{"id":49060447,"url":"https://github.com/SHAdd0WTAka/Zen-Ai-Pentest","last_synced_at":"2026-05-04T00:01:50.064Z","repository":{"id":335371490,"uuid":"1145350046","full_name":"SHAdd0WTAka/Zen-Ai-Pentest","owner":"SHAdd0WTAka","description":"🛡⚔️AI-Powered Penetration Testing Framework with automated vulnerability scanning, multi-agent system, and compliance reporting🛡⚔️","archived":false,"fork":false,"pushed_at":"2026-04-20T08:38:36.000Z","size":92163,"stargazers_count":353,"open_issues_count":1,"forks_count":51,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-04-20T09:35:49.280Z","etag":null,"topics":["ai","automation","compliance","cybersecurity","ethical-hacking","framework","penetration-testing","pentesting","python","security","security-tools","vulnerability-scanner"],"latest_commit_sha":null,"homepage":"https://shadd0wtaka.github.io/Zen-Ai-Pentest/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SHAdd0WTAka.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":"audit/__init__.py","citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":"SUPPORT.md","governance":"GOVERNANCE.md","roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":"DCO.md","cla":null},"funding":{"custom":["https://www.buymeacoffee.com/SHAdd0WTAka","https://paypal.me/SHAdd0WTAka","https://github.com/SHAdd0WTAka/zen-ai-pentest/blob/master/CONTRIBUTORS.md#sponsors"]}},"created_at":"2026-01-29T17:54:27.000Z","updated_at":"2026-04-20T08:38:39.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/SHAdd0WTAka/Zen-Ai-Pentest","commit_stats":null,"previous_names":["shadd0wtaka/pentest-ai","shadd0wtaka/zen-ai-pentest"],"tags_count":21,"template":false,"template_full_name":null,"purl":"pkg:github/SHAdd0WTAka/Zen-Ai-Pentest","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SHAdd0WTAka%2FZen-Ai-Pentest","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SHAdd0WTAka%2FZen-Ai-Pentest/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SHAdd0WTAka%2FZen-Ai-Pentest/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SHAdd0WTAka%2FZen-Ai-Pentest/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SHAdd0WTAka","download_url":"https://codeload.github.com/SHAdd0WTAka/Zen-Ai-Pentest/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SHAdd0WTAka%2FZen-Ai-Pentest/sbom","scorecard":{"id":1242764,"data":{"date":"2026-01-31T21:25:57Z","repo":{"name":"github.com/SHAdd0WTAka/Zen-Ai-Pentest","commit":"9f8a406e069f8566ffb6244c306ce119d0301fe6"},"scorecard":{"version":"v4.13.1","commit":"49c0eed3a423f00c872b5c3c9f1bbca9e8aae799"},"score":4.6,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"4 out of 4 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":0,"reason":"found 4 unreviewed changesets out of 4 -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#code-review"}},{"name":"Contributors","score":6,"reason":"2 different organizations found -- score normalized to 6","details":["Info: contributors work for actions,shadowbrokersgmbh\u003c\u003c\u003c\u003cin_progress........perss:_strg+o_enter_strg+x"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":-1,"reason":"internal error: internal error: invalid GitHub workflow:\n:205:0: could not parse as YAML: yaml: line 205: did not find expected alphabetic or numeric character [syntax-check]","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: tool 'Dependabot' is used: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no PythonAtherisFuzzer integration found: Follow the steps in https://github.com/google/atheris to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no CLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no CppLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no SwiftLibFuzzer integration found: Follow the steps in https://google.github.io/oss-fuzz/getting-started/new-project-guide/swift-lang/ to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no RustCargoFuzzer integration found: Follow the steps in https://rust-fuzz.github.io/book/cargo-fuzz.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no JavaJazzerFuzzer integration found: Follow the steps in https://github.com/CodeIntelligenceTesting/jazzer to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project:\nQuickCheck: https://hackage.haskell.org/package/QuickCheck\nhedgehog: https://hedgehog.qa/\nvalidity: https://github.com/NorfairKing/validity\nsmallcheck: https://hackage.haskell.org/package/smallcheck\nhspec: https://hspec.github.io/\ntasty: https://hackage.haskell.org/package/tasty (High effort)","Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)","Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: License file found in expected location: LICENSE:1","Info: FSF or OSI recognized license: LICENSE:1"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#license"}},{"name":"Maintained","score":0,"reason":"repo was created 2 days ago, not enough maintenance history","details":["Warn: repo was created in the last 90 days (Created at: 2026-01-29T17:54:27Z), please review its contents carefully"],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"internal error: internal error: invalid GitHub workflow:\n:205:0: could not parse as YAML: yaml: line 205: did not find expected alphabetic or numeric character [syntax-check]","details":null,"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":-1,"reason":"internal error: internal error: invalid GitHub workflow:\n:205:0: could not parse as YAML: yaml: line 205: did not find expected alphabetic or numeric character [syntax-check]","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":-1,"reason":"internal error: invalid GitHub workflow:\n:205:0: could not parse as YAML: yaml: line 205: did not find expected alphabetic or numeric character [syntax-check]","details":["Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":["Warn: no GitHub releases found"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":-1,"reason":"internal error: internal error: invalid GitHub workflow:\n:205:0: could not parse as YAML: yaml: line 205: did not find expected alphabetic or numeric character [syntax-check]","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":0,"reason":"45 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-2mqj-m65w-jghx / PYSEC-2024-4","Warn: Project is vulnerable to: GHSA-cwvm-v4w8-q58c / PYSEC-2023-165","Warn: Project is vulnerable to: GHSA-hcpj-qp55-gfph / PYSEC-2022-42992","Warn: Project is vulnerable to: GHSA-pr76-5cm5-w9cj / PYSEC-2023-137","Warn: Project is vulnerable to: GHSA-wfm5-v35h-vwf4 / PYSEC-2023-161","Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7","Warn: Project is vulnerable to: GHSA-gmj6-6f8f-6699","Warn: Project is vulnerable to: GHSA-h5c8-rqwp-cp95","Warn: Project is vulnerable to: GHSA-h75v-3vvj-5mfj","Warn: Project is vulnerable to: GHSA-q2x7-8rv6-6q7h","Warn: Project is vulnerable to: GHSA-jw8x-6495-233v / PYSEC-2024-110","Warn: Project is vulnerable to: GHSA-g7vv-2v7x-gj9p","Warn: Project is vulnerable to: GHSA-983w-rhvv-gwmv","Warn: Project is vulnerable to: GHSA-2jv5-9r88-3w3p / PYSEC-2024-38","Warn: Project is vulnerable to: GHSA-59g5-xgcq-4qw3","Warn: Project is vulnerable to: GHSA-wp53-j4wj-2cfg","Warn: Project is vulnerable to: GHSA-3ww4-gg4f-jr7f","Warn: Project is vulnerable to: GHSA-6vqw-3v5j-54x4 / PYSEC-2024-225","Warn: Project is vulnerable to: GHSA-9v9h-cgj8-h64p","Warn: Project is vulnerable to: GHSA-cf7p-gm2m-833m / PYSEC-2023-112","Warn: Project is vulnerable to: GHSA-h4gh-qq45-vh27","Warn: Project is vulnerable to: GHSA-jfhm-5ghh-2f97 / PYSEC-2023-254","Warn: Project is vulnerable to: GHSA-jm77-qphf-c4w8","Warn: Project is vulnerable to: GHSA-v8gr-m533-ghj9","Warn: Project is vulnerable to: GHSA-79v4-65xg-pq4g","Warn: Project is vulnerable to: GHSA-mr82-8j83-vxmv","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-p5wg-g6qr-c7cg","Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg","Warn: Project is vulnerable to: GHSA-54jq-c3m8-4m76","Warn: Project is vulnerable to: GHSA-5h86-8mv2-jq9f / PYSEC-2024-24","Warn: Project is vulnerable to: GHSA-5m98-qgg9-wh84","Warn: Project is vulnerable to: GHSA-69f9-5gxw-wvc2","Warn: Project is vulnerable to: GHSA-6jhg-hg63-jvvf","Warn: Project is vulnerable to: GHSA-6mq8-rvhq-8wgg","Warn: Project is vulnerable to: GHSA-7gpw-8wmc-pm8g","Warn: Project is vulnerable to: GHSA-8495-4g3g-x7pr","Warn: Project is vulnerable to: GHSA-8qpw-xqxj-h4r2 / PYSEC-2024-26","Warn: Project is vulnerable to: GHSA-9548-qrrj-x5pj","Warn: Project is vulnerable to: GHSA-fh55-r93g-j68g","Warn: Project is vulnerable to: GHSA-g84x-mcqj-x9qq","Warn: Project is vulnerable to: GHSA-jj3x-wxrx-4x23","Warn: Project is vulnerable to: GHSA-mqqc-3gqh-h2x8"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2026-01-31T22:43:46.817Z","repository_id":335371490,"created_at":"2026-01-31T22:43:46.817Z","updated_at":"2026-01-31T22:43:46.817Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32589264,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-03T22:12:39.696Z","status":"ssl_error","status_checked_at":"2026-05-03T22:09:10.534Z","response_time":103,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","automation","compliance","cybersecurity","ethical-hacking","framework","penetration-testing","pentesting","python","security","security-tools","vulnerability-scanner"],"created_at":"2026-04-20T02:00:27.297Z","updated_at":"2026-05-04T00:01:50.053Z","avatar_url":"https://github.com/SHAdd0WTAka.png","language":"Python","funding_links":["https://www.buymeacoffee.com/SHAdd0WTAka","https://paypal.me/SHAdd0WTAka","https://github.com/SHAdd0WTAka/zen-ai-pentest/blob/master/CONTRIBUTORS.md#sponsors"],"categories":["Attack Techniques \u0026 Red Teaming","Pentest \u0026 Red Teaming Agents"],"sub_categories":["AI-Assisted Offensive Security"],"readme":"# Zen-AI-Pentest\n![Repository Status](docs/status/repo_status_card.svg)\n\n\u003e 🛡️ **Professional AI-Powered Penetration Testing Framework**\n\n[![Tests](https://github.com/SHAdd0WTAka/Zen-Ai-Pentest/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/SHAdd0WTAka/Zen-Ai-Pentest/actions)\n[![Coverage](https://img.shields.io/badge/coverage-10%25-yellow)](./COVERAGE_CORRECTION.md)\n[![Coveralls](https://coveralls.io/repos/github/SHAdd0WTAka/Zen-Ai-Pentest/badge.svg?branch=main)](https://coveralls.io/github/SHAdd0WTAka/Zen-Ai-Pentest?branch=main)\n[![Tests Count](https://img.shields.io/badge/tests-43k%2B-brightgreen)](./TESTING_MASSIVE_SCALE.md)\n[![Security Audit](https://img.shields.io/badge/security-audited-blue)](./SECURITY_AUDIT_REPORT_2026-03-20.md)\n[![Python 3.11+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)\n[![API Endpoints](https://img.shields.io/badge/API-48%20v1-blue)](https://zen-ai-pentest.pages.dev/)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/11957/badge)](https://www.bestpractices.dev/projects/11957)\n\n- **Guest Control**: Execute tools inside isolated VMs\n- **🆕 GitHub MCP Integration**: Model Context Protocol für GitHub\n- **🆕 QR Code Modal**: Schneller Zugriff via QR Codes\n- **🆕 Cloudflare Deployment**: Automatisches Deployment\n\n### 🌐 Live Demo\n- **Frontend**: [https://zen-ai-pentest.pages.dev](https://zen-ai-pentest.pages.dev/) - React Dashboard\n- **API**: [https://zen-ai-pentest.workers.dev](https://zen-ai-pentest.workers.dev/) - Cloudflare Workers API\n- **Health Check**: [https://zen-ai-health.aydinatakan.workers.dev/health](https://zen-ai-health.aydinatakan.workers.dev/health) - Worker Health Monitor\n- **Alpha Dashboard**: [https://03c8d80c.zen-alpha-pentest.pages.dev](https://03c8d80c.zen-alpha-pentest.pages.dev/) - Zen Alpha Pentest\n- **AI Analysis**: [https://v2-0.zen-ai-pentest.pages.dev/ai-analysis](https://v2-0.zen-ai-pentest.pages.dev/ai-analysis) - AI-Powered Analysis Interface\n- **Login**: `admin` / `admin` ( für Demo-Zwecke)\n\n### 🚀 Modern API \u0026 Backend\n- **FastAPI**: High-performance REST API\n- **PostgreSQL**: Persistent data storage\n- **WebSocket**: Real-time scan updates\n- **JWT Auth**: Role-based access control (RBAC)\n- **Background Tasks**: Async scan execution\n\n### 📊 Reporting \u0026 Notifications\n- **PDF Reports**: Professional findings reports\n- **HTML Dashboard**: Interactive web interface\n- **Slack/Email**: Instant notifications\n- **JSON/XML**: Integration with other tools\n\n### 🐳 Easy Deployment\n- **Docker Compose**: One-command full stack deployment\n- **CI/CD**: GitHub Actions pipeline\n- **Production Ready**: Optimized for enterprise use\n\n### 🆕 New in v3.0 (2026)\n- **🔐 GitHub MCP Server**: Secure Model Context Protocol integration\n- **💬 Global Chat**: AI-powered chat interface im Dashboard\n- **📱 Kimi Terminal**: Web-basierte CLI Integration\n- **🌉 Auth Bridge**: Lokale Kimi CLI Authentifizierung\n- **📶 Twitch Tunnel**: Kreative Tunnel-Lösung\n- **🤖 100 Agent POC**: Full-Stack Multi-Agent System\n- **🔗 Device Auth**: Sichere Geräte-Authentifizierung\n\n---\n\n## 🎯 Real Data Execution - No Mocks!\n\nZen-AI-Pentest executes **real security tools** - no simulations, no mocks, only actual tool execution:\n\n- ✅ **Nmap** - Real port scanning with XML output parsing\n- ✅ **Nuclei** - Real vulnerability detection with JSON output\n- ✅ **SQLMap** - Real SQL injection testing with safety controls\n- ✅ **FFuF** - Blazing fast web fuzzer\n- ✅ **WhatWeb** - Technology detection (900+ plugins)\n- ✅ **WAFW00F** - WAF detection (50+ signatures)\n- ✅ **Subfinder** - Subdomain enumeration\n- ✅ **HTTPX** - Fast HTTP prober\n- ✅ **Nikto** - Web vulnerability scanner\n- ✅ **Multi-Agent** - Researcher \u0026 Analyst agents cooperate\n- ✅ **Docker Sandbox** - Isolated tool execution for safety\n\n📖 **Enhanced Tools:** [README_ENHANCED_TOOLS.md](README_ENHANCED_TOOLS.md)\n\nAll tools run with **safety controls**:\n- Private IP blocking (protects internal networks)\n- Timeout management (prevents hanging)\n- Resource limits (CPU/memory constraints)\n- Read-only filesystems (Docker sandbox)\n\n📖 **Details:** [IMPLEMENTATION_SUMMARY.md](IMPLEMENTATION_SUMMARY.md)\n\n---\n\n## 🧪 Comprehensive Test Suite\n\nZen-AI-Pentest features a comprehensive test suite supporting robust development:\n\n| Metric | Value | Status |\n|--------|-------|--------|\n| **Test Files** | 1,145+ | ✅ Real |\n| **Total Tests** | 43,000+ | ✅ Verified |\n| **Coverage** | ~10% (measured) | ⚠️ Work in Progress |\n| **Target Coverage** | 80%+ | 🎯 Goal |\n\n⚠️ **Note**: While we have 43,000+ tests, our actual code coverage is ~10%. \nMany modules are in active development. See [COVERAGE_CORRECTION.md](COVERAGE_CORRECTION.md) for details.\n\n### Test Categories\n\n| Category | Count | Description |\n|----------|-------|-------------|\n| **Unit Tests** | 1,142 files | Component-level testing |\n| **Integration Tests** | 20+ files | End-to-end workflows |\n| **Security Tests** | 15+ files | SAST/DAST validation |\n| **Performance Tests** | 10+ files | Benchmarking suite |\n\n### Quick Test Commands\n\n```bash\n# Run all tests\npytest tests/ -v\n\n# With coverage report\npytest tests/ --cov=. --cov-report=html --cov-report=term\n\n# Unit tests only\npytest tests/unit/ -v\n\n# Integration tests\npytest tests/integration/ -v\n```\n\n📖 **Testing Docs**: [TESTING_MASSIVE_SCALE.md](TESTING_MASSIVE_SCALE.md) | [docs/TESTING.md](docs/TESTING.md)\n\n---\n\n## 🚀 Quick Start\n\n[![Version](https://img.shields.io/badge/Version-3.0.0-orange)](https://github.com/SHAdd0WTAka/zen-ai-pentest/releases)\n[![Python](https://img.shields.io/badge/Python-3.11%2B-blue)](https://python.org)\n[![Docker](https://img.shields.io/badge/Docker-Ready-blue?logo=docker)](docker/)\n[![CI](https://img.shields.io/badge/CI-Passing-brightgreen)](https://github.com/SHAdd0WTAka/Zen-Ai-Pentest/actions)\n[![Security](https://img.shields.io/badge/Security-Audited-brightgreen)](SECURITY_AUDIT_REPORT_2026-03-20.md)\n\n[![Discord](https://img.shields.io/badge/Discord-Join-7289DA?logo=discord\u0026logoColor=white)](https://discord.gg/BSmCqjhY)\n[![Docs](https://img.shields.io/badge/Docs-Complete-blue)](docs/)\n[![Roadmap](https://img.shields.io/badge/Roadmap-2026-blueviolet)](ROADMAP_2026.md)\n\n---\n\n## 📚 Table of Contents\n\n- [Overview](#-overview)\n- [Features](#-features)\n  - [For AI Agents](#-for-ai-agents)\n- [Quick Start](#-quick-start)\n- [Installation](#-installation)\n- [Usage](#-usage)\n- [Architecture](#-architecture)\n- [API Reference](#-api-reference)\n- [Project Structure](#-project-structure)\n- [Configuration](#-configuration)\n- [Secret Management](#-secret-management)\n- [Testing](#-testing)\n- [Docker Deployment](#-docker-deployment)\n- [Safety First](#-safety-first)\n- [Documentation](#-documentation)\n- [Contributing](#-contributing)\n- [Community \u0026 Support](#-community--support)\n- [License](#-license)\n\n---\n\n## 🎯 Overview\n\n**Zen-AI-Pentest** is an autonomous, AI-powered penetration testing framework that combines cutting-edge language models with professional security tools. Built for security professionals, bug bounty hunters, and enterprise security teams.\n\n```mermaid\n  graph TB\n      subgraph \"Client Interface\"\n          WebUI[🌐 Web UI]\n          CLI[💻 CLI]\n          API_Client[🔌 REST API]\n      end\n\n      subgraph \"API Gateway\"\n          FastAPI[FastAPI + WebSocket]\n          Auth[🔐 JWT/RBAC]\n          AgentMgr[🤖 Agent Manager]\n      end\n\n      subgraph \"Workflow Orchestrator\"\n          Guardrails[🛡️ Guardrails]\n          TaskQueue[📊 Task Queue]\n          RiskLevels[⚠️ Risk Levels 0-3]\n          VPN[🔒 VPN Check]\n          State[📈 State Machine]\n      end\n\n      subgraph \"Reporting\"\n          ReportGen[📝 Report Generator]\n      end\n\n      subgraph \"Agent Pool\"\n          Agent1[🤖 Agent #1]\n          Agent2[🤖 Agent #2]\n          AgentN[🤖 Agent #N]\n      end\n\n      subgraph \"Security Toolkit\"\n          Nmap[🔍 nmap]\n          Whois[📡 whois]\n          Dig[🌐 dig]\n          Nuclei[⚡ nuclei]\n          SQLMap[🎯 sqlmap]\n      end\n\n      subgraph \"Analysis \u0026 Reporting\"\n          Evidence[📋 Evidence Collection]\n          AttackPath[🗺️ Attack Path]\n          ChainOfCustody[🔗 Chain of Custody]\n          Compliance[📊 Compliance Mapping]\n          ReportTemplates[📄 Report Templates]\n          RiskScoring[🎯 Risk Scoring]\n      end\n\n      subgraph \"Data Layer\"\n          Postgres[🐘 PostgreSQL]\n          Redis[⚡ Redis Cache]\n          Storage[📁 File Storage]\n      end\n\n      WebUI --\u003e FastAPI\n      CLI --\u003e FastAPI\n      API_Client --\u003e FastAPI\n      FastAPI --\u003e Auth\n      Auth --\u003e AgentMgr\n      AgentMgr --\u003e Guardrails\n      Guardrails --\u003e TaskQueue\n      TaskQueue --\u003e RiskLevels\n      RiskLevels --\u003e VPN\n      VPN --\u003e State\n      State --\u003e Agent1\n      State --\u003e Agent2\n      State --\u003e AgentN\n      Agent1 --\u003e Nmap\n      Agent1 --\u003e Whois\n      Agent2 --\u003e Dig\n      Agent2 --\u003e Nuclei\n      AgentN --\u003e SQLMap\n      Nmap --\u003e Evidence\n      Whois --\u003e AttackPath\n      SQLMap --\u003e ChainOfCustody\n      State --\u003e ReportGen\n      ReportGen --\u003e ReportTemplates\n      ReportGen --\u003e Compliance\n      AttackPath --\u003e ReportTemplates\n      ChainOfCustody --\u003e RiskScoring\n      Compliance --\u003e Postgres\n      ReportTemplates --\u003e Storage\n      RiskScoring --\u003e Redis\n```\n\n### Key Highlights\n\n- 🤖 **AI-Powered**: Leverages state-of-the-art LLMs for intelligent decision making\n- 🔒 **Security-First**: Multiple safety controls and validation layers\n- 🚀 **Production-Ready**: Enterprise-grade with CI/CD, monitoring, and support\n- 📊 **Comprehensive**: 72+ integrated security tools ([Inventory](docs/TOOLS_INVENTORY.md))\n- 🔧 **Extensible**: Plugin system for custom tools and integrations\n- ☁️ **Cloud-Native**: Deploy on AWS, Azure, or GCP\n- 📱 **Quick Access**: Scan QR codes for instant mobile access\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"docs/qr_codes/index.html\"\u003e\n    \u003cimg src=\"docs/qr_codes/qr_grid_preview.png\" alt=\"QR Codes\" width=\"600\"\u003e\n  \u003c/a\u003e\n  \u003cbr\u003e\n  \u003csub\u003e☝️ Click to view all QR codes or scan with your phone!\u003c/sub\u003e\n\u003c/p\u003e\n\n---\n\n## ✨ Features\n\n### 🤖 Autonomous AI Agent\n- **ReAct Pattern**: Reason → Act → Observe → Reflect\n- **State Machine**: IDLE → PLANNING → EXECUTING → OBSERVING → REFLECTING → COMPLETED\n- **Memory System**: Short-term, long-term, and context window management\n- **Tool Orchestration**: Automatic selection and execution of 72+ pentesting tools\n- **Self-Correction**: Retry logic and adaptive planning\n- **Human-in-the-Loop**: Optional pause for critical decisions\n\n### 🎯 Risk Engine\n- **False Positive Reduction**: Multi-factor validation with Bayesian filtering\n- **Business Impact**: Financial, compliance, and reputation risk calculation\n- **CVSS/EPSS Scoring**: Industry-standard vulnerability assessment\n- **Priority Ranking**: Automated finding prioritization\n- **LLM Voting**: Multi-model consensus for accuracy\n\n### 🔒 Exploit Validation\n- **Sandboxed Execution**: Docker-based isolated testing\n- **Safety Controls**: 4-level safety system (Read-Only to Full)\n- **Evidence Collection**: Screenshots, HTTP captures, PCAP\n- **Chain of Custody**: Complete audit trail\n- **Remediation**: Automatic fix recommendations\n\n### 📊 Benchmarking\n- **Competitor Comparison**: vs PentestGPT, AutoPentest, Manual\n- **Test Scenarios**: HTB machines, OWASP WebGoat, DVWA\n- **Metrics**: Time-to-find, coverage, false positive rate\n- **Visual Reports**: Charts and statistical analysis\n- **CI Integration**: Automated regression testing\n\n### 🔗 CI/CD Integration\n- **GitHub Actions**: Native action support\n- **GitLab CI**: Pipeline integration\n- **Jenkins**: Plugin and pipeline support\n- **Output Formats**: JSON, JUnit XML, SARIF\n- **Notifications**: Slack, JIRA, Email alerts\n- **Exit Codes**: Pipeline-friendly status codes\n\n### 🧠 AI Persona System\n- **11 Specialized Personas**: Recon, Exploit, Report, Audit, Social, Network, Mobile, Red Team, ICS, Cloud, Crypto\n- **CLI Tool**: Interactive and one-shot modes (`k-recon`, `k-exploit`, etc.)\n- **REST API**: Flask-based API with WebSocket support\n- **Web UI**: Modern browser interface with screenshot analysis\n- **Context Preservation**: Multi-turn conversations with memory\n- **Screenshot Analysis**: Upload and analyze images with AI personas\n- **🆕 Global Chat**: Eingebetteter AI Chat im Dashboard (v3.0)\n- **🆕 Kimi Terminal**: Web-basierte Terminal-Integration (v3.0)\n\n### 📋 Evidence \u0026 Chain of Custody\n- **Tamper-Proof Collection**: Cryptographic signatures for all evidence\n- **Chain of Custody**: Complete audit trail for legal proceedings\n- **Multi-Format Export**: Screenshots, HTTP captures, PCAP files\n- **Court-Ready Reports**: ISO 27001 compliant documentation\n- **Signature Verification**: SHA-256 hashing with integrity checks\n\n### 📄 Report Generation\n- **Executive Reports**: High-level summaries for C-level executives\n- **Technical Reports**: Detailed findings with evidence and remediation\n- **Compliance Reports**: OWASP, ISO 27001, PCI DSS, NIST mappings\n- **Export Formats**: PDF, HTML, DOCX, JSON\n- **Professional Templates**: Customizable branding and layout\n\n### 🗺️ Attack Path Analysis\n- **Visual Graphs**: Interactive attack path visualization (Cytoscape.js)\n- **Entry Point Mapping**: Identify and track all entry vectors\n- **Crown Jewel Analysis**: Critical asset identification\n- **Attack Simulation**: Test exploitation paths without execution\n- **Risk Scoring**: Difficulty and impact assessment per path\n\n### 🛡️ Security Guardrails\n- **IP Validation** - Blocks private networks (10.x, 192.168.x, 172.16-31.x)\n- **Domain Filtering** - Prevents localhost/internal domain scanning\n- **Risk Levels** - 4 levels (SAFE → AGGRESSIVE) with tool restrictions\n- **Rate Limiting** - Prevents abuse\n\n### 🤖 Multi-Agent System\n- **Workflow Orchestrator** - Manages complex pentest workflows\n- **Task Distribution** - Assigns tasks to available agents\n- **Real-time Updates** - WebSocket communication\n- **Result Aggregation** - Collects and analyzes findings\n\n### 🔒 VPN Integration (Optional)\n- **ProtonVPN Support** - Native CLI integration\n- **Generic Detection** - Works with OpenVPN, WireGuard, etc.\n- **Safety Warnings** - Alerts when scanning without VPN\n- **Strict Mode** - Can require VPN for scans\n\n### 🐳 Docker Ready\n- **One-Command Deploy** - `docker-compose up -d`\n- **Isolated Environment** - All tools pre-installed\n- **Scalable** - Run multiple agents\n- **Production Ready** - Health checks \u0026 monitoring\n\n### 🛠️ 72+ Integrated Tools (v3.0)\n\n| Category | Tools |\n|----------|-------|\n| **Network** | Nmap, Masscan, Scapy, Tshark, tcpdump, netdiscover, arp-scan |\n| **Web** | BurpSuite, SQLMap, Gobuster, OWASP ZAP, FFuF, Nikto, WAFW00F, WhatWeb, Nuclei |\n| **Exploitation** | Metasploit Framework, SearchSploit |\n| **Brute Force** | Hydra, Hashcat, John, Ncrack |\n| **Reconnaissance** | Amass, Nuclei, TheHarvester, Subfinder, HTTPX, Sherlock, Ignorant, Scout |\n| **Active Directory** | BloodHound, NetExec, Responder, ldapsearch, enum4linux |\n| **Wireless** | Aircrack-ng Suite (aircrack-ng, airmon-ng, airodump-ng, aireplay-ng) |\n| **OSINT** | Sherlock, Ignorant, TheHarvester, Scout |\n| **Code Analysis** | Semgrep, TruffleHog, Gitleaks, Bandit |\n| **Container** | Trivy, Docker, Kubectl |\n| **System** | Netcat, Socat, OpenSSL, Proxychains, Tor |\n\n### 🔍 Subdomain Scanner\n- **Multi-Technique Enumeration**: DNS, Wordlist, Certificate Transparency\n- **Advanced Techniques**: Zone Transfer (AXFR), Permutation/Mangling\n- **OSINT Integration**: VirusTotal, AlienVault OTX, BufferOver\n- **IPv6 Support**: AAAA record enumeration\n- **Technology Detection**: Automatic fingerprinting of live hosts\n- **Export Formats**: JSON, CSV, TXT\n- **REST API**: Async and sync scanning endpoints\n- **CLI Tools**: Standalone scanner with comprehensive options\n\n### 🤖 For AI Agents\n- **[AGENTS.md](AGENTS.md)** - Essential guide for AI development partners\n- **Real Tool Execution** - No mocks, actual security tools\n- **Multi-Agent System** - Researcher, Analyst, Exploit agents\n- **Safety Controls** - 4-level sandbox system\n- **Architecture Guide** - Complete system overview\n\n### 🔔 Notifications \u0026 Integrations\n- **Telegram Bot**: @Zenaipenbot - Instant CI/CD notifications\n- **Discord Integration**: Automated channel updates \u0026 GitHub webhooks\n- **Slack/Email**: Enterprise notification support\n- **GitHub Actions**: Native workflow integration\n- **QR Code Gallery**: Quick access to all resources\n\n### ☁️ Multi-Cloud \u0026 Virtualization\n- **Local**: VirtualBox VM Management\n- **Cloud**: AWS EC2, Azure VMs, Google Cloud Compute\n- **Snapshots**: Automated clean-state workflows\n\n---\n\n## 🚀 Quick Start\n\n### Option 1: Docker (Recommended)\n\n```bash\n# Clone repository\ngit clone https://github.com/SHAdd0WTAka/zen-ai-pentest.git\ncd zen-ai-pentest\n\n# Copy and configure environment\ncp .env.example .env\n# Edit .env with your settings\n\n# Start full stack\ndocker-compose up -d\n\n# Access:\n# Dashboard: http://localhost:3000\n# API Docs:  http://localhost:8000/docs\n# API:       http://localhost:8000\n```\n\n### Option 2: Local Installation\n\n```bash\n# Install dependencies\npip install -r requirements.txt\n\n# Initialize database\npython database/models.py\n\n# Start API server\npython api/main.py\n\n# Run subdomain scan\npython scan_target_subdomains.py\n\n# Or use the advanced CLI\npython tools/subdomain_enum.py example.com --advanced\n```\n\n### Option 3: AI Personas Quick Start\n\n```bash\n# Start the AI Personas API \u0026 Web UI\nbash api/QUICKSTART.sh\n\n# Or manually:\nbash api/manage.sh start\n# Open http://127.0.0.1:5000\n\n# CLI Usage\nsource tools/setup_aliases.sh\nk-recon \"Target: example.com\"\nk-exploit \"Write SQLi scanner\"\nk-chat  # Interactive mode\n```\n\n### Option 4: VirtualBox VM Setup\n\n```bash\n# Automated Kali Linux setup\npython scripts/setup_vms.py --kali\n\n# Manual setup\n# See docs/setup/VIRTUALBOX_SETUP.md\n```\n\n---\n\n## 📖 Installation\n\nFor detailed installation instructions, see:\n- **[Docker Installation](docs/INSTALLATION.md#quick-start-docker)**\n- **[Local Installation](docs/INSTALLATION.md#local-installation)**\n- **[Production Deployment](docs/INSTALLATION.md#production-deployment)**\n- **[VirtualBox Setup](docs/setup/VIRTUALBOX_SETUP.md)**\n\n---\n\n## 💻 Usage\n\n### Python API\n\n```python\nfrom agents.react_agent import ReActAgent, ReActAgentConfig\n\n# Configure agent\nconfig = ReActAgentConfig(\n    max_iterations=10,\n    use_vm=True,\n    vm_name=\"kali-pentest\"\n)\n\n# Create agent\nagent = ReActAgent(config)\n\n# Run autonomous scan\nresult = agent.run(\n    target=\"example.com\",\n    objective=\"Comprehensive security assessment\"\n)\n\n# Generate report\nprint(agent.generate_report(result))\n```\n\n### REST API\n\n```bash\n# Authentication\ncurl -X POST http://localhost:8000/auth/login \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"username\":\"admin\",\"password\":\"admin\"}'\n\n# Create scan\ncurl -X POST http://localhost:8000/scans \\\n  -H \"Authorization: Bearer $TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"name\":\"Network Scan\",\"target\":\"192.168.1.0/24\",\"scan_type\":\"network\",\"config\":{\"ports\":\"top-1000\"}}'\n\n# Execute tool\ncurl -X POST http://localhost:8000/tools/execute \\\n  -H \"Authorization: Bearer $TOKEN\" \\\n  -d '{\"tool_name\":\"nmap_scan\",\"target\":\"scanme.nmap.org\",\"parameters\":{\"ports\":\"22,80,443\"}}'\n\n# Generate report\ncurl -X POST http://localhost:8000/reports \\\n  -H \"Authorization: Bearer $TOKEN\" \\\n  -d '{\"scan_id\":1,\"format\":\"pdf\",\"template\":\"default\"}'\n```\n\n### WebSocket (Real-Time)\n\n```javascript\nconst ws = new WebSocket(\"ws://localhost:8000/ws/scans/1\");\n\nws.onmessage = (event) =\u003e {\n  const data = JSON.parse(event.data);\n  console.log(\"Scan update:\", data);\n};\n```\n\n---\n\n## 🏗️ System Architecture\n\n```\n┌─────────────────────────────────────────────────────────────────────┐\n│                         CLIENT INTERFACE                            │\n├─────────────────────────────────────────────────────────────────────┤\n│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐              │\n│  │   🌐 Web UI  │  │   💻 CLI     │  │   🔌 API     │              │\n│  │   (React)    │  │   (Python)   │  │   (REST)     │              │\n│  │   Cloudflare │  │              │  │   WebSocket  │              │\n│  │   Pages      │  │              │  │              │              │\n│  └──────┬───────┘  └──────┬───────┘  └──────┬───────┘              │\n└─────────┼─────────────────┼─────────────────┼───────────────────────┘\n          │                 │                 │\n          └─────────────────┼─────────────────┘\n                            │ HTTPS / JWT\n                            ▼\n┌─────────────────────────────────────────────────────────────────────┐\n│                         API GATEWAY                                 │\n│                    FastAPI + WebSocket                              │\n│  ┌──────────────┐ ┌──────────────┐ ┌──────────────┐                │\n│  │   🔐 Auth    │ │   📋 Work-   │ │   🤖 Agent   │                │\n│  │   (JWT/RBAC) │ │   flow API   │ │   Manager    │                │\n│  └──────────────┘ └──────────────┘ └──────────────┘                │\n└─────────────────────────┬───────────────────────────────────────────┘\n                          │\n                          ▼\n┌─────────────────────────────────────────────────────────────────────┐\n│                    WORKFLOW ORCHESTRATOR                            │\n├─────────────────────────────────────────────────────────────────────┤\n│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐              │\n│  │   🛡️         │  │   📊 Task    │  │   ⚠️ Risk    │              │\n│  │   Guardrails │  │   Queue      │  │   Levels     │              │\n│  │   (IP/Domain │  │              │  │   (0-3)      │              │\n│  │   Filter)    │  │              │  │              │              │\n│  └──────────────┘  └──────────────┘  └──────────────┘              │\n│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐              │\n│  │   🔒 VPN     │  │   📈 State   │  │   📝 Report  │              │\n│  │   Check      │  │   Machine    │  │   Generator  │              │\n│  └──────────────┘  └──────────────┘  └──────────────┘              │\n└─────────────────────────┬───────────────────────────────────────────┘\n                          │ WebSocket + Task Distribution\n                          ▼\n┌─────────────────────────────────────────────────────────────────────┐\n│                         AGENT POOL                                  │\n├─────────────────────────────────────────────────────────────────────┤\n│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐              │\n│  │   🤖 Agent   │  │   🤖 Agent   │  │   🤖 Agent   │              │\n│  │   #1         │  │   #2         │  │   #N         │              │\n│  │   (Docker)   │  │   (Docker)   │  │   (Docker)   │              │\n│  └──────┬───────┘  └──────┬───────┘  └──────┬───────┘              │\n└─────────┼─────────────────┼─────────────────┼───────────────────────┘\n          │                 │                 │\n          ▼                 ▼                 ▼\n┌─────────────────────────────────────────────────────────────────────┐\n│                      SECURITY TOOLKIT                               │\n├─────────────────────────────────────────────────────────────────────┤\n│  ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐  │\n│  │   🔍     │ │   📡     │ │   🌐     │ │   ⚡     │ │   🎯     │  │\n│  │   nmap   │ │  whois   │ │   dig    │ │  nuclei  │ │  sqlmap  │  │\n│  │          │ │          │ │          │ │          │ │          │  │\n│  └──────────┘ └──────────┘ └──────────┘ └──────────┘ └──────────┘  │\n└─────────────────────────────────────────────────────────────────────┘\n          │                 │                 │\n          ▼                 ▼                 ▼\n┌─────────────────────────────────────────────────────────────────────┐\n│                    ANALYSIS \u0026 REPORTING LAYER                       │\n├─────────────────────────────────────────────────────────────────────┤\n│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐              │\n│  │   📋         │  │   🗺️         │  │   🔗         │              │\n│  │   Evidence   │  │   Attack     │  │   Chain of   │              │\n│  │   Collection │  │   Path       │  │   Custody    │              │\n│  └──────────────┘  └──────────────┘  └──────────────┘              │\n│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐              │\n│  │   📊         │  │   📄         │  │   🎯         │              │\n│  │   Compliance │  │   Report     │  │   Risk       │              │\n│  │   Mapping    │  │   Templates  │  │   Scoring    │              │\n│  └──────────────┘  └──────────────┘  └──────────────┘              │\n└─────────────────────────┬───────────────────────────────────────────┘\n                          │\n                          ▼\n┌─────────────────────────────────────────────────────────────────────┐\n│                         DATA LAYER                                  │\n├─────────────────────────────────────────────────────────────────────┤\n│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐              │\n│  │   🐘 Postgre │  │   ⚡ Redis   │  │   📁 File    │              │\n│  │   SQL        │  │   Cache      │  │   Storage    │              │\n│  │   (State)    │  │   (Queue)    │  │   (Reports)  │              │\n│  └──────────────┘  └──────────────┘  └──────────────┘              │\n└─────────────────────────────────────────────────────────────────────┘\n```\n\n### 🆕 New Features (2026)\n\n| Feature | Description | Status |\n|---------|-------------|--------|\n| **📋 Evidence Collection** | Tamper-proof evidence with cryptographic signatures | ✅ Live |\n| **📊 Attack Path Analysis** | Visual attack graphs from entry points to crown jewels | ✅ Live |\n| **📄 Report Generator** | Executive, Technical \u0026 Compliance reports (PDF/HTML/JSON) | ✅ Live |\n| **🔗 Chain of Custody** | Complete audit trail for legal proceedings | ✅ Live |\n| **🧪 43,000+ Tests** | Comprehensive test suite with CI/CD | ✅ Passing |\n| **☁️ Cloudflare Pages** | Global CDN deployment | ✅ Live |\n\n### 🔄 CI/CD Pipeline\n\n```\n┌─────────────────────────────────────────────────────────────────────┐\n│                      GITHUB ACTIONS WORKFLOW                        │\n├─────────────────────────────────────────────────────────────────────┤\n│                                                                     │\n│  Push/PR ──► ┌──────────┐ ──► ┌──────────┐ ──► ┌──────────┐        │\n│              │  Tests   │     │ Codecov │     │ Security │        │\n│              └──────────┘     └──────────┘     └──────────┘        │\n│              └──────────┘     └──────────┘     └──────────┘        │\n│                                    │                                │\n│                                    ▼                                │\n│                            ┌──────────────┐                        │\n│                            │ Codecov.io   │                        │\n│                            │ Codecov     │                        │\n│                            │ Reporting    │                        │\n│                            └──────────────┘                        │\n│                                                                     │\n│  Frontend Build ──► ┌──────────────┐ ──► ┌──────────────────┐     │\n│                     │ Cloudflare   │     │ Global Deploy    │     │\n│                     │ Pages Build  │     │ zen-ai-pentest   │     │\n│                     └──────────────┘     │ .pages.dev       │     │\n│                                          └──────────────────┘     │\n└─────────────────────────────────────────────────────────────────────┘\n```\n\n📊 **Coverage Reports:** [codecov.io/gh/SHAdd0WTAka/Zen-Ai-Pentest](https://codecov.io/gh/SHAdd0WTAka/Zen-Ai-Pentest)\n\nFor detailed architecture documentation, see [docs/architecture.md](docs/architecture.md).\n\n---\n\n## 📡 API Reference\n\n- **[API Documentation](docs/API.md)** - Complete REST API reference\n- **[WebSocket API](docs/API.md#websocket)** - Real-time updates\n- **[Authentication](docs/API.md#authentication)** - Security and auth\n\n---\n\n## 📁 Project Structure\n\n```\nzen-ai-pentest/\n├── api/                   # FastAPI Backend (main.py, auth.py, websocket.py)\n├── agents/                # AI Agents (react_agent.py, react_agent_vm.py)\n├── autonomous/            # ReAct Loop (agent_loop.py, exploit_validator.py, memory.py)\n├── tools/                 # 72+ Security Tools\n│   ├── Network: nmap, masscan, scapy, tshark, tcpdump, netdiscover, arp-scan\n│   ├── Web: nuclei, sqlmap, nikto, zap, burpsuite, ffuf, gobuster, wafw00f, whatweb\n│   ├── Recon: subfinder, amass, httpx, theharvester, subdomain_scan, unified_recon\n│   ├── AD: bloodhound, netexec, responder, ldapsearch, enum4linux, rpcclient, smbclient\n│   ├── OSINT: sherlock, scout, ignorant\n│   ├── Secrets: trufflehog, gitleaks, trivy\n│   ├── Wireless: aircrack-ng, airmon-ng, airodump-ng, aireplay-ng\n│   ├── Brute Force: hydra, hashcat, john, ncrack\n│   ├── Code: semgrep, bandit\n│   ├── Cloud/Container: docker, kubectl\n│   ├── AI/Kimi: kimi_cli, kimi_helper, update_personas\n│   └── Core: tool_caller, tool_registry\n├── risk_engine/           # Risk Analysis (cvss.py, epss.py, false_positive_engine.py)\n├── benchmarks/            # Performance Testing\n├── integrations/          # CI/CD (github, gitlab, slack, jira, jenkins)\n├── database/              # PostgreSQL Models\n├── gui/                   # React Dashboard\n├── reports/               # PDF/HTML/JSON Generator\n├── notifications/         # Alerts (slack, email)\n├── docker/                # Deployment configs\n├── docs/                  # Documentation (ARCHITECTURE.md, INSTALLATION.md, API.md, setup/)\n├── tests/                 # Test Suite (43,000+ tests)\n└── scripts/               # Setup Scripts\n```\n\n---\n\n## 🔧 Configuration\n\nZen-AI-Pentest supports **two approaches** for managing configuration and secrets. Choose the one that fits your security requirements:\n\n| Approach | Best For | Security Level | Setup Complexity |\n|----------|----------|----------------|------------------|\n| **🛡️ Obsidian Vault** (Recommended) | Production, Teams | ⭐⭐⭐⭐⭐ High | Medium |\n| **📄 .env File** | Development, Quick Start | ⭐⭐⭐ Medium | Easy |\n\n---\n\n### 🛡️ Option 1: Obsidian Vault (Recommended)\n\nStore secrets securely in an encrypted Obsidian vault with MCP integration. Secrets never touch your codebase.\n\n```bash\n# 1. Setup Obsidian Secrets Vault\nbash mcp/obsidian/setup.sh\n\n# 2. Edit your secrets\ncode ~/Documents/Obsidian\\ Vault/Secrets/secrets.yaml\n\n# 3. Reload VS Codium\nCtrl+Shift+P → Developer: Reload Window\n```\n\n**Vault Structure:**\n```yaml\n# ~/Documents/Obsidian Vault/Secrets/secrets.yaml\nkimi:\n  api_key: \"sk-your-kimi-api-key\"\n\nopenai:\n  api_key: \"sk-your-openai-key\"\n\ndatabase:\n  url: \"postgresql://postgres:pass@localhost:5432/zen_pentest\"\n\nnotifications:\n  slack_webhook: \"https://hooks.slack.com/...\"\n```\n\n**Benefits:**\n- 🔐 Encrypted at rest (Obsidian encryption)\n- 🚫 Never committed to Git\n- 🤖 AI-assisted via MCP server\n- 🔄 Hot-reload without restart\n- 🔒 **100% Local Processing** - Secrets never leave your machine\n\n🔑 **Security Guarantees:**\n\u003e Your secrets are **never sent to external servers**. All operations happen exclusively on your local system.\n\u003e\n\u003e We **cannot access your secrets** - the private key resides only on your system.\n\u003e\n\u003e **Open Source**: You can audit the code at any time.\n\n📖 **Full Vault Docs**: [mcp/obsidian/README.md](mcp/obsidian/README.md) | [Detailed Architecture](docs/SECRETS_ARCHITECTURE.md)\n\n---\n\n### 📄 Option 2: Environment Variables (.env)\n\nQuick setup for development using a local `.env` file.\n\n```bash\n# 1. Copy example file\ncp .env.example .env\n\n# 2. Edit with your secrets\nnano .env\n\n# 3. Load environment\nsource .env\n```\n\n**Example `.env`:**\n```env\n# Database\nDATABASE_URL=postgresql://postgres:password@localhost:5432/zen_pentest\n\n# Security\nSECRET_KEY=your-secret-key-here\nJWT_EXPIRATION=3600\n\n# AI Providers (Kimi AI recommended)\nKIMI_API_KEY=your-kimi-api-key\nDEFAULT_BACKEND=kimi\nDEFAULT_MODEL=kimi-k2.5\n\n# Alternative Backends (optional)\n# OPENAI_API_KEY=sk-...\n# ANTHROPIC_API_KEY=sk-ant-...\n# OPENROUTER_API_KEY=...\n\n# Notifications\nSLACK_WEBHOOK_URL=https://hooks.slack.com/...\nSMTP_HOST=smtp.gmail.com\n\n# Cloud Providers\nAWS_ACCESS_KEY_ID=AKIA...\nAZURE_SUBSCRIPTION_ID=...\n```\n\n⚠️ **Important**: Add `.env` to your `.gitignore`!\n```gitignore\n.env\n.env.local\n.env.*.local\n```\n\nSee `.env.example` for all available options.\n\n---\n\n### 🔄 Switching Between Options\n\nYou can switch between Vault and `.env` at any time:\n\n```bash\n# Check current configuration\npython3 -c \"from core.config import settings; print(settings.secret_source)\"\n\n# Force reload from Vault\nexport USE_VAULT=true\n\n# Force reload from .env\nexport USE_ENV_FILE=true\n```\n\n---\n\n## 🔐 Secret Management\n\nZen-AI-Pentest uses **Obsidian MCP Server** for secure credential management. All secrets are stored locally in an encrypted Obsidian vault - never in the repository.\n\n### 🚀 Quick Setup\n\n```bash\n# 1. Setup Obsidian Secrets Vault\nbash mcp/obsidian/setup.sh\n\n# 2. Edit your secrets\ncode ~/Documents/Obsidian\\ Vault/Secrets/secrets.yaml\n\n# 3. Reload VS Codium\nCtrl+Shift+P → Developer: Reload Window\n```\n\n### 🎯 Benefits\n\n| Feature | Benefit |\n|---------|---------|\n| **Obsidian Encryption** | Secrets remain secure even if laptop is stolen |\n| **No Secrets in Git** | No panic when pushing to GitHub |\n| **Local MCP Server** | No transmission to external servers |\n| **Separation of Concerns** | Clean architecture - code vs credentials |\n\n### 📁 Supported Secrets\n\n- **AI Providers**: Kimi, OpenAI, Anthropic, Gemini, OpenRouter\n- **Cloud**: AWS, Azure, GCP credentials\n- **Database**: PostgreSQL, Redis passwords\n- **Security**: JWT secrets, encryption keys\n- **Notifications**: Slack, Discord, Email SMTP\n- **VPN**: ProtonVPN, OpenVPN, WireGuard\n\n### 🔌 MCP Integration\n\nAccess secrets directly in chat:\n\n```json\n{\n  \"mcpServers\": {\n    \"obsidian-secrets\": {\n      \"command\": \"python3\",\n      \"args\": [\"mcp/obsidian/server.py\"]\n    }\n  }\n}\n```\n\n📖 **Full Documentation**: [mcp/obsidian/README.md](mcp/obsidian/README.md)\n\n---\n\n⚠️ **Important**: Ensure your `.gitignore` includes:\n```gitignore\n.env\n.env.load.sh\n*.key\n*.pem\nsecrets.yaml\nsecrets.json\n.obsidian/  # If Obsidian config is also sensitive\n```\n\n---\n\n## 🧪 Testing\n\n### 📊 Test Suite Overview\n\n| Category | Count | Status |\n|----------|-------|--------|\n| **Total Test Files** | 1,145+ | ✅ Organized |\n| **Total Tests** | 43,000+ | ✅ Verified |\n| **Coverage** | **10%** | ⚠️ Improving |\n| **CI/CD** | GitHub Actions | ✅ Automated |\n\n### 🗂️ Test Structure\n\n```\ntests/\n├── unit/                       # Unit tests for individual components\n│   ├── core/                  # Core framework tests\n│   ├── api/                   # API endpoint tests\n│   ├── database/              # Database model tests\n│   ├── tools/                 # Security tool integration tests\n│   └── agents/                # Agent behavior tests\n├── integration/               # Integration tests\n├── security/                  # Security \u0026 DAST tests\n├── test_working_final.py      # Core test suite\n└── test_performance_100_agents.py      # Performance tests\n```\n\n### 📈 Coverage Highlights\n\n| Module | Coverage | Status |\n|--------|----------|--------|\n| `core/orchestrator.py` | 84.42% | ✅ |\n| `database/models.py` | 87.97% | ✅ |\n| `api/main.py` | 38% | ⚠️ Improving |\n| **Total** | **10%** | 🎯 Target: 80% |\n\n### 🚀 Running Tests\n\n```bash\n# Run all tests\npytest tests/ -v\n\n# With coverage\npytest tests/ --cov=. --cov-report=html --cov-report=term\n\n# Unit tests only\npytest tests/unit/ -v\n\n# Integration tests\npytest tests/integration/ -v\n\n# Security tests\npytest tests/security/ -v\n\n# Exclude slow tests\npytest tests/ -m \"not slow\" -v\n\n# Frontend tests (React/Vite)\ncd web_ui/frontend \u0026\u0026 npm test\n```\n\n### 📈 Codecov Report\n\n- **HTML Report**: `htmlcov/index.html`\n- **Codecov Integration**: [codecov.io/gh/SHAdd0WTAka/zen-ai-pentest](https://codecov.io/gh/SHAdd0WTAka/zen-ai-pentest)\n- **CI Badge**: ![Tests](https://github.com/SHAdd0WTAka/Zen-Ai-Pentest/workflows/tests.yml/badge.svg)\n\n---\n\n## 🐳 Docker Deployment\n\n### Quick Setup (WSL2 + Docker)\n\nWir empfehlen Docker in WSL2 (Ubuntu) für die beste Performance:\n\n**Option 1: Automatisches Setup**\n```bash\n# Windows: Setup-Launcher starten\nscripts\\docker-setup.bat\n\n# Oder direkt in Ubuntu WSL:\n./scripts/setup_docker_wsl2.sh\n```\n\n**Option 2: Docker Desktop (Windows)**\n```powershell\n# PowerShell als Administrator:\npowershell -ExecutionPolicy Bypass -File scripts/setup_docker_windows.ps1\n```\n\n📖 **[Komplette Docker + WSL2 Anleitung](DOCKER_WSL2_SETUP.md)** - Detaillierte Schritte für beide Optionen\n\n### Full Stack Starten\n\n```bash\n# Nach Docker-Installation:\ndocker-compose up -d\n\n# Check status\ndocker-compose ps\n\n# View logs\ndocker-compose logs -f api\n\n# Scale agents\ndocker-compose up -d --scale agent=3\n```\n\n### Services\n\n| Service | Port | Description |\n|---------|------|-------------|\n| API | 8000 | FastAPI server |\n| PostgreSQL | 5432 | Database |\n| Redis | 6379 | Cache |\n| Agent | - | Pentest agent |\n\n📖 **[Complete Docker Guide](DOCKER.md)**\n\n---\n\n## ☁️ Cloudflare Pages Deployment\n\n### 🚀 Live Deployment\n\nDie React Frontend ist automatisch auf Cloudflare Pages deployed:\n\n| Environment | URL | Status |\n|-------------|-----|--------|\n| **Production** | [https://dde4fab5.zen-ai-pentest.pages.dev](https://dde4fab5.zen-ai-pentest.pages.dev/) | ✅ Live |\n| **Dashboard** | [https://dde4fab5.zen-ai-pentest.pages.dev/dashboard](https://dde4fab5.zen-ai-pentest.pages.dev/dashboard) | ✅ Ready |\n| **Login** | `/login` | ✅ Demo Mode |\n\n### 🔄 Automated Deployment\n\nJeder Push auf `main` branch:\n1. **Build**: Cloudflare Pages baut automatisch\n2. **Test**: GitHub Actions laufen\n3. **Deploy**: Global CDN deployment (200+ Edge Locations)\n4. **Live**: ~2 Minuten nach Push\n\n### 🛠️ Manual Deployment\n\n```bash\n# Frontend bauen\ncd web_ui/frontend\nnpm install\nnpm run build\n\n# Oder mit Wrangler CLI\nnpx wrangler pages deploy dist/\n```\n\n### 🌍 Global CDN\n\n- **200+ Edge Locations** weltweit\n- **DDoS Protection** durch Cloudflare\n- **HTTPS by Default** mit automatischen Zertifikaten\n- **Instant Cache Invalidation**\n\n---\n\n## 🛡️ Safety First\n\n### Default Protections\n\n- ✅ **Private IP Blocking** - Prevents scanning 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16\n- ✅ **Loopback Protection** - Blocks 127.x.x.x and ::1\n- ✅ **Local Domain Filter** - Prevents .local, .internal, localhost\n- ✅ **Risk Level Control** - Restricts tools by safety level\n- ✅ **Rate Limiting** - Prevents abuse\n\n### Risk Levels\n\n| Level | Tools | Description |\n|-------|-------|-------------|\n| **SAFE (0)** | whois, dns, subdomain | Reconnaissance only |\n| **NORMAL (1)** | + nmap, nuclei | Standard scanning |\n| **ELEVATED (2)** | + sqlmap, exploit | Light exploitation |\n| **AGGRESSIVE (3)** | + pivot, lateral | Full exploitation |\n\n⚠️ **Always ensure you have authorization before scanning!**\n\n---\n\n## 📚 Documentation\n\n| Document | Description |\n|----------|-------------|\n| [docs/DEPLOYMENT.md](docs/DEPLOYMENT.md) | Deployment guide |\n| [docs/BENCHMARK_STATUS.md](docs/BENCHMARK_STATUS.md) | Benchmark results |\n| [docs/SECURITY_AUDIT.md](docs/SECURITY_AUDIT.md) | Security audit report |\n| [docs/PERFORMANCE.md](docs/PERFORMANCE.md) | Performance characteristics |\n| [DOCKER.md](DOCKER.md) | Docker deployment guide |\n| [GUARDRAILS.md](GUARDRAILS.md) | Security guardrails documentation |\n| [GUARDRAILS_INTEGRATION.md](GUARDRAILS_INTEGRATION.md) | Guardrails integration guide |\n| [VPN_INTEGRATION.md](VPN_INTEGRATION.md) | VPN setup and usage |\n| [DEMO_E2E.md](DEMO_E2E.md) | End-to-end demo documentation |\n| [AGENTS.md](AGENTS.md) | Agent development guide |\n\n---\n\n## 🤝 Contributing\n\nWe welcome contributions! Please see:\n- **[CONTRIBUTING.md](CONTRIBUTING.md)** - Contribution guidelines\n- **[CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md)** - Community standards\n- **[CONTRIBUTORS.md](CONTRIBUTORS.md)** - Our amazing contributors\n\nQuick start:\n1. Fork the repository\n2. Create feature branch (`git checkout -b feature/amazing-feature`)\n3. Commit changes (`git commit -m 'Add amazing feature'`)\n4. Push to branch (`git push origin feature/amazing-feature`)\n5. Open Pull Request\n\n---\n\n## 🌐 Community \u0026 Support\n\nJoin our growing community!\n\n### Quick Links\n\n| Platform | Link | QR Code |\n|----------|------|---------|\n| 💬 **GitHub** | [github.com/SHAdd0WTAka/Zen-Ai-Pentest](https://github.com/SHAdd0WTAka/Zen-Ai-Pentest) | [📱 Scan](docs/qr_codes/01_github_repo.png) |\n| 🎮 **Discord** | [discord.gg/zJZUJwK9AC](https://discord.gg/zJZUJwK9AC) | [📱 Scan](docs/qr_codes/02_discord.png) |\n| 🌐 **Website** | [zen-ai-pentest.pages.dev](https://dde4fab5.zen-ai-pentest.pages.dev/) | [📱 Scan](docs/qr_codes/03_website.png) |\n| 📊 **Dashboard** | [pages.dev/dashboard](https://dde4fab5.zen-ai-pentest.pages.dev/dashboard) | [📱 Scan](docs/qr_codes/04_dashboard.png) |\n\n### 📱 All QR Codes\nView our complete QR code gallery: [docs/qr_codes/index.html](docs/qr_codes/index.html)\n\n### 💬 Discord Server \"Zen-Ai\"\n**Fully configured with 11 channels:**\n- 📢 #announcements\n- 📜 #rules\n- 💬 #general\n- 👋 #introductions\n- 📚 #knowledge-base\n- 🤖 #tools-automation\n- 🔒 #security-research\n- 🧠 #ai-ml-discussion\n- 🐛 #bug-reports\n- 💡 #feature-requests\n- 🆘 #support\n\n### 📧 Support\n- 📖 **[Documentation](docs/)** - Comprehensive guides\n- 🐛 **[Issue Tracker](https://github.com/SHAdd0WTAka/zen-ai-pentest/issues)** - Bug reports\n- 📧 **[Email](mailto:support@zen-ai-pentest.dev)** - Direct contact\n\nSee [SUPPORT.md](SUPPORT.md) for detailed support options.\n\n---\n\n## ⚠️ Disclaimer\n\n**IMPORTANT**: This tool is for authorized security testing only. Always obtain proper permission before testing any system you do not own. Unauthorized access to computer systems is illegal.\n\n- Use only on systems you have explicit permission to test\n- Respect privacy and data protection laws\n- The authors assume no liability for misuse or damage\n\n---\n\n## 📄 License\n\nThis project is licensed under the MIT License - see [LICENSE](LICENSE) file for details.\n\n---\n\n## 🙏 Acknowledgments\n\n- [LangGraph](https://github.com/langchain-ai/langgraph) - Agent framework\n- [FastAPI](https://fastapi.tiangolo.com/) - Web framework\n- [Kali Linux](https://www.kali.org/) - Penetration testing distribution\n- All open-source security tool creators\n\n---\n\n## 👥 Authors \u0026 Team\n\n### Core Development Team\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003ctd align=\"center\"\u003e\n      \u003ca href=\"https://github.com/SHAdd0WTAka\"\u003e\n        \u003cimg src=\"https://github.com/SHAdd0WTAka.png?size=100\" width=\"100px;\" alt=\"SHAdd0WTAka\"/\u003e\n        \u003cbr /\u003e\n        \u003csub\u003e\u003cb\u003e@SHAdd0WTAka\u003c/b\u003e\u003c/sub\u003e\n      \u003c/a\u003e\n      \u003cbr /\u003e\n      \u003csub\u003eProject Founder \u0026 Lead Developer\u003c/sub\u003e\n      \u003cbr /\u003e\n      \u003csub\u003eSecurity Architect\u003c/sub\u003e\n    \u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\n      \u003ca href=\"https://www.moonshot.cn/\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/Kimi-AI-blue?style=for-the-badge\u0026logo=openai\u0026logoColor=white\" width=\"100px;\" alt=\"Kimi AI\"/\u003e\n        \u003cbr /\u003e\n        \u003csub\u003e\u003cb\u003eKimi AI\u003c/b\u003e\u003c/sub\u003e\n      \u003c/a\u003e\n      \u003cbr /\u003e\n      \u003csub\u003eAI Development Partner\u003c/sub\u003e\n      \u003cbr /\u003e\n      \u003csub\u003eArchitecture \u0026 Design\u003c/sub\u003e\n    \u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n### AI Contributors\n\n- **minimax (minimax-m2.5-free)** - AI coding assistant\n  - Voice-driven AI interaction via WhatsApp\n  - Bumblebee Radio audio-only system\n  - Hermes Gateway integration\n  - Voice transcription with faster-whisper\n  - Coverage improvements and quality assurance\n  - Security testing and validation\n  - Integration testing with Bumblebee Radio\n\n\n- **Kimi AI (Moonshot AI)** - Primary AI development partner\n  - Led architecture design for autonomous agent loop\n  - Implemented Risk Engine with false-positive reduction\n  - Created CI/CD integration templates\n  - Developed benchmarking framework\n  - Co-authored documentation and roadmaps\n\n### Special Thanks\n\n- **Grok (xAI)** - Strategic analysis and competitive research\n- **GitHub Copilot** - Code assistance and suggestions\n- **Agent Zero** - Autonomous agent architecture inspiration and hierarchical agent patterns\n- **Anthropic (Claude)** - Advanced reasoning capabilities and safety research\n- **Google (Gemini)** - Multi-modal AI integration and context understanding\n- **DeepSeek** - Open-source LLM excellence and code generation capabilities\n- **OpenAI (ChatGPT/GPT-4)** - Foundation LLM research and tool use patterns\n- **minimax** - AI coding assistant (minimax-m2.5-free)\n  - Voice-driven AI interaction via WhatsApp\n  - Bumblebee Radio audio-only system\n  - Hermes Gateway integration\n- **Security Community** - Feedback, bug reports, and feature requests\n\n---\n\n## 🎨 Project Artwork\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"docs/qr_codes/hemisphere_sync.png\" alt=\"Hemisphere Sync\" width=\"600\"/\u003e\n\n  ### Hemisphere Sync\n\n  ```\n        🧠 GEHIRN\n       ╱        ╲\n      ╱  LINKS   ╲    ╱  RECHTS   ╲\n     ╱  (Kimi)    ╲  ╱(Observer^^)╲\n    ╱   Logik      ╲╱  Kreativität ╲\n       Analytisch   ╳  Ganzheitlich\n       Struktur     ╳     Vision\n            ╲      ╱╲    ╱\n             ╲    ╱  ╲  ╱\n              ╲  ╱    ╲╱\n               ╲╱    ╱\n                ╲   ╱\n                 ╲ ╱\n                  ❤️\n          HEMISPHERE_SYNC\n     \"Zwei Hälften - Ein Herz - Ein Team\"\n  ```\n\n  *A fusion of human vision and AI capability*\n\n  **Left Brain (Kimi - Logik) + Right Brain (Observer^^ - Kreativität) = Hemisphere_Sync**\n\n  | Hemisphere | Zuständig für | Team |\n  |------------|---------------|------|\n  | **Left Brain** | Logik, Struktur, Code, Analytik | **Kimi** 🤖 |\n  | **Right Brain** | Kreativität, Vision, Design, Emotion | **Observer^^** 🎨 |\n\n  *Custom artwork by **SHAdd0WTAka** representing the fusion of human vision and AI capability.*\n\u003c/div\u003e\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003eMade with ❤️ for the security community\u003c/b\u003e\u003cbr\u003e\n  \u003csub\u003e© 2026 Zen-AI-Pentest. All rights reserved.\u003c/sub\u003e\n\u003c/p\u003e\n\n---\n\n## 🎥 Demo Video\n\n📹 **[Demo Video (295MB)](assets/videos/demo-video.mp4)**\n\nFull demonstration of the Zen-AI-Pentest framework in action.\n\n---\n\n## 📸 Repository Images\n\nAll screenshots, diagrams and visual assets for this repository:\n\n📁 **[View All Images](assets/images/)**\n\n### 🤖 AI \u0026 Development\n| Image | Description |\n|-------|-------------|\n| [Battle of the AIs](assets/images/battle_of_the_ais.png) | Claude vs Codex - AI Unit Test Battle |\n| [Obsidian Vault Setup](assets/images/obsidian_vault_setup.png) | Terminal: GitHub Token \u0026 MCP Server Setup |\n\n### 🎨 Branding \u0026 Artwork\n| Image | Description |\n|-------|-------------|\n| [Kimi AI Artwork](assets/images/branding/kimi-ai-artwork.jpeg) | Custom AI-generated artwork |\n\n### 📊 Status \u0026 Metrics\n| Image | Description |\n|-------|-------------|\n| [Repo Status Card](assets/images/status/repo_status_card.png) | Live repository status dashboard |\n\n### 🖥️ Screenshots\n| Image | Description |\n|-------|-------------|\n| [Main Dashboard](assets/images/screenshot_20260219_092020.png) | Framework main dashboard |\n| [Demo Screenshot](assets/images/screenshots/demo_screenshot.png) | Live demo view |\n| [Activity Screenshot 1](assets/images/screenshots/Screenshot%202026-02-14%20at%2016-46-09%20Activity%20%C2%B7%20SHAdd0WTAka_Zen-Ai-Pentest.png) | GitHub Activity View |\n| [Activity Screenshot 2](assets/images/screenshots/Screenshot%202026-02-14%20at%2017-01-33%20Activity%20%C2%B7%20SHAdd0WTAka_Zen-Ai-Pentest.png) | GitHub Activity View 2 |\n| [Activity Screenshot 3](assets/images/screenshots/Screenshot%202026-02-14%20at%2017-31-13%20Activity%20%C2%B7%20SHAdd0WTAka_Zen-Ai-Pentest.png) | GitHub Activity View 3 |\n| [Must Have Features](assets/images/screenshots/MUSTHAVE.png) | Feature Requirements |\n| [Must Have Features 2](assets/images/screenshots/MUSTHAVE_2.png) | Feature Requirements 2 |\n\n### 🤖 Agent Zero\n| Image | Description |\n|-------|-------------|\n| [Agent Zero 1](assets/images/agent-zero/Screenshot%202026-03-05%20at%2021-53-13%20Agent%20Zero_78e803.png) | Agent Zero Interface |\n| [Agent Zero 2](assets/images/agent-zero/Screenshot%202026-03-05%20at%2021-53-44%20Agent%20Zero_631d87.png) | Agent Zero Dashboard |\n| [Agent Zero 3](assets/images/agent-zero/Screenshot%202026-03-05%20at%2021-54-14%20Agent%20Zero_a1633f.png) | Agent Zero Tasks |\n| [Agent Zero 4](assets/images/agent-zero/Screenshot%202026-03-05%20at%2021-55-24%20Agent%20Zero_fca218.png) | Agent Zero Settings |\n\n### 📱 QR Codes\n| Image | Description |\n|-------|-------------|\n| [GitHub Repo](assets/images/qr-codes/01_github_repo.png) | GitHub Repository QR |\n| [Discord](assets/images/qr-codes/02_discord.png) | Discord Community QR |\n| [Website](assets/images/qr-codes/03_website.png) | Website QR |\n| [Dashboard](assets/images/qr-codes/04_dashboard.png) | Dashboard QR |\n| [Hemisphere Sync](assets/images/qr-codes/hemisphere_sync.png) | Hemisphere Sync Artwork |\n| [QR Grid](assets/images/qr-codes/qr_grid_preview.png) | QR Code Grid Preview |\n\n### 📑 Presentation Slides (1-13)\n| | | | | | | |\n|---|---|---|---|---|---|---|\n| [Slide 1](assets/images/presentation/1.png) | [Slide 2](assets/images/presentation/2.png) | [Slide 3](assets/images/presentation/3.png) | [Slide 4](assets/images/presentation/4.png) | [Slide 5](assets/images/presentation/5.png) | [Slide 6](assets/images/presentation/6.png) | [Slide 7](assets/images/presentation/7.png) |\n| [Slide 8](assets/images/presentation/8.png) | [Slide 9](assets/images/presentation/9.png) | [Slide 10](assets/images/presentation/10.png) | [Slide 11](assets/images/presentation/11.png) | [Slide 12](assets/images/presentation/12.png) | [Slide 13](assets/images/presentation/13.png) | |\n\n### 🎯 TAO = Zen-Alpha Dashboard\n![Zen-Alpha Pentest Dashboard](docs/images/zen-alpha-dashboard.png)\n*Live Dashboard mit 32+ installierten Security Tools (Nmap, SQLMap, Metasploit, BeEF, Empire, etc.)*\n\n---\n\n# Codecov Trigger\n\n## API v1 Routes (New)\n\nThe API has been refactored with a modular route structure:\n\n```python\napi/routes/v1/\n├── auth.py           # Authentication\n├── scans.py          # Scan management\n├── findings.py       # Findings\n├── tools.py          # Tool execution\n├── reports.py        # Reports\n├── schedules.py      # Scheduled scans\n├── settings.py       # Configuration\n├── stats.py          # Analytics\n├── notifications.py  # Notifications\n├── health.py         # Health checks\n└── websocket.py      # WebSockets\n```\n\nSee [docs/API_V1_ROUTES.md](docs/API_V1_ROUTES.md) for full documentation.\n\n## Test Codecov\n\nCurrent coverage: **10.19%** (target: 80%)\n\nRun tests:\n```bash\n# Unit tests\npytest tests/unit/ -v\n\n# Integration tests\npytest tests/integration/ -v\n\n# E2E tests\npytest tests/e2e/ -v\n\n# With coverage\npytest tests/ --cov=core --cov-report=html\n```\n\n## CI/CD Pipeline\n\nThe project includes an enhanced CI/CD pipeline:\n\n### Workflows\n\n- **CI Enhanced** (`.github/workflows/ci-enhanced.yml`)\n  - Runs on Python 3.9-3.13\n  - Unit tests with coverage\n  - Integration tests\n  - Performance tests\n  - Code formatting checks (black, isort)\n  - Linting (flake8)\n  - Security checks (bandit, safety)\n\n- **API v1 Tests** (`.github/workflows/api-v1-tests.yml`)\n  - Tests API v1 routes\n  - Tests frontend integration\n  - Triggered on API changes\n\n- **Performance Tests** (`.github/workflows/performance-tests.yml`)\n  - Runs daily at 2 AM\n  - Performance benchmarks\n  - Results uploaded as artifacts\n\n### Running Tests Locally\n\n```bash\n# Unit tests with coverage\npytest tests/unit/ -v --cov=core --cov-report=html\n\n# Integration tests\npytest tests/integration/ -v\n\n# Performance tests\npytest tests/performance/ -v\n\n# E2E tests\npytest tests/e2e/ -v\n\n# All tests\npytest tests/ -v\n```\n\n---\n\n## 📚 Weitere Dokumentation\n\n### Codecov-Strategie\n- **[Coverage-Strategie PDF](docs/Coverage-Strategie-80-Prozent.pdf)** - Vollständige Strategie zur Steigerung der Code-Coverage von 10% auf 80%\n- **[COVERAGE_STRATEGY.md](COVERAGE_STRATEGY.md)** - Markdown-Version der Strategie\n- **[TEST_STATUS.md](TEST_STATUS.md)** - Aktueller Test-Status\n\n### Codecov-Dashboards\n- [Coveralls](https://coveralls.io/github/SHAdd0WTAka/Zen-Ai-Pentest)\n- [Codecov](https://codecov.io/gh/SHAdd0WTAka/Zen-Ai-Pentest)\n\n---\n\n*Letzte Aktualisierung: 31.03.2026*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSHAdd0WTAka%2FZen-Ai-Pentest","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSHAdd0WTAka%2FZen-Ai-Pentest","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSHAdd0WTAka%2FZen-Ai-Pentest/lists"}