+                    "sourcetype": "zen_ai_pentest",
+                    "index": self.config.index or "security",
+                    "event": {
+                        "severity": event.severity,
+                        "event_type": event.event_type,
+                        "source": event.source,
+                        "target": event.target,
+                        "description": event.description,
+                        "cve_id": event.cve_id,
+                        "cvss_score": event.cvss_score,
+                    }
+                }
+                batch_data += json.dumps(payload) + "\n"
+            response = self.session.post(url, headers=headers, data=batch_data)
+            return response.status_code == 200
+        except Exception as e:
+            logger.error(f"Failed to send batch to Splunk: {e}")
+            return False
+    def query_threat_intel(self, indicator: str) -> Optional[Dict]:
+        """Query Splunk for threat intelligence"""
+        try:
+            search_query = f'search index=threat_intel indicator="{indicator}" | head 1'
+            url = urljoin(self.config.url, "/services/search/jobs")
+            headers = {"Authorization": f"Splunk {self.config.api_key}"}
+            data = {"search": search_query, "output_mode": "json"}
+            response = self.session.post(url, headers=headers, data=data)
+            if response.status_code == 200:
+                return response.json()
+            return None
+        except Exception as e:
+            logger.error(f"Failed to query Splunk: {e}")
+            return None
+class ElasticConnector(BaseSIEMConnector):
+    """Elastic/Elasticsearch connector"""
+    def connect(self) -> bool:
+        try:
+            url = urljoin(self.config.url, "_cluster/health")
+            headers = {"Authorization": f"ApiKey {self.config.api_key}"}
+            response = self.session.get(url, headers=headers)
+            return response.status_code == 200
+        except Exception as e:
+            logger.error(f"Elastic connection failed: {e}")
+            return False
+    def send_event(self, event: SecurityEvent) -> bool:
+        try:
+            index = self.config.index or "zen-ai-security"
+            url = urljoin(self.config.url, f"{index}/_doc")
+            headers = {"Authorization": f"ApiKey {self.config.api_key}"}
+            document = {
+                "@timestamp": event.timestamp.isoformat(),
+                "severity": event.severity,
+                "event.type": event.event_type,
+                "source.ip": event.source,
+                "destination.ip": event.target,
+                "message": event.description,
+                "vulnerability.cve": event.cve_id,
+                "vulnerability.cvss": event.cvss_score,
+            }
+            response = self.session.post(url, headers=headers, json=document)
+            return response.status_code in [200, 201]
+        except Exception as e:
+            logger.error(f"Failed to send event to Elastic: {e}")
+            return False
+    def send_events_batch(self, events: List[SecurityEvent]) -> bool:
+        """Send bulk events to Elastic"""
+        try:
+            index = self.config.index or "zen-ai-security"
+            url = urljoin(self.config.url, "_bulk")
+            headers = {"Authorization": f"ApiKey {self.config.api_key}"}
+            bulk_data = ""
+            for event in events:
+                action = json.dumps({"index": {"_index": index}})
+                document = json.dumps({
+                    "@timestamp": event.timestamp.isoformat(),
+                    "severity": event.severity,
+                    "event.type": event.event_type,
+                    "source.ip": event.source,
+                    "destination.ip": event.target,
+                    "message": event.description,
+                    "vulnerability.cve": event.cve_id,
+                    "vulnerability.cvss": event.cvss_score,
+                })
+                bulk_data += action + "\n" + document + "\n"
+            response = self.session.post(
+                url,
+                headers={**headers, "Content-Type": "application/x-ndjson"},
+                data=bulk_data
+            )
+            return response.status_code == 200
+        except Exception as e:
+            logger.error(f"Failed to send bulk to Elastic: {e}")
+            return False
+    def query_threat_intel(self, indicator: str) -> Optional[Dict]:
+        """Query Elastic for threat intelligence"""
+        try:
+            index = "threat-intel"
+            url = urljoin(self.config.url, f"{index}/_search")
+            headers = {"Authorization": f"ApiKey {self.config.api_key}"}
+            query = {
+                "query": {
+                    "match": {"indicator": indicator}
+                }
+            }
+            response = self.session.post(url, headers=headers, json=query)
+            if response.status_code == 200:
+                return response.json()
+            return None
+        except Exception as e:
+            logger.error(f"Failed to query Elastic: {e}")
+            return None
+class AzureSentinelConnector(BaseSIEMConnector):
+    """Azure Sentinel/Log Analytics connector"""
+    def __init__(self, config: SIEMConfig):
+        super().__init__(config)
+        self.workspace_id = config.username  # Workspace ID
+        self.shared_key = config.api_key  # Shared Key
+    def connect(self) -> bool:
+        try:
+            # Test connection by querying Log Analytics
+            url = f"https://api.loganalytics.io/v1/workspaces/{self.workspace_id}/query"
+            headers = self._build_auth_header()
+            response = self.session.get(url, headers=headers)
+            return response.status_code in [200, 401]  # 401 means auth works but query invalid
+        except Exception as e:
+            logger.error(f"Sentinel connection failed: {e}")
+            return False
+    def _build_auth_header(self) -> Dict[str, str]:
+        """Build Azure API authentication header"""
+        import hmac
+        import hashlib
+        import base64
+        date = datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')
+        string_to_hash = f"POST\n{len('')}\napplication/json\nx-ms-date:{date}\n/api/logs"
+        decoded_key = base64.b64decode(self.shared_key)
+        encoded_hash = base64.b64encode(
+            hmac.new(decoded_key, string_to_hash.encode(), hashlib.sha256).digest()
+        ).decode()
+        return {
+            "Content-Type": "application/json",
+            "Authorization": f"SharedKey {self.workspace_id}:{encoded_hash}",
+            "x-ms-date": date,
+            "Log-Type": "ZenAIPentest"
+        }
+    def send_event(self, event: SecurityEvent) -> bool:
+        try:
+            url = f"https://{self.workspace_id}.ods.opinsights.azure.com/api/logs?api-version=2016-04-01"
+            headers = self._build_auth_header()
+            log_data = [{
+                "TimeGenerated": event.timestamp.isoformat(),
+                "Severity": event.severity,
+                "EventType": event.event_type,
+                "Source": event.source,
+                "Target": event.target,
+                "Description": event.description,
+                "CVE": event.cve_id,
+                "CVSS": event.cvss_score
+            }]
+            response = self.session.post(url, headers=headers, json=log_data)
+            return response.status_code == 200
+        except Exception as e:
+            logger.error(f"Failed to send event to Sentinel: {e}")
+            return False
+    def send_events_batch(self, events: List[SecurityEvent]) -> bool:
+        """Send batch to Azure Log Analytics"""
+        try:
+            url = f"https://{self.workspace_id}.ods.opinsights.azure.com/api/logs?api-version=2016-04-01"
+            headers = self._build_auth_header()
+            log_data = []
+            for event in events:
+                log_data.append({
+                    "TimeGenerated": event.timestamp.isoformat(),
+                    "Severity": event.severity,
+                    "EventType": event.event_type,
+                    "Source": event.source,
+                    "Target": event.target,
+                    "Description": event.description,
+                    "CVE": event.cve_id,
+                    "CVSS": event.cvss_score
+                })
+            response = self.session.post(url, headers=headers, json=log_data)
+            return response.status_code == 200
+        except Exception as e:
+            logger.error(f"Failed to send batch to Sentinel: {e}")
+            return False
+    def query_threat_intel(self, indicator: str) -> Optional[Dict]:
+        """Query Sentinel Threat Intelligence"""
+        try:
+            url = f"https://api.loganalytics.io/v1/workspaces/{self.workspace_id}/query"
+            headers = self._build_auth_header()
+            query = f"ThreatIntelligenceIndicator | where Indicator == '{indicator}' | limit 1"
+            response = self.session.post(
+                url,
+                headers=headers,
+                json={"query": query}
+            )
+            if response.status_code == 200:
+                return response.json()
+            return None
+        except Exception as e:
+            logger.error(f"Failed to query Sentinel: {e}")
+            return None
+class QRadarConnector(BaseSIEMConnector):
+    """IBM QRadar connector"""
+    def connect(self) -> bool:
+        try:
+            url = urljoin(self.config.url, "/api/system/about")
+            headers = self._build_auth_header()
+            response = self.session.get(url, headers=headers)
+            return response.status_code == 200
+        except Exception as e:
+            logger.error(f"QRadar connection failed: {e}")
+            return False
+    def _build_auth_header(self) -> Dict[str, str]:
+        """Build QRadar authentication header"""
+        import base64
+        if self.config.api_key:
+            return {"SEC": self.config.api_key}
+        elif self.config.username and self.config.password:
+            credentials = base64.b64encode(
+                f"{self.config.username}:{self.config.password}".encode()
+            ).decode()
+            return {"Authorization": f"Basic {credentials}"}
+        return {}
+    def send_event(self, event: SecurityEvent) -> bool:
+        try:
+            url = urljoin(self.config.url, "/api/asset_model/assets")
+            headers = self._build_auth_header()
+            payload = {
+                "event": {
+                    "severity": event.severity,
+                    "event_type": event.event_type,
+                    "source": event.source,
+                    "target": event.target,
+                    "description": event.description,
+                    "cve": event.cve_id
+                }
+            }
+            response = self.session.post(url, headers=headers, json=payload)
+            return response.status_code in [200, 201]
+        except Exception as e:
+            logger.error(f"Failed to send event to QRadar: {e}")
+            return False
+    def send_events_batch(self, events: List[SecurityEvent]) -> bool:
+        """QRadar batch event submission"""
+        for event in events:
+            if not self.send_event(event):
+                return False
+        return True
+    def query_threat_intel(self, indicator: str) -> Optional[Dict]:
+        """Query QRadar reference sets"""
+        try:
+            url = urljoin(self.config.url, f"/api/reference_data/sets/{indicator}")
+            headers = self._build_auth_header()
+            response = self.session.get(url, headers=headers)
+            if response.status_code == 200:
+                return response.json()
+            return None
+        except Exception as e:
+            logger.error(f"Failed to query QRadar: {e}")
+            return None
+class SIEMIntegrationManager:
+    """Manager for multiple SIEM integrations"""
+    def __init__(self):
+        self.connectors: Dict[str, BaseSIEMConnector] = {}
+        self._connector_classes = {
+            "splunk": SplunkConnector,
+            "elastic": ElasticConnector,
+            "sentinel": AzureSentinelConnector,
+            "qradar": QRadarConnector
+        }
+    def add_siem(self, config: SIEMConfig) -> bool:
+        """Add SIEM integration"""
+        connector_class = self._connector_classes.get(config.type)
+        if not connector_class:
+            logger.error(f"Unknown SIEM type: {config.type}")
+            return False
+        connector = connector_class(config)
+        if connector.connect():
+            self.connectors[config.name] = connector
+            logger.info(f"Connected to {config.name} ({config.type})")
+            return True
+        else:
+            logger.error(f"Failed to connect to {config.name}")
+            return False
+    def send_to_all(self, event: SecurityEvent) -> Dict[str, bool]:
+        """Send event to all configured SIEMs"""
+        results = {}
+        for name, connector in self.connectors.items():
+            results[name] = connector.send_event(event)
+        return results
+    def send_batch_to_all(self, events: List[SecurityEvent]) -> Dict[str, bool]:
+        """Send batch of events to all SIEMs"""
+        results = {}
+        for name, connector in self.connectors.items():
+            results[name] = connector.send_events_batch(events)
+        return results
+    def get_status(self) -> Dict[str, bool]:
+        """Get connection status of all SIEMs"""
+        return {name: connector.connect() for name, connector in self.connectors.items()}
+# Factory function
+def create_siem_connector(config: SIEMConfig) -> Optional[BaseSIEMConnector]:
+    """Factory function to create appropriate SIEM connector"""
+    connectors = {
+        "splunk": SplunkConnector,
+        "elastic": ElasticConnector,
+        "sentinel": AzureSentinelConnector,
+        "qradar": QRadarConnector
+    }
+    connector_class = connectors.get(config.type.lower())
+    if connector_class:
+        return connector_class(config)
+    logger.error(f"Unknown SIEM type: {config.type}")
+    return None

risk_engine/__init__.py CHANGED Viewed

@@ -58,7 +58,7 @@ from .business_impact_calculator import (
 )
 # Additional exports for backwards compatibility
-from .scorer import RiskScorer
+from .scorer import RiskScorer, RiskScore, SeverityLevel
 from .cvss import CVSSCalculator
 from .epss import EPSSClient
@@ -92,6 +92,8 @@ __all__ = [
     # Additional scoring modules
     "RiskScorer",
+    "RiskScore",
+    "SeverityLevel",
     "CVSSCalculator",
     "EPSSClient",
 ]

{zen_ai_pentest-2.0.4.dist-info → zen_ai_pentest-2.2.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: zen-ai-pentest
-Version: 2.0.4
+Version: 2.2.0
 Summary: Advanced AI-Powered Penetration Testing Framework with Multi-Agent Orchestration
 Home-page: https://github.com/SHAdd0WTAka/zen-ai-pentest
 Author: SHAdd0WTAka
@@ -63,10 +63,53 @@ Dynamic: requires-python
 [![Docker](https://img.shields.io/badge/Docker-Ready-blue)](docker/)
 [![Tests](https://img.shields.io/badge/Tests-pytest-brightgreen)](tests/)
 [![PyPI](https://img.shields.io/pypi/v/zen-ai-pentest)](https://pypi.org/project/zen-ai-pentest/)
-[![Version](https://img.shields.io/badge/Version-2.0.3-orange)](https://github.com/SHAdd0WTAka/zen-ai-pentest/releases)
+[![Version](https://img.shields.io/badge/Version-2.0.4-orange)](https://github.com/SHAdd0WTAka/zen-ai-pentest/releases)
 [![Authors](https://img.shields.io/badge/Authors-SHAdd0WTAka%20%7C%20KimiAI-purple)](#-authors--team)
 [![Roadmap](https://img.shields.io/badge/Roadmap-2026-blueviolet)](ROADMAP_2026.md)
+[![Architecture](https://img.shields.io/badge/Architecture-Diagram-blue)](docs/architecture.md)
+```mermaid
+  graph TB
+      subgraph "User Interface"
+          CLI[CLI]
+          API[REST API]
+          WebUI[Web UI]
+      end
+      subgraph "Core Engine"
+          Orchestrator[Agent Orchestrator]
+          StateMachine[State Machine]
+          RiskEngine[Risk Engine]
+      end
+      subgraph "AI Agents"
+          Recon[Reconnaissance]
+          Vuln[Vulnerability]
+          Exploit[Exploit]
+          Report[Report]
+      end
+      subgraph "Tools"
+          Nmap[Nmap]
+          SQLMap[SQLMap]
+          Metasploit[Metasploit]
+      end
+      subgraph "External APIs"
+          OpenAI[OpenAI]
+          Anthropic[Anthropic]
+          ThreatIntel[Threat Intelligence]
+      end
+      CLI --> API
+      WebUI --> API
+      API --> Orchestrator
+      Orchestrator --> StateMachine
+      StateMachine --> Recon
+      StateMachine --> Vuln
+      StateMachine --> Exploit
+      Exploit --> OpenAI
+      RiskEngine --> ThreatIntel
+  ```
 **Zen-AI-Pentest** is an autonomous, AI-powered penetration testing framework that combines cutting-edge language models with professional security tools. Built for security professionals, bug bounty hunters, and enterprise security teams.
 ---

{zen_ai_pentest-2.0.4.dist-info → zen_ai_pentest-2.2.0.dist-info}/RECORD RENAMED Viewed

@@ -12,9 +12,10 @@ agents/react_agent_vm.py,sha256=DF_TMWG_AfWbtvw9s4TB1MAwkFLMRaWpKw2UcM7Pa5U,1112
 agents/research_agent.py,sha256=f_OjmEvgQX1mUdLRlsj3-QMyB1m5J0oHIsTvFkcRijc,6394
 api/__init__.py,sha256=HQ2cFR8t_PlbtgLzir7P1Umzh-syS5iEfCNZky5uL_Y,256
 api/auth.py,sha256=ZqIvj0L0BTAFsytjCznGF53i1kz6DOunhLxd0mPUykA,3934
-api/main.py,sha256=NGXwzpd0LuVMGA2f65PdpIDT3veHNZ4Z0fRDkJxWbx8,32324
+api/main.py,sha256=ZeU_ZQVNl9JD73S-L2wWt37n02SRkWzf2eLcGYTqB8k,32801
 api/schemas.py,sha256=nnE-97OOOWpAAenD_sCsCpcLy-SpWW1g2WW902mbihY,10306
 api/websocket.py,sha256=DTDKr48g6RBNCBX6LM1WljR1FLTkoYB-BTm1TtMNaOY,3602
+api/websocket_v2.py,sha256=fVFlDhJc4iq95BBy7UdkdeQdv2QgSCbCmYGLzqL9DfM,6019
 autonomous/__init__.py,sha256=Gv83jnjasidFfyD6ggCXjJlqjn6YwANLi_b0-kpBSok,2858
 autonomous/agent.py,sha256=LG937JGTdiywhjDr9wCxuYaysgL7dRMbPguYWTnjrt0,8021
 autonomous/agent_loop.py,sha256=a_WvxaKgImXyMdddXmdoJCANVbjmWz-FBiptHJn2608,47216
@@ -47,18 +48,20 @@ core/plugin_manager.py,sha256=3sG2DMiWbyjAaoydtyz2pXmdJ-G_-SWgCLGs-w_QoSA,19167
 core/rate_limiter.py,sha256=poEYln6DGFs6C6n2rSnqRykax-YDi5NySk4LJnkgCpk,12423
 core/secure_config.py,sha256=tTDVXKoLiGKdfCQkLorgEKw2qdVyPjwhaxwyuFlGD_8,10361
 core/shield_integration.py,sha256=ktL_25WY0JBH5dBNvqcJLw42mQFkKr6ku5lkgH119Mw,9997
-modules/__init__.py,sha256=N9gvXDXbB1jAzQuImM8oZky2W9QwURup6SMEets4BJ0,1366
+modules/__init__.py,sha256=eIfsYjpXtuo4cH4TQOIOrXLa6OXrP168ESPM3OuQYT0,1418
 modules/cve_database.py,sha256=46ucXLdWjEUed4qh4wznn3oWEyoxWay2r3EVgVMmBrg,13137
 modules/exploit_assist.py,sha256=xMcIYgwP6XSNuJDw8hI3FM1GsvvL9B3uMiYE8w-OBbY,10254
 modules/nuclei_integration.py,sha256=2pvFCcTpEpC6M6YV2QWoHBxpKYswoYnD7dX4GJTQnX4,14814
 modules/osint.py,sha256=SZG1rfMQ-zPIasYtKRzFlsjXR3wDSrVLRUtg6extUok,20600
 modules/protonvpn.py,sha256=4G-tLL3JyjJm-ryQIt4-hQTX4eKX_OTZnKFkZaK_F8Q,18133
 modules/recon.py,sha256=utS-wfdRBS7XaGtr1mcpMuetyJcCi2B8LZrAmVJjhcM,5002
+modules/report_export.py,sha256=PKZNWrwK_x0XFpSjDzoI3-BoXYBnZ5VyQJ1V-nyhVj8,7622
+modules/siem_integration.py,sha256=GbG8sbyziItdQhRArNku7pV6yZW8jR9AQgUxU2dvJ98,18594
 modules/sql_injection_db.py,sha256=x9VVIaXkykXo0zFmcPqIMk9gh_CF-Lrs9Ht2hrb9DLk,28945
 modules/tool_orchestrator.py,sha256=6FwR-EMR-HIrLFFimWf5MUMf_AYIYPUuZPaL8oTUNVU,15868
 modules/vuln_scanner.py,sha256=L68uCM1YezXrnbqjhJlslVyQOlM9jejnZHWR8j0B1m8,8617
 modules/wordlist_generator.py,sha256=3qAZseHDKI55x3gAnxKtwN1iMjXSJi1N0uMBnCnogV8,15429
-risk_engine/__init__.py,sha256=LKP5c_eYjSlROfSjXc_5mzmTGsi6odEOg3K1yIdR23U,2360
+risk_engine/__init__.py,sha256=PPGuSptgnMfNM2-DtdgE-5h7CL_0W4FdgUFYqnTgLIw,2424
 risk_engine/business_impact.py,sha256=gAjhNdMLdjx5iQkpPqxb6ugfRL6_1VCc6AIli95kS0E,8657
 risk_engine/business_impact_calculator.py,sha256=9SgIXfhF-EFVwULyWepv1_Wcr_UOSg2E0oO2_VwwTWk,21222
 risk_engine/cvss.py,sha256=iI8clKFSwi9w1xIW2Z9tCScUOmGSGWJrowA9jGWW86I,5397
@@ -67,9 +70,9 @@ risk_engine/example_usage.py,sha256=eM54wLDy3eZtiDGjOSZ4YrsCcEUzfVKjV_A_Pkn07is,
 risk_engine/false_positive_engine.py,sha256=8u0wI3W25fsEq9eXfskUtcHfV3D2V6ElzVSgY_TAA-c,37961
 risk_engine/scorer.py,sha256=BklUfMo26IaOYOJse-mjvY8NwjpbI4UEIlqZ6MhCmwU,10282
 web_ui/backend/main.py,sha256=DTVmsvbDH7EvMmeohbcl8vYyKPyaLU8oHMvwWAqAF8k,15402
-zen_ai_pentest-2.0.4.dist-info/licenses/LICENSE,sha256=C1sNTmgBbFuCm9vPCctuz6pQr4khkgqoQEMUE6cP-FY,1068
-zen_ai_pentest-2.0.4.dist-info/METADATA,sha256=f27GlZvojUOX54PnVcBPJz_pCntJv5T8ifpmI_jfCd8,29761
-zen_ai_pentest-2.0.4.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-zen_ai_pentest-2.0.4.dist-info/entry_points.txt,sha256=qZRuz7yjZdEMiUrfflMiGzMUHUZWasT49-HNE-EKmTE,55
-zen_ai_pentest-2.0.4.dist-info/top_level.txt,sha256=ExWeAuK-0xRpcWS7QsL8LEdPVJy1-Z-83qwOJ1-CERA,80
-zen_ai_pentest-2.0.4.dist-info/RECORD,,
+zen_ai_pentest-2.2.0.dist-info/licenses/LICENSE,sha256=C1sNTmgBbFuCm9vPCctuz6pQr4khkgqoQEMUE6cP-FY,1068
+zen_ai_pentest-2.2.0.dist-info/METADATA,sha256=i4AXbZaIOQ3ewhiNCQ4vgMblexzd6qs3uuJlFhiiCVE,30802
+zen_ai_pentest-2.2.0.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+zen_ai_pentest-2.2.0.dist-info/entry_points.txt,sha256=qZRuz7yjZdEMiUrfflMiGzMUHUZWasT49-HNE-EKmTE,55
+zen_ai_pentest-2.2.0.dist-info/top_level.txt,sha256=ExWeAuK-0xRpcWS7QsL8LEdPVJy1-Z-83qwOJ1-CERA,80
+zen_ai_pentest-2.2.0.dist-info/RECORD,,

{zen_ai_pentest-2.0.4.dist-info → zen_ai_pentest-2.2.0.dist-info}/WHEEL RENAMED Viewed

File without changes

{zen_ai_pentest-2.0.4.dist-info → zen_ai_pentest-2.2.0.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{zen_ai_pentest-2.0.4.dist-info → zen_ai_pentest-2.2.0.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

{zen_ai_pentest-2.0.4.dist-info → zen_ai_pentest-2.2.0.dist-info}/top_level.txt RENAMED Viewed

File without changes

zen-ai-pentest 2.0.4__py3-none-any.whl → 2.2.0__py3-none-any.whl

zen-ai-pentest 2.0.4py3-none-any.whl → 2.2.0py3-none-any.whl