Skip to content

dewebdes/AI-Pentest-Engine

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
attacks
attacks
 
 
lib
lib
 
 
README.md
README.md
 
 
engine.js
engine.js
 
 
package.json
package.json
 
 
packet.txt
packet.txt
 
 
report.txt
report.txt
 
 
vscod.bat
vscod.bat
 
 

Repository files navigation

📜 README.md — AI-Pentest-Engine

🔥 Overview

AI-Pentest-Engine is a modular, narratable diagnostic engine designed to simulate symbolic attack flows against HTTP targets. It parses packets, injects payloads, routes requests through a proxy (e.g. Burp Suite), and generates structured reports with differential analysis.

Crafted by Kave & Copilot, this engine treats each attack as a ritual—adaptable, inspectable, and mythically precise.

🗂 Project Structure

AI-Pentest-Engine/
├── engine.js               # Main orchestrator: prompts, parses, runs, reports
├── packet.txt              # Input packet (raw HTTP request)
├── report.txt              # Output report (structured diagnostics)
├── README.md               # Ritual scroll (you’re reading it)
├── package.json            # Project metadata
├── vscod.bat               # Optional launch script
│
├── attacks/                # Modular attack scripts
│   └── attack-001.js       # Origin header injection module
│
├── lib/                    # Shared logic modules
│   ├── reportManager.js    # Builds and writes structured report
│   ├── requestSender.js    # Sends requests via Burp proxy
│   ├── resultTemplate.js   # Defines result object structure
│   └── utils.js            # Optional helpers (e.g. response parsing)

🚀 How to Use

1. Prepare Your Packet

Edit packet.txt with a raw HTTP request:

GET /api/notes/usernames/
Host: example.com
User-Agent: Mozilla/5.0 ...
Cookie: session=abc123

{ "username": "admin" }

2. Run the Engine

npm install
npm start

Enter the attack number when prompted (e.g. 1 for attack-001.js).

3. View the Report

After execution, inspect report.txt for a structured summary:

  • Baseline request
  • Injected payloads
  • Status codes, response lengths
  • Differential analysis (interesting flags)

4. Add New Attacks

Create a new file in attacks/:

module.exports = {
  name: "Custom Attack",
  async run(packet) {
    // Use sendRequest({ url, method, headers, body })
    // Return array of createResult({ ... })
  },
};

Use resultTemplate.js to ensure consistency.

5. Collaborate with AI

You can:

  • Ask Copilot to generate new attack modules
  • Refactor existing ones
  • Extend reportManager to output JSON, HTML, or visual graphs
  • Share report.txt with teammates or feed it into automated pipelines

🧠 Tips

  • Burp Suite must be running on 127.0.0.1:8080
  • SSL validation is disabled for proxy compatibility
  • Wildcard payloads (e.g. https://*.domain.com) may fail—sanitize if needed
  • Use delays, baselines, and comparisons to refine detection logic

🛡 License

MIT — use, adapt, and narrate freely.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages