71d8741e10
Add a complete AI pentest system where Claude autonomously drives security testing via tool-calling. The LLM selects from 16 tools, chains results, and builds an attack chain DAG. Core: - PentestTool trait (dyn-compatible) with PentestToolContext/Result - PentestSession, AttackChainNode, PentestMessage, PentestEvent models - 10 new DastVulnType variants (DNS, DMARC, TLS, cookies, CSP, CORS, etc.) - LLM client chat_with_tools() for OpenAI-compatible tool calling Tools (16 total): - 5 agent wrappers: SQL injection, XSS, auth bypass, SSRF, API fuzzer - 11 new infra tools: DNS checker, DMARC checker, TLS analyzer, security headers, cookie analyzer, CSP analyzer, rate limit tester, console log detector, CORS checker, OpenAPI parser, recon - ToolRegistry for tool lookup and LLM definition generation Orchestrator: - PentestOrchestrator with iterative tool-calling loop (max 50 rounds) - Attack chain node recording per tool invocation - SSE event broadcasting for real-time progress - Strategy-aware system prompts (quick/comprehensive/targeted/aggressive/stealth) API (9 endpoints): - POST/GET /pentest/sessions, GET /pentest/sessions/:id - POST /pentest/sessions/:id/chat, GET /pentest/sessions/:id/stream - GET /pentest/sessions/:id/attack-chain, messages, findings - GET /pentest/stats Dashboard: - Pentest dashboard with stat cards, severity distribution, session list - Chat-based session page with split layout (chat + findings/attack chain) - Inline tool execution indicators, auto-polling, new session modal - Sidebar navigation item Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
142 lines
4.1 KiB
Rust
142 lines
4.1 KiB
Rust
pub mod api_fuzzer;
|
|
pub mod auth_bypass;
|
|
pub mod console_log_detector;
|
|
pub mod cookie_analyzer;
|
|
pub mod cors_checker;
|
|
pub mod csp_analyzer;
|
|
pub mod dmarc_checker;
|
|
pub mod dns_checker;
|
|
pub mod openapi_parser;
|
|
pub mod rate_limit_tester;
|
|
pub mod recon;
|
|
pub mod security_headers;
|
|
pub mod sql_injection;
|
|
pub mod ssrf;
|
|
pub mod tls_analyzer;
|
|
pub mod xss;
|
|
|
|
use std::collections::HashMap;
|
|
|
|
use compliance_core::traits::pentest_tool::PentestTool;
|
|
|
|
/// A definition describing a tool for LLM tool_use registration.
|
|
#[derive(Debug, Clone)]
|
|
pub struct ToolDefinition {
|
|
pub name: String,
|
|
pub description: String,
|
|
pub input_schema: serde_json::Value,
|
|
}
|
|
|
|
/// Registry that holds all available pentest tools and provides
|
|
/// look-up by name.
|
|
pub struct ToolRegistry {
|
|
tools: HashMap<String, Box<dyn PentestTool>>,
|
|
}
|
|
|
|
impl ToolRegistry {
|
|
/// Create a new registry with all built-in tools pre-registered.
|
|
pub fn new() -> Self {
|
|
let http = reqwest::Client::builder()
|
|
.danger_accept_invalid_certs(true)
|
|
.timeout(std::time::Duration::from_secs(30))
|
|
.redirect(reqwest::redirect::Policy::limited(5))
|
|
.build()
|
|
.expect("failed to build HTTP client");
|
|
|
|
let mut tools: HashMap<String, Box<dyn PentestTool>> = HashMap::new();
|
|
|
|
// Agent-wrapping tools
|
|
let register = |tools: &mut HashMap<String, Box<dyn PentestTool>>,
|
|
tool: Box<dyn PentestTool>| {
|
|
tools.insert(tool.name().to_string(), tool);
|
|
};
|
|
|
|
register(
|
|
&mut tools,
|
|
Box::new(sql_injection::SqlInjectionTool::new(http.clone())),
|
|
);
|
|
register(&mut tools, Box::new(xss::XssTool::new(http.clone())));
|
|
register(
|
|
&mut tools,
|
|
Box::new(auth_bypass::AuthBypassTool::new(http.clone())),
|
|
);
|
|
register(&mut tools, Box::new(ssrf::SsrfTool::new(http.clone())));
|
|
register(
|
|
&mut tools,
|
|
Box::new(api_fuzzer::ApiFuzzerTool::new(http.clone())),
|
|
);
|
|
|
|
// New infrastructure / analysis tools
|
|
register(
|
|
&mut tools,
|
|
Box::new(dns_checker::DnsCheckerTool::new()),
|
|
);
|
|
register(
|
|
&mut tools,
|
|
Box::new(dmarc_checker::DmarcCheckerTool::new()),
|
|
);
|
|
register(
|
|
&mut tools,
|
|
Box::new(tls_analyzer::TlsAnalyzerTool::new(http.clone())),
|
|
);
|
|
register(
|
|
&mut tools,
|
|
Box::new(security_headers::SecurityHeadersTool::new(http.clone())),
|
|
);
|
|
register(
|
|
&mut tools,
|
|
Box::new(cookie_analyzer::CookieAnalyzerTool::new(http.clone())),
|
|
);
|
|
register(
|
|
&mut tools,
|
|
Box::new(csp_analyzer::CspAnalyzerTool::new(http.clone())),
|
|
);
|
|
register(
|
|
&mut tools,
|
|
Box::new(rate_limit_tester::RateLimitTesterTool::new(http.clone())),
|
|
);
|
|
register(
|
|
&mut tools,
|
|
Box::new(console_log_detector::ConsoleLogDetectorTool::new(
|
|
http.clone(),
|
|
)),
|
|
);
|
|
register(
|
|
&mut tools,
|
|
Box::new(cors_checker::CorsCheckerTool::new(http.clone())),
|
|
);
|
|
register(
|
|
&mut tools,
|
|
Box::new(openapi_parser::OpenApiParserTool::new(http.clone())),
|
|
);
|
|
register(
|
|
&mut tools,
|
|
Box::new(recon::ReconTool::new(http)),
|
|
);
|
|
|
|
Self { tools }
|
|
}
|
|
|
|
/// Look up a tool by name.
|
|
pub fn get(&self, name: &str) -> Option<&dyn PentestTool> {
|
|
self.tools.get(name).map(|b| b.as_ref())
|
|
}
|
|
|
|
/// Return definitions for every registered tool.
|
|
pub fn all_definitions(&self) -> Vec<ToolDefinition> {
|
|
self.tools
|
|
.values()
|
|
.map(|t| ToolDefinition {
|
|
name: t.name().to_string(),
|
|
description: t.description().to_string(),
|
|
input_schema: t.input_schema(),
|
|
})
|
|
.collect()
|
|
}
|
|
|
|
/// Return the names of all registered tools.
|
|
pub fn list_names(&self) -> Vec<String> {
|
|
self.tools.keys().cloned().collect()
|
|
}
|
|
}
|