SHAdd0WTAka / Zen-Ai-Pentest

Zen-AI-Pentest > 🛡️ **Professional AI-Powered Penetration Testing Framework** [ ]() • **Guest Control**: Execute tools inside isolated VMs • **🆕 GitHub MCP Integration**: Model Context Protocol für GitHub • **🆕 QR Code Modal**: Schneller Zugriff via QR Codes • **🆕 Cloudflare Deployment**: Automatisches Deployment 🌐 Live Demo • **Frontend**: https://zen-ai-pentest.pages.dev - React Dashboard • **API**: https://zen-ai-pentest.workers.dev - Cloudflare Workers API • **Health Check**: https://zen-ai-health.aydinatakan.workers.dev/health - Worker Health Monitor • **Alpha Dashboard**: https://03c8d80c.zen-alpha-pentest.pages.dev - Zen Alpha Pentest • **AI Analysis**: https://v2-0.zen-ai-pentest.pages.dev/ai-analysis - AI-Powered Analysis Interface • **Login**: / ( für Demo-Zwecke) 🚀 Modern API & Backend • **FastAPI**: High-performance REST API • **PostgreSQL**: Persistent data storage • **WebSocket**: Real-time scan updates • **JWT Auth**: Role-based access control (RBAC) • **Background Tasks**: Async scan execution 📊 Reporting & Notifications • **PDF Reports**: Professional findings reports • **HTML Dashboard**: Interactive web interface • **Slack/Email**: Instant notifications • **JSON/XML**: Integration with other tools 🐳 Easy Deployment • **Docker Compose**: One-command full stack deployment • **CI/CD**: GitHub Actions pipeline • **Production Ready**: Optimized for enterprise use 🆕 New in v3.0 (2026) • **🔐 GitHub MCP Server**: Secure Model Context Protocol integration • **💬 Global Chat**: AI-powered chat interface im Dashboard • **📱 Kimi Terminal**: Web-basierte CLI Integration • **🌉 Auth Bridge**: Lokale Kimi CLI Authentifizierung • **📶 Twitch Tunnel**: Kreative Tunnel-Lösung • **🤖 100 Agent POC**: Full-Stack Multi-Agent System • **🔗 Device Auth**: Sichere Geräte-Authentifizierung --- 🎯 Real Data Execution - No Mocks! Zen-AI-Pentest executes **real security tools** - no simulations, no mocks, only actual tool execution: • ✅ **Nmap** - Real port scanning with XML output parsing • ✅ **Nuclei** - Real vulnerability detection with JSON output • ✅ **SQLMap** - Real SQL injection testing with safety controls • ✅ **FFuF** - Blazing fast web fuzzer • ✅ **WhatWeb** - Technology detection (900+ plugins) • ✅ **WAFW00F** - WAF detection (50+ signatures) • ✅ **Subfinder** - Subdomain enumeration • ✅ **HTTPX** - Fast HTTP prober • ✅ **Nikto** - Web vulnerability scanner • ✅ **Multi-Agent** - Researcher & Analyst agents cooperate • ✅ **Docker Sandbox** - Isolated tool execution for safety 📖 **Enhanced Tools:** README_ENHANCED_TOOLS.md All tools run with **safety controls**: • Private IP blocking (protects internal networks) • Timeout management (prevents hanging) • Resource limits (CPU/memory constraints) • Read-only filesystems (Docker sandbox) 📖 **Details:** IMPLEMENTATION_SUMMARY.md --- 🚀 Quick Start --- 📚 Table of Contents • Overview • Features • For AI Agents • Quick Start • Installation • Usage • Architecture • API Reference • Project Structure • Configuration • Secret Management • Testing • Docker Deployment • Safety First • Documentation • Contributing • Community & Support • License --- 🎯 Overview **Zen-AI-Pentest** is an autonomous, AI-powered penetration testing framework that combines cutting-edge language models with professional security tools. Built for security professionals, bug bounty hunters, and enterprise security teams. Key Highlights • 🤖 **AI-Powered**: Leverages state-of-the-art LLMs for intelligent decision making • 🔒 **Security-First**: Multiple safety controls and validation layers • 🚀 **Production-Ready**: Enterprise-grade with CI/CD, monitoring, and support • 📊 **Comprehensive**: 45+ integrated security tools (Inventory) • 🔧 **Extensible**: Plugin system for custom tools and integrations • ☁️ **Cloud-Native**: Deploy on AWS, Azure, or GCP • 📱 **Quick Access**: Scan QR codes for instant mobile access ☝️ Click to view all QR codes or scan with your phone! --- ✨ Features 🤖 Autonomous AI Agent • **ReAct Pattern**: Reason → Act → Observe → Reflect • **State Machine**: IDLE → PLANNING → EXECUTING → OBSERVING → REFLECTING → COMPLETED • **Memory System**: Short-term, long-term, and context window management • **Tool Orchestration**: Automatic selection and execution of 45+ pentesting tools • **Self-Correction**: Retry logic and adaptive planning • **Human-in-the-Loop**: Optional pause for critical decisions 🎯 Risk Engine • **False Positive Reduction**: Multi-factor validation with Bayesian filtering • **Business Impact**: Financial, compliance, and reputation risk calculation • **CVSS/EPSS Scoring**: Industry-standard vulnerability assessment • **Priority Ranking**: Automated finding prioritization • **LLM Voting**: Multi-model consensus for accuracy 🔒 Exploit Validation • **Sandboxed Execution**: Docker-based isolated testing • **Safety Controls**: 4-level safety system (Read-Only to Full) • **Evidence Collection**: Screenshots, HTTP captures, PCAP • **Chain of Custody**: Complete audit trail • **Remediation**: Automatic fix recommendations 📊 Benchmarking • **Competitor Comparison**: vs PentestGPT, AutoPentest, Manual • **Test Scenarios**: HTB machines, OWASP WebGoat, DVWA • **Metrics**: Time-to-find, coverage, false positive rate • **Visual Reports**: Charts and statistical analysis • **CI Integration**: Automated regression testing 🔗 CI/CD Integration • **GitHub Actions**: Native action support • **GitLab CI**: Pipeline integration • **Jenkins**: Plugin and pipeline support • **Output Formats**: JSON, JUnit XML, SARIF • **Notifications**: Slack, JIRA, Email alerts • **Exit Codes**: Pipeline-friendly status codes 🧠 AI Persona System • **11 Specialized Personas**: Recon, Exploit, Report, Audit, Social, Network, Mobile, Red Team, ICS, Cloud, Crypto • **CLI Tool**: Interactive and one-shot modes ( , , etc.) • **REST API**: Flask-based API with WebSocket support • **Web UI**: Modern browser interface with screenshot analy…