Welcome to PentoA1, an advanced security assessment tool powered by crewAI and Flask. This project combines the power of AI-driven security analysis with a user-friendly web interface, enabling automated security assessments of web applications.
- 🤖 AI-Powered Security Assessment: Leverages crewAI for intelligent security analysis
- 🌐 Web Interface: Clean, modern interface built with Flask and Tailwind CSS
- 📊 Real-time Visualization: Interactive 3D visualization using Three.js
- 📝 Comprehensive Reporting: Detailed security reports with actionable insights
- 🔒 JWT Security Analysis: Advanced JWT vulnerability testing and assessment
- 🔍 ZAP Integration: Automated security scanning using OWASP ZAP
Detailed assessment results showing discovered vulnerabilities and their severity levels.
Sample terminal output showing exploitation results and remediation recommendations.
A comprehensive summary of findings and recommendations for security improvements.
- 🐍 Python >= 3.10, <= 3.13
- 📦 Poetry for dependency management
- 🔒 OWASP ZAP
- 🔑 Mistral AI API key
- 🗝️ ZAP API key
- Install Poetry if you haven't already:
pip install poetry- Clone the repository:
git clone <repo-url>
cd pentov1- Install dependencies:
poetry install- Set up environment variables in .env:
MISTRAL_API_KEY=your_mistral_api_key
ZAP_API_KEY=your_zap_api_keypentov1/
├── server/
│ ├── init.py
│ ├── app.py # Flask application setup
│ ├── routes.py # API endpoints and routes
│ └── templates/
│ └── index.html # Web interface template
├── pentov1/
│ ├── init.py
│ ├── agents.py # AI agent definitions
│ ├── tasks.py # Security assessment tasks
│ ├── tools.py # Security testing tools
│ └── main.py # Main application logic
├── pyproject.toml # Project dependencies
└── README.md
- Start the Flask server:
python run_server.py- Access the web interface at http://localhost:5000
- 🎯 Enter the target site URL in the input field
- 🚀 Click "Run Assessment" to start the security assessment
- 📊 View real-time progress with the 3D visualization
- 📝 Access detailed reports in the "Previous Reports" section As shown in the screenshots, the tool provides:
- 🔍 Real-time vulnerability scanning
- 📊 Detailed findings with severity levels
- 🌐 Interactive 3D security visualization
- 📝 Comprehensive remediation recommendations
- Discovers API endpoints
- Maps API structure
- Identifies authentication methods
- Tests for SQL Injection vulnerabilities
- Analyzes JWT implementation
- Checks for authentication weaknesses
- Assesses access control mechanisms
- Safely verifies identified vulnerabilities
- Documents exploitation attempts
- Provides proof-of-concept examples
- Creates detailed security reports
- Prioritizes vulnerabilities by risk level
- Provides actionable remediation steps
- POST /run_assessment: Initiates a security assessment
- GET /get_reports: Retrieves all assessment reports
- GET /get_report/: Fetches a specific report
Modify pentov1/agents.py:
new_agent = Agent(
role="Your New Agent Role",
goal="Agent's Security Goal",
backstory="""Agent's expertise and background""",
tools=[your_tools],
llm=mistral,
verbose=True
)Add new tools in pentov1/tools.py:
def your_custom_tool(parameters):
# Implement your security testing logic
return resultsAs shown in the screenshots, reports include:
- 🔍 Reconnaissance findings
- 🔒 Vulnerability assessment results
- ⚔️ Exploitation verification
- ⚖️ Risk prioritization
- 🛠️ Remediation recommendations
- Fork the repository
- Create a feature branch
- Submit a pull request
For support and questions:
- 📝 Submit an issue on GitHub
- 📚 Visit crewAI documentation