feat: AI-driven automated penetration testing #12

Merged

sharang merged 9 commits from feat/ai-pentest into main 2026-03-12 14:42:54 +00:00

Conversation 0 Commits 9 Files Changed 52 +11729 -98

sharang commented 2026-03-12 14:25:18 +00:00

Owner

Copy Link

Summary

• AI-driven pentest orchestrator that autonomously selects and executes security tools against DAST targets
• Pure Dioxus attack chain visualization replacing vis-network JS dependency — features KPI header, phase rail, expandable accordion with tool category chips, risk scores, and findings pills
• Professional PDF-first HTML report with cover page, table of contents, severity distribution chart, phased attack chain timeline, and print-friendly design
• Encrypted ZIP report export (AES-256) with password protection
• Code-aware pentesting that incorporates SAST findings and SBOM data
• MCP tool integration for pentest session management

Test plan

• Start Juice Shop Docker target, run a pentest session end-to-end
• Verify attack chain nodes show findings_produced, risk_score, and llm_reasoning
• Export report ZIP — verify password protection and PDF print layout
• Check attack chain visualization renders phases, KPIs, and tool details correctly
• Verify old pentest sessions still display with session-level fallback stats

🤖 Generated with Claude Code

## Summary - AI-driven pentest orchestrator that autonomously selects and executes security tools against DAST targets - Pure Dioxus attack chain visualization replacing vis-network JS dependency — features KPI header, phase rail, expandable accordion with tool category chips, risk scores, and findings pills - Professional PDF-first HTML report with cover page, table of contents, severity distribution chart, phased attack chain timeline, and print-friendly design - Encrypted ZIP report export (AES-256) with password protection - Code-aware pentesting that incorporates SAST findings and SBOM data - MCP tool integration for pentest session management ## Test plan - [x] Start Juice Shop Docker target, run a pentest session end-to-end - [x] Verify attack chain nodes show findings_produced, risk_score, and llm_reasoning - [x] Export report ZIP — verify password protection and PDF print layout - [x] Check attack chain visualization renders phases, KPIs, and tool details correctly - [x] Verify old pentest sessions still display with session-level fallback stats 🤖 Generated with [Claude Code](https://claude.com/claude-code)

sharang added 11 commits 2026-03-12 14:25:18 +00:00

docs: rewrite user docs, fix modal scroll, webhook URL, and sccache ... c253e4ef5e

Rewrite all public documentation to be user-facing only:
- Remove deployment, configuration, and self-hosting sections
- Add guide pages for SBOM, issues, webhooks & PR reviews
- Add reference pages for glossary and tools/scanners
- Add 12 screenshots from live dashboard
- Explain MCP, LLM triage, false positives, human-in-the-loop

Fix edit repository modal not scrollable (max-height + overflow-y).
Show full webhook URL using window.location.origin instead of path.
Unset RUSTC_WRAPPER in agent cargo commands to avoid sccache errors.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

fix: gate web_sys::window behind web feature for server clippy ... 32ef0d9e88

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

fix: prevent duplicate issue creation across repo delete/re-add ... 76260acc76

Search all issue states (not just open) in Gitea tracker to find
existing issues. Add title-based fallback search in addition to
fingerprint search, so issues are found even if body format changed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat: AI-driven automated penetration testing system ... 71d8741e10

Add a complete AI pentest system where Claude autonomously drives security
testing via tool-calling. The LLM selects from 16 tools, chains results,
and builds an attack chain DAG.

Core:
- PentestTool trait (dyn-compatible) with PentestToolContext/Result
- PentestSession, AttackChainNode, PentestMessage, PentestEvent models
- 10 new DastVulnType variants (DNS, DMARC, TLS, cookies, CSP, CORS, etc.)
- LLM client chat_with_tools() for OpenAI-compatible tool calling

Tools (16 total):
- 5 agent wrappers: SQL injection, XSS, auth bypass, SSRF, API fuzzer
- 11 new infra tools: DNS checker, DMARC checker, TLS analyzer,
  security headers, cookie analyzer, CSP analyzer, rate limit tester,
  console log detector, CORS checker, OpenAPI parser, recon
- ToolRegistry for tool lookup and LLM definition generation

Orchestrator:
- PentestOrchestrator with iterative tool-calling loop (max 50 rounds)
- Attack chain node recording per tool invocation
- SSE event broadcasting for real-time progress
- Strategy-aware system prompts (quick/comprehensive/targeted/aggressive/stealth)

API (9 endpoints):
- POST/GET /pentest/sessions, GET /pentest/sessions/:id
- POST /pentest/sessions/:id/chat, GET /pentest/sessions/:id/stream
- GET /pentest/sessions/:id/attack-chain, messages, findings
- GET /pentest/stats

Dashboard:
- Pentest dashboard with stat cards, severity distribution, session list
- Chat-based session page with split layout (chat + findings/attack chain)
- Inline tool execution indicators, auto-polling, new session modal
- Sidebar navigation item

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat: add code-awareness to pentest orchestrator ... c0f9ba467c

Connect SAST findings, SBOM/CVE data, and code knowledge graph entry
points to the LLM pentest orchestrator so it can prioritize attacks
based on known vulnerabilities and code structure.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat: add pentest MCP tools, session timeout, and error recovery ... 85ceef7e1f

Add 5 MCP tools for querying pentest sessions, attack chains, messages,
and stats. Add session timeout (30min) and automatic failure marking
with run_session_guarded wrapper.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat: attack chain DAG visualization, report export, and UI polish ... af98e3e070

- Add interactive attack chain DAG using vis-network with hierarchical
  layout, status-colored nodes, risk-based sizing, and click handlers
- Add pentest session export API (GET /sessions/:id/export) supporting
  both JSON and Markdown report formats
- Redesign attack chain tab with graph/list toggle views
- Add export buttons (MD/JSON) to session header with Blob download
- Show exploitable badge and endpoint on finding cards
- Add export_pentest_report server function for dashboard

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

fix: pentest session ID propagation, target name resolution, BSON field paths ... 30301a12b5

- Set session.id from insert_one result so orchestrator has the ID
- Enrich sessions with target_name by joining DAST targets in server fns
- Fix _id.$oid BSON field path for target dropdown and session list
- Fix send_message URL to /chat (was /messages)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

fix: markdown rendering, continuous polling, and attack chain graph loading ... 0428cba2b8

- Add markdown-to-HTML renderer for assistant messages (headers, bold,
  code blocks, lists, inline code)
- Fix polling to continuously loop while session is running using
  poll_gen signal
- Fix attack chain graph loading with spawn delay for DOM readiness
- Default attack chain tab to list view (more reliable)
- Render tool_result role messages as tool indicators

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

fix: attack chain node linking and disable input while pentest runs ... cc6ae7717c

Link attack chain nodes to previous iteration's nodes via parent_node_ids
so the DAG graph shows proper hierarchy instead of flat dots. Disable the
chat input while a pentest session is running since messages have no effect.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat: pure Dioxus attack chain visualization, PDF report redesign, and orchestrator data fixes ... fca0f93033

- Replace vis-network JS graph with pure RSX attack chain component
  featuring KPI header, phase rail, expandable accordion with tool
  category chips, risk scores, and findings pills
- Redesign pentest report as professional PDF-first document with
  cover page, table of contents, severity bar chart, phased attack
  chain timeline, and print-friendly light theme
- Fix orchestrator to populate findings_produced, risk_score, and
  llm_reasoning on attack chain nodes
- Capture LLM reasoning text alongside tool calls in LlmResponse enum
- Add session-level KPI fallback for older pentest data
- Remove attack-chain-viz.js and prototype files
- Add encrypted ZIP report export endpoint with password protection

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

sharang force-pushed feat/ai-pentest from fca0f93033 to 9f495e5215 2026-03-12 14:31:02 +00:00 Compare

sharang added 1 commit 2026-03-12 14:42:44 +00:00

feat: generate PDF reports via headless Chrome instead of HTML-only export ... 854c16f19c

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

sharang merged commit acc5b86aa4 into main 2026-03-12 14:42:54 +00:00

sharang referenced this issue from a commit 2026-03-12 14:42:55 +00:00

feat: AI-driven automated penetration testing (#12)

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

critical

enhancement

high

infrastructure

performance

security

v0.3.0

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

sharang

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sharang/compliance-scanner-agent#12