[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-79888":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":15,"stars7d":15,"stars30d":14,"stars90d":15,"forks30d":15,"starsTrendScore":15,"compositeScore":16,"rankGlobal":10,"rankLanguage":10,"license":17,"archived":18,"fork":18,"defaultBranch":19,"hasWiki":20,"hasPages":18,"topics":21,"createdAt":10,"pushedAt":10,"updatedAt":29,"readmeContent":30,"aiSummary":31,"trendingCount":15,"starSnapshotCount":15,"syncStatus":32,"lastSyncTime":33,"discoverSource":34},79888,"cybersentry","prutxvi\u002Fcybersentry","prutxvi","🤖 Autonomous AI-powered ethical hacking agent  powered by Llama 3.1 70B on NVIDIA NIM","",null,"Python",99,16,1,0,3.69,"MIT License",false,"main",true,[22,23,24,25,26,27,28],"ai-agent","cybersecurity","ethical-hacking","llm","nvidia-nim","penetration-testing","python","2026-06-12 02:03:55","```\n  ██████╗██╗   ██╗██████╗ ███████╗██████╗ ███████╗███╗   ██╗████████╗██████╗ ██╗   ██╗\n ██╔════╝╚██╗ ██╔╝██╔══██╗██╔════╝██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██╔══██╗╚██╗ ██╔╝\n ██║      ╚████╔╝ ██████╔╝█████╗  ██████╔╝███████╗██╔██╗ ██║   ██║   ██████╔╝ ╚████╔╝ \n ██║       ╚██╔╝  ██╔══██╗██╔══╝  ██╔══██╗╚════██║██║╚██╗██║   ██║   ██╔══██╗  ╚██╔╝  \n ╚██████╗  ██║   ██████╔╝███████╗██║  ██║███████║██║ ╚████║   ██║   ██║  ██║   ██║   \n  ╚═════╝  ╚═╝   ╚═════╝ ╚══════╝╚═╝  ╚═╝╚══════╝╚═╝  ╚═══╝   ╚═╝   ╚═╝  ╚═╝   ╚═╝   \n                                                                                        \n          🔐 AI-Powered Autonomous Ethical Hacking Agent 🔐\n```\n\n# CyberSentry: Autonomous Ethical Website Security Auditor\n\n[![Python 3.13](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPython-3.13-3776ab?style=flat-square&logo=python&logoColor=white)](https:\u002F\u002Fwww.python.org\u002F)\n[![NVIDIA NIM](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FNVIDIA-NIM-76B900?style=flat-square&logo=nvidia&logoColor=white)](https:\u002F\u002Fbuild.nvidia.com\u002F)\n[![Llama 3.1 70B](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLLM-Llama%203.1%2070B-FF9E64?style=flat-square)](https:\u002F\u002Fwww.llama.com\u002F)\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-yellow.svg?style=flat-square)](LICENSE)\n[![ReAct Architecture](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FArchitecture-ReAct%20Loop-4B8BBE?style=flat-square)](docs\u002FARCHITECTURE.md)\n[![Ethical Hacking](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FType-Ethical%20Hacking-3DDC84?style=flat-square)](DISCLAIMER.md)\n\n---\n\n## 📋 Table of Contents\n\n- [Overview](#overview)\n- [✨ Features](#-features)\n- [🎯 Architecture](#-architecture)\n- [🛠️ Tech Stack](#-tech-stack)\n- [📦 Installation](#-installation)\n- [🚀 Usage](#-usage)\n- [🔍 Real Findings](#-real-findings)\n- [🗺️ Roadmap](#-roadmap)\n- [👨‍💻 About the Developer](#-about-the-developer)\n- [⚖️ Legal & Ethical Disclaimer](#-legal--ethical-disclaimer)\n- [📄 License](#-license)\n\n---\n\n## Overview\n\n**CyberSentry** is an autonomous AI-powered security auditing agent designed for ethical website penetration testing and vulnerability assessment. Powered by **NVIDIA NIM** running **Llama 3.1 70B**, it implements a **ReAct loop architecture** (Think → Act → Observe → Repeat) to intelligently coordinate 8 advanced security scanning tools.\n\nUnlike traditional security scanners, CyberSentry reasons about findings, adapts its approach based on results, and generates professional bug-bounty style security reports with actionable recommendations.\n\n### Key Innovation\n- **Autonomous Decision-Making**: Uses Llama 3.1 70B to reason about security findings and adjust scanning strategy\n- **Real-time Terminal Visualization**: Live xterm windows with hacker-themed green-on-black UI\n- **8 Integrated Security Tools**: Robots\u002FSitemap, Tech Detection, HTTP Headers, SSL Analysis, Cookie Audit, Directory Fuzzing, CORS Testing, Nmap Scanning\n- **Professional Reporting**: Generates industry-standard security audit reports with CVSS-style severity ratings\n\n---\n\n## ✨ Features\n\n| Feature | Description |\n|---------|-------------|\n| 🤖 **AI-Powered Reasoning** | Llama 3.1 70B makes autonomous decisions about which tools to run and how to interpret results |\n| 🔄 **ReAct Loop** | Implements Think → Act → Observe → Reason cycle for intelligent tool orchestration |\n| 🎯 **8 Security Tools** | Robots\u002FSitemap Recon, Tech Stack Detection, HTTP Header Analysis, SSL Certificate Checking, Cookie Auditing, Directory Fuzzing, CORS Analysis, Nmap Port Scanning |\n| 📊 **Real-time UI** | Rich terminal interface with color-coded severity indicators and live progress |\n| 📈 **Professional Reports** | Generates markdown security reports with findings, severity levels, and remediation steps |\n| 🛡️ **Ethical Focus** | Built with explicit ethical guidelines and requires authorized target specification |\n| ⚡ **Efficient Scanning** | Intelligent tool coordination reduces scanning time vs. running all tools sequentially |\n| 🔒 **Secure Credential Management** | Uses environment variables for API key management |\n\n---\n\n## 🎯 Architecture\n\n```\n┌─────────────────────────────────────────────────────────────┐\n│                    User Input (Target URL)                   │\n└────────────────────┬────────────────────────────────────────┘\n                     │\n                     ▼\n┌─────────────────────────────────────────────────────────────┐\n│           ReAct Agent Loop (Autonomous)                      │\n│  ┌──────────────────────────────────────────────────────┐   │\n│  │ 1️⃣  THINK: LLM analyzes target & plans tools        │   │\n│  ├──────────────────────────────────────────────────────┤   │\n│  │ 2️⃣  ACT: Execute planned security tools             │   │\n│  │    ├─ Robots\u002FSitemap Parser                          │   │\n│  │    ├─ Tech Stack Detector (Wappalyzer)              │   │\n│  │    ├─ HTTP Header Analyzer                           │   │\n│  │    ├─ SSL Certificate Checker                        │   │\n│  │    ├─ Cookie Auditor                                 │   │\n│  │    ├─ Directory Fuzzer                               │   │\n│  │    ├─ CORS Policy Tester                             │   │\n│  │    └─ Nmap Port Scanner                              │   │\n│  ├──────────────────────────────────────────────────────┤   │\n│  │ 3️⃣  OBSERVE: Collect tool outputs & results         │   │\n│  ├──────────────────────────────────────────────────────┤   │\n│  │ 4️⃣  REASON: LLM interprets findings & decides next  │   │\n│  │    ├─ Run more focused scans?                        │   │\n│  │    ├─ Deep dive on vulnerabilities?                 │   │\n│  │    └─ Generate final report?                         │   │\n│  └──────────────────────────────────────────────────────┘   │\n└────────────────────┬────────────────────────────────────────┘\n                     │\n                     ▼\n┌─────────────────────────────────────────────────────────────┐\n│        Professional Security Audit Report (Markdown)         │\n│  ├─ Findings by Severity (Critical\u002FHigh\u002FMedium\u002FLow)         │\n│  ├─ CVSS Scores & Risk Assessment                           │\n│  ├─ Remediation Recommendations                             │\n│  └─ Executive Summary                                        │\n└─────────────────────────────────────────────────────────────┘\n```\n\nFor detailed architecture documentation, see [docs\u002FARCHITECTURE.md](docs\u002FARCHITECTURE.md)\n\n---\n\n## 🛠️ Tech Stack\n\n| Component | Technology |\n|-----------|-----------|\n| **Language** | Python 3.13 |\n| **LLM Engine** | NVIDIA NIM (Llama 3.1 70B) |\n| **Agent Pattern** | ReAct (Reasoning + Acting) |\n| **Terminal UI** | Rich Python library |\n| **Network Tools** | Nmap, requests, ssl, socket, subprocess |\n| **Security Tools** | Robots parser, sslyze, requests_toolbelt |\n| **Environment** | Kali Linux \u002F WSL2 Ubuntu |\n| **API Integration** | OpenAI-compatible NVIDIA NIM API |\n\n---\n\n## 📦 Installation\n\n### Prerequisites\n\n- **Python 3.13+**\n- **pip** (Python package manager)\n- **NVIDIA NIM API Key** ([Get free access](https:\u002F\u002Fbuild.nvidia.com\u002F))\n- **Nmap** (for port scanning)\n- **Kali Linux or WSL2 Ubuntu** (recommended for full tool support)\n\n### Step 1: Clone Repository\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fprutxvi\u002Fcybersentry.git\ncd cybersentry\n```\n\n### Step 2: Create Virtual Environment\n\n```bash\n# On Kali Linux \u002F Ubuntu\npython3 -m venv venv\nsource venv\u002Fbin\u002Factivate\n\n# On Windows (WSL2)\npython -m venv venv\nsource venv\u002FScripts\u002Factivate\n```\n\n### Step 3: Install Dependencies\n\n```bash\npip install -r requirements.txt\n```\n\nRequired packages:\n- `openai` - NVIDIA NIM API client\n- `python-dotenv` - Environment variable management\n- `rich` - Beautiful terminal UI\n- `requests` - HTTP requests\n- `scapy` - Network packet manipulation\n\n### Step 4: Configure Environment Variables\n\n```bash\n# Copy example configuration\ncp .env.example .env\n\n# Edit .env with your NVIDIA API key\nnano .env\n```\n\nAdd your NVIDIA NIM API key:\n```\nNVIDIA_API_KEY=nvapi-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\nTARGET_URL=https:\u002F\u002Fyour-own-website.com\n```\n\n### Step 5: Install System Dependencies\n\n#### On Kali Linux:\n```bash\nsudo apt update\nsudo apt install nmap xterm -y\n```\n\n#### On WSL2 Ubuntu:\n```bash\nsudo apt update\nsudo apt install nmap xterm -y\n```\n\n---\n\n## 🚀 Usage\n\n### Basic Usage\n\n```bash\n# Activate virtual environment\nsource venv\u002Fbin\u002Factivate\n\n# Run security audit on configured target\npython agent.py\n\n# Expected output:\n#   ✓ Tool 1\u002F8: Robots.txt & Sitemap Analysis\n#   ✓ Tool 2\u002F8: Tech Stack Detection\n#   ✓ Tool 3\u002F8: HTTP Header Analysis\n#   ✓ Tool 4\u002F8: SSL Certificate Check\n#   ✓ Tool 5\u002F8: Cookie Audit\n#   ✓ Tool 6\u002F8: Directory Fuzzing\n#   ✓ Tool 7\u002F8: CORS Testing\n#   ✓ Tool 8\u002F8: Nmap Port Scan\n#\n#   📄 Report saved to: report_20260503_021648.md\n```\n\n### Interactive Mode\n\nThe agent will:\n1. **Display its reasoning** in the terminal as it decides which tools to run\n2. **Show real-time tool execution** in xterm windows with live output\n3. **Ask follow-up questions** about findings that need deeper investigation\n4. **Summarize results** after all tools complete\n5. **Generate professional report** with findings and recommendations\n\n### Output Files\n\n```\nreport_YYYYMMDD_HHMMSS.md  ← Professional security audit report\n```\n\nThe report includes:\n- Executive summary\n- Findings grouped by severity\n- Technical details of each vulnerability\n- CVSS scores (where applicable)\n- Remediation recommendations\n- Scan metadata (tool versions, timestamp, scope)\n\n---\n\n## 🔍 Real Findings\n\n### Scan Target: example.com (May 2, 2026)\n\nThis is a real security audit performed on the developer's portfolio website. **Note: Scan was authorized by the domain owner.**\n\n| Finding | Severity | CVSS | Status |\n|---------|----------|------|--------|\n| Missing Content-Security-Policy Header | **Medium** | 5.3 | ⚠️ Unpatched |\n| Server Header Reveals Vercel Platform | **Low** | 2.7 | ℹ️ Info |\n| SSL Certificate Expires June 2, 2026 | **Medium** | 5.9 | ⚠️ 30 Days |\n| WordPress Paths Detected (403 Errors) | **Low** | 3.1 | ℹ️ Hardened |\n| Missing X-Content-Type-Options Header | **Low** | 2.7 | ⚠️ Unpatched |\n\n#### Detailed Findings\n\n**[1] Missing Content-Security-Policy (CSP) Header** (Medium Severity)\n\n- **Risk**: Without CSP, the site is vulnerable to XSS (Cross-Site Scripting) attacks\n- **Finding**: Response headers lack `Content-Security-Policy` directive\n- **CVSS v3.1**: 5.3 (Medium)\n- **Recommendation**: Implement CSP header with strict directives\n  ```\n  Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'\n  ```\n\n**[2] Server Header Reveals Technology Stack** (Low Severity)\n\n- **Risk**: Attackers learn site runs on Vercel, enabling targeted attacks\n- **Finding**: `Server: Vercel` header exposed in HTTP response\n- **CVSS v3.1**: 2.7 (Low)\n- **Recommendation**: Remove or obfuscate server header\n  ```\n  # In Vercel vercel.json\n  \"headers\": [\n    {\n      \"source\": \"\u002F(.*)\",\n      \"headers\": [\n        {\n          \"key\": \"Server\",\n          \"value\": \"Web Server\"\n        }\n      ]\n    }\n  ]\n  ```\n\n**[3] SSL Certificate Expires Soon** (Medium Severity)\n\n- **Risk**: Service interruption, potential MITM attacks during renewal\n- **Finding**: Certificate valid until June 2, 2026 (30 days remaining)\n- **CVSS v3.1**: 5.9 (Medium)\n- **Recommendation**: Renew certificate immediately (auto-renewal via Vercel)\n\n**[4] WordPress Paths Detected** (Low Severity)\n\n- **Risk**: Potential information disclosure; 403 responses leak existence of WP paths\n- **Finding**: Paths detected: `\u002Fwp-admin`, `\u002Fwp-includes`, `\u002Fwp-content` (all return 403)\n- **CVSS v3.1**: 3.1 (Low)\n- **Recommendation**: These are hardened and return 403, which is good. No action needed.\n\n**[5] Missing X-Content-Type-Options Header** (Low Severity)\n\n- **Risk**: MIME-type sniffing attacks\n- **Finding**: `X-Content-Type-Options: nosniff` header not present\n- **Recommendation**: Add header to prevent MIME-sniffing\n  ```\n  X-Content-Type-Options: nosniff\n  ```\n\n### Scan Statistics\n\n- **Scan Date**: May 2, 2026\n- **Total Tools Run**: 8\u002F8 ✅\n- **Findings Discovered**: 5\n- **Critical Issues**: 0\n- **High Issues**: 0\n- **Medium Issues**: 2\n- **Low Issues**: 3\n- **Scan Duration**: ~45 seconds\n\nFor complete findings details, see [docs\u002FFINDINGS.md](docs\u002FFINDINGS.md)\n\n---\n\n## 🗺️ Roadmap\n\n### ✅ Completed (v1.0)\n- [x] Core ReAct agent implementation\n- [x] 8 security tools integrated\n- [x] Real-time terminal UI with Rich library\n- [x] Professional report generation\n- [x] NVIDIA NIM API integration\n- [x] Environment configuration system\n- [x] Ethical guidelines framework\n\n### 🔄 In Development (v1.1)\n- [ ] Multi-target batch scanning\n- [ ] Persistent finding database\n- [ ] Trend analysis and historical comparisons\n- [ ] Slack\u002FDiscord notifications\n- [ ] CI\u002FCD integration support\n- [ ] Extended tool set (15+ tools)\n\n### 🚀 Planned (v2.0)\n- [ ] Web dashboard for report visualization\n- [ ] SQLite database for finding history\n- [ ] Machine learning-based vulnerability prioritization\n- [ ] Integration with bug bounty platforms (HackerOne API)\n- [ ] Docker containerization\n- [ ] Multi-LLM support (Claude, GPT-4, etc.)\n- [ ] Advanced exploitation module (with proper safeguards)\n\n---\n\n## 👨‍💻 About the Developer\n\n**Pruthvi Raj**\n\n- 📍 Location: NIAT Aurora, Bhuvanagiri, Telangana, India\n- 🎓 Education: B.Tech 1st Year (2025-2029)\n- 🔐 Focus: Cybersecurity, AI, Ethical Hacking\n- 🐙 GitHub: [github.com\u002Fprutxvi](https:\u002F\u002Fgithub.com\u002Fprutxvi)\n- 📧 Email: pruthviraj73962@gmail.com\n\n### Motivation\n\nCyberSentry was created as part of a mission to democratize security auditing tools and demonstrate the power of combining AI reasoning with traditional security scanning. This project showcases how autonomous agents can make intelligent decisions about security testing strategies.\n\n### Vision\n\nTo develop tools that empower ethical hackers, security professionals, and organizations to assess and improve their security posture, while maintaining the highest standards of responsible disclosure and ethical conduct.\n\n---\n\n## ⚖️ Legal & Ethical Disclaimer\n\n**IMPORTANT: READ BEFORE USE**\n\n### Authorization Requirements\n\nCyberSentry is designed **ONLY for authorized security testing**. You MUST have explicit written permission from the website owner before running any scans.\n\n**Unauthorized access to computer systems is illegal.** Violations of the Computer Fraud and Abuse Act (CFAA) and similar laws worldwide can result in criminal charges.\n\n### Acceptable Use\n\n✅ DO:\n- Test only systems you own or have explicit written authorization to test\n- Use for educational purposes on authorized test environments\n- Participate in legitimate bug bounty programs\n- Help organizations identify and fix security issues\n- Responsibly disclose all findings to affected parties\n\n❌ DON'T:\n- Scan systems without authorization\n- Attempt to cause harm or disruption\n- Exploit vulnerabilities maliciously\n- Violate privacy laws (GDPR, CCPA, etc.)\n- Share or sell findings without consent\n\n### Disclaimer\n\nThe creators of CyberSentry assume no liability for misuse or damage caused by this tool. Users are solely responsible for complying with applicable laws and regulations. By using this tool, you agree to use it ethically and legally.\n\nFor complete ethical guidelines, see [DISCLAIMER.md](DISCLAIMER.md)\n\n---\n\n## 📄 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n**Copyright © 2026 Pruthvi Raj**\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and\u002For sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions...\n\n---\n\n## 🤝 Contributing\n\nContributions are welcome! Please note that this project is designed for ethical security testing. Any contributions should maintain the ethical standards outlined in [DISCLAIMER.md](DISCLAIMER.md).\n\nIf you find a bug or have a feature suggestion, please open an issue on GitHub.\n\n---\n\n## 📚 Additional Resources\n\n- [NVIDIA NIM Documentation](https:\u002F\u002Fdocs.nvidia.com\u002Fnim\u002F)\n- [Llama 3.1 Model Card](https:\u002F\u002Fwww.llama.com\u002F)\n- [OWASP Top 10 Web Application Risks](https:\u002F\u002Fowasp.org\u002Fwww-project-top-ten\u002F)\n- [NIST Cybersecurity Framework](https:\u002F\u002Fwww.nist.gov\u002Fcyberframework)\n- [Bug Bounty Resources](https:\u002F\u002Fwww.hacker101.com\u002F)\n\n---\n\n## 📞 Support\n\nFor issues, questions, or suggestions:\n1. Check [docs\u002FARCHITECTURE.md](docs\u002FARCHITECTURE.md) for technical details\n2. Review [docs\u002FFINDINGS.md](docs\u002FFINDINGS.md) for example output\n3. Open an issue on GitHub\n4. Contact the developer at your.email@example.com\n\n---\n\n**Built for cybersecurity education and ethical hacking**\n\n*Last Updated: May 3, 2026*\n","CyberSentry 是一个基于AI的自主网络安全审计代理，专为网站渗透测试和漏洞评估设计。该项目利用NVIDIA NIM平台上的Llama 3.1 70B大语言模型，通过ReAct循环架构实现智能决策，能够协调八个高级安全扫描工具进行工作。其核心功能包括自主决策能力、实时终端可视化界面以及集成多种安全检测工具如技术识别、HTTP头分析、SSL检查等，并能生成符合行业标准的安全审计报告。适用于需要自动化执行网络安全评估和增强防御策略的企业或个人开发者场景。",2,"2026-06-11 03:58:24","CREATED_QUERY"]