Metadata-Version: 2.4
Name: sufa
Version: 0.1.4
Summary: AI-powered web vulnerability analysis platform
Project-URL: Homepage, https://github.com/sufiyansaidsha/sufaAI
Project-URL: Repository, https://github.com/sufiyansaidsha/sufaAI
Project-URL: Issues, https://github.com/sufiyansaidsha/sufaAI/issues
Project-URL: Documentation, https://github.com/sufiyansaidsha/sufaAI#readme
Author: sufiyansaidsha
License-Expression: MIT
License-File: LICENSE
Keywords: ai,burp,llm,owasp,pentest,scanner,security,vulnerability
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Requires-Python: >=3.11
Requires-Dist: alembic>=1.13.0
Requires-Dist: httpx>=0.27.0
Requires-Dist: jinja2>=3.1.0
Requires-Dist: keyring>=25.0.0
Requires-Dist: pydantic>=2.0.0
Requires-Dist: python-dotenv>=1.0.0
Requires-Dist: pyyaml>=6.0.0
Requires-Dist: rich>=13.0.0
Requires-Dist: sqlalchemy>=2.0.0
Requires-Dist: structlog>=24.0.0
Requires-Dist: typer>=0.9.0
Provides-Extra: all
Requires-Dist: beautifulsoup4>=4.12.0; extra == 'all'
Requires-Dist: fastapi>=0.110.0; extra == 'all'
Requires-Dist: lxml>=5.0.0; extra == 'all'
Requires-Dist: mitmproxy>=10.0.0; extra == 'all'
Requires-Dist: passlib[bcrypt]>=1.7.4; extra == 'all'
Requires-Dist: psycopg2-binary>=2.9.0; extra == 'all'
Requires-Dist: python-jose[cryptography]>=3.3.0; extra == 'all'
Requires-Dist: uvicorn>=0.27.0; extra == 'all'
Requires-Dist: weasyprint>=62.0; extra == 'all'
Provides-Extra: crawler
Requires-Dist: beautifulsoup4>=4.12.0; extra == 'crawler'
Requires-Dist: lxml>=5.0.0; extra == 'crawler'
Provides-Extra: dev
Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
Requires-Dist: pytest-cov>=5.0.0; extra == 'dev'
Requires-Dist: pytest>=8.0.0; extra == 'dev'
Requires-Dist: ruff>=0.3.0; extra == 'dev'
Provides-Extra: pdf
Requires-Dist: weasyprint>=62.0; extra == 'pdf'
Provides-Extra: proxy
Requires-Dist: mitmproxy>=10.0.0; extra == 'proxy'
Provides-Extra: server
Requires-Dist: fastapi>=0.110.0; extra == 'server'
Requires-Dist: passlib[bcrypt]>=1.7.4; extra == 'server'
Requires-Dist: psycopg2-binary>=2.9.0; extra == 'server'
Requires-Dist: python-jose[cryptography]>=3.3.0; extra == 'server'
Requires-Dist: uvicorn>=0.27.0; extra == 'server'
Description-Content-Type: text/markdown

# sufa

AI-powered web vulnerability analysis platform.

sufa combines AI reasoning, traditional scanning techniques, attack chain discovery, and pentester workflows into a unified CLI tool with Burp Suite integration.

## Features

- **AI-Powered Analysis** -- Passive and active vulnerability detection using Ollama, OpenAI, Claude, or Gemini
- **Central Traffic Store** -- Persist, replay, and analyze HTTP traffic
- **Smart Deduplication** -- Endpoint normalization prevents redundant analysis
- **Attack Chain Discovery** -- AI connects individual findings into multi-step attack paths
- **Event-Driven Architecture** -- Extensible plugin system with publish/subscribe events
- **Data Redaction** -- Automatically strips sensitive data before sending to AI providers
- **Multiple Report Formats** -- JSON, HTML, PDF, SARIF for CI/CD integration

## Quick Start

```bash
pip install sufa

# Configure AI provider
sufa config set ai.provider ollama
sufa config set ai.model deepseek-r1:latest

# Test connectivity
sufa provider test

# Scan a target
sufa scan https://target.example.com

# View findings
sufa findings list

# Generate report
sufa report generate --format html
```

## CLI Commands

```
sufa scan <url>                    Passive scan a target
sufa scan --profile deep <url>     Deep scan with active verification
sufa proxy start --port 8080       Start intercept proxy
sufa import <file.har>             Import HAR file for analysis
sufa replay <request-id>           Replay a stored request
sufa findings list                 List all findings
sufa findings chains               Show discovered attack chains
sufa report generate --format pdf  Generate report
sufa project create "name"         Create a project
sufa config set <key> <value>      Set configuration
sufa provider test                 Test AI provider connectivity
sufa server start                  Start API server (Enterprise)
```

## AI Providers

| Provider | Local | Cost |
|----------|-------|------|
| Ollama   | Yes   | Free |
| OpenAI   | No    | Paid |
| Claude   | No    | Paid |
| Gemini   | No    | Paid |

## Documentation

For the complete usage guide covering all commands, configuration, plugins, Docker, Burp Suite integration, and more:

**[Full Usage Guide](docs/USAGE.md)**

## Development

```bash
pip install -e ".[dev,all]"
pytest
```

## License

MIT
