Loading repository dataβ¦
Loading repository dataβ¦
prutxvi / repository
π€ Autonomous AI-powered ethical hacking agent powered by Llama 3.1 70B on NVIDIA NIM
ββββββββββ ββββββββββ βββββββββββββββ ββββββββββββ βββββββββββββββββββ βββ βββ
ββββββββββββ βββββββββββββββββββββββββββββββββββββββββ ββββββββββββββββββββββββ ββββ
βββ βββββββ ββββββββββββββ ββββββββββββββββββββββ βββ βββ ββββββββ βββββββ
βββ βββββ ββββββββββββββ ββββββββββββββββββββββββββ βββ ββββββββ βββββ
ββββββββ βββ βββββββββββββββββββ ββββββββββββββ ββββββ βββ βββ βββ βββ
βββββββ βββ βββββββ βββββββββββ ββββββββββββββ βββββ βββ βββ βββ βββ
π AI-Powered Autonomous Ethical Hacking Agent π
CyberSentry is an autonomous AI-powered security auditing agent designed for ethical website penetration testing and vulnerability assessment. Powered by NVIDIA NIM running Llama 3.1 70B, it implements a ReAct loop architecture (Think β Act β Observe β Repeat) to intelligently coordinate 8 advanced security scanning tools.
Unlike traditional security scanners, CyberSentry reasons about findings, adapts its approach based on results, and generates professional bug-bounty style security reports with actionable recommendations.
| Feature | Description |
|---|---|
| π€ AI-Powered Reasoning | Llama 3.1 70B makes autonomous decisions about which tools to run and how to interpret results |
| π ReAct Loop | Implements Think β Act β Observe β Reason cycle for intelligent tool orchestration |
| π― 8 Security Tools | Robots/Sitemap Recon, Tech Stack Detection, HTTP Header Analysis, SSL Certificate Checking, Cookie Auditing, Directory Fuzzing, CORS Analysis, Nmap Port Scanning |
| π Real-time UI | Rich terminal interface with color-coded severity indicators and live progress |
| π Professional Reports | Generates markdown security reports with findings, severity levels, and remediation steps |
| π‘οΈ Ethical Focus | Built with explicit ethical guidelines and requires authorized target specification |
| β‘ Efficient Scanning | Intelligent tool coordination reduces scanning time vs. running all tools sequentially |
| π Secure Credential Management | Uses environment variables for API key management |
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β User Input (Target URL) β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β ReAct Agent Loop (Autonomous) β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β 1οΈβ£ THINK: LLM analyzes target & plans tools β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β 2οΈβ£ ACT: Execute planned security tools β β
β β ββ Robots/Sitemap Parser β β
β β ββ Tech Stack Detector (Wappalyzer) β β
β β ββ HTTP Header Analyzer β β
β β ββ SSL Certificate Checker β β
β β ββ Cookie Auditor β β
β β ββ Directory Fuzzer β β
β β ββ CORS Policy Tester β β
β β ββ Nmap Port Scanner β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β 3οΈβ£ OBSERVE: Collect tool outputs & results β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β 4οΈβ£ REASON: LLM interprets findings & decides next β β
β β ββ Run more focused scans? β β
β β ββ Deep dive on vulnerabilities? β β
β β ββ Generate final report? β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Professional Security Audit Report (Markdown) β
β ββ Findings by Severity (Critical/High/Medium/Low) β
β ββ CVSS Scores & Risk Assessment β
β ββ Remediation Recommendations β
β ββ Executive Summary β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
For detailed architecture documentation, see docs/ARCHITECTURE.md
| Component | Technology |
|---|---|
| Language | Python 3.13 |
| LLM Engine | NVIDIA NIM (Llama 3.1 70B) |
| Agent Pattern | ReAct (Reasoning + Acting) |
| Terminal UI | Rich Python library |
| Network Tools | Nmap, requests, ssl, socket, subprocess |
| Security Tools | Robots parser, sslyze, requests_toolbelt |
| Environment | Kali Linux / WSL2 Ubuntu |
| API Integration | OpenAI-compatible NVIDIA NIM API |
git clone https://github.com/prutxvi/cybersentry.git
cd cybersentry
# On Kali Linux / Ubuntu
python3 -m venv venv
source venv/bin/activate
# On Windows (WSL2)
python -m venv venv
source venv/Scripts/activate
pip install -r requirements.txt
Required packages:
openai - NVIDIA NIM API clientpython-dotenv - Environment variable managementrich - Beautiful terminal UIrequests - HTTP requestsscapy - Network packet manipulation# Copy example configuration
cp .env.example .env
# Edit .env with your NVIDIA API key
nano .env
Add your NVIDIA NIM API key:
NVIDIA_API_KEY=nvapi-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
TARGET_URL=https://your-own-website.com
sudo apt update
sudo apt install nmap xterm -y
sudo apt update
sudo apt install nmap xterm -y
# Activate virtual environment
source venv/bin/activate
# Run security audit on configured target
python agent.py
# Expected output:
# β Tool 1/8: Robots.txt & Sitemap Analysis
# β Tool 2/8: Tech Stack Detection
# β Tool 3/8: HTTP Header Analysis
# β Tool 4/8: SSL Certificate Check
# β Tool 5/8: Cookie Audit
# β Tool 6/8: Directory Fuzzing
# β Tool 7/8: CORS Testing
# β Tool 8/8: Nmap Port Scan
#
# π Report saved to: report_20260503_021648.md
The agent will:
report_YYYYMMDD_HHMMSS.md β Professional security audit report
The report includes:
This is a real security audit performed on the developer's portfolio website. Note: Scan was authorized by the domain owner.
| Finding | Severity | CVSS | Status |
|---|---|---|---|
| Missing Content-Security-Policy Header | Medium | 5.3 | β οΈ Unpatched |
| Server Header Reveals Vercel Platform | Low | 2.7 | βΉοΈ Info |
| SSL Certificate Expires June 2, 2026 | Medium | 5.9 | β οΈ 30 Days |
| WordPress Paths Detected (403 Errors) | Low | 3.1 | βΉοΈ Hardened |
| Missing X-Content-Type-Options Header | Low | 2.7 | β οΈ Unpatched |
[1] Missing Content-Security-Policy (CSP) Header (Medium Severity)
Content-Security-Policy directiveContent-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
[2] Server Header Reveals Technology Stack (Low Severity)
Server: Vercel header exposed in HTTP response# In Vercel vercel.json
"headers": [
{
"source": "/(.*)",
"headers": [
{
"key": "Server",
"value": "Web Server"
}
]
}
]
[3] SSL Certificate Expires Soon (Medium Severity)
[4] WordPress Paths Detected (Low Severity)
/wp-admin, /wp-includes, /wp-content (all return 403)[5] Missing X-Content-Type-Options Header (Low Severity)
X-Content-Type-Options: nosniff header not presentX-Content-Type-Options: nosniff