Skip to main content

Comprehensive DLP evasion test suite — scanner-agnostic, file-aware

Project description

evadex

DLP quality assurance testing. Generate synthetic sensitive data, test your scanner, measure detection gaps.


Install

pip install evadex

Quick start

evadex quickstart

The wizard detects your environment, configures your scanner, and runs a first test. Saves config to evadex.yaml so subsequent runs just work.


Core commands

evadex scan                          # test your scanner (northam tier, auto-detect scanner)
evadex scan --fast                   # top techniques only, ~5 min
evadex scan --tier full              # comprehensive test, all payloads

evadex generate                      # interactive: pick format, count, output
evadex generate --format xlsx        # 100-record spreadsheet
evadex generate --formats xlsx,docx,pdf --tier northam  # all formats at once

evadex falsepos                      # measure false positive rate (100 values)
evadex falsepos --count 500          # more thorough

evadex report results/scan.json      # generate HTML report

HTTP transport (recommended for Siphon)

For faster scanning start Siphon in server mode:

siphon serve --port 8080 --api-key $YOUR_KEY

Then scan via HTTP — 12x faster than CLI mode:

evadex scan --transport http --url http://localhost:8080 --api-key $YOUR_KEY --tier northam

Or configure in evadex.yaml:

transport: http
url: http://localhost:8080
api_key: your-key   # or set EVADEX_API_KEY env var
Mode Throughput Northam scan time
CLI (default) ~11/sec ~45 min
HTTP ~131/sec ~4 min

Tiers

Tier Focus Est. Time When to use
northam (default) Canada + US + capital markets ~5 min Daily North America testing
banking Canadian banking focus ~4 min Banking compliance (CA-only)
core Broad PII + international ~10 min Weekly benchmarks
regional Full international coverage ~20 min Global deployments
full Everything ~30 min Major releases

Formats

Generate test files in any of these formats:

xlsx · docx · pdf · csv · txt · json · xml · sql · log · eml
parquet · sqlite · zip · 7z · mbox · png · jpg

Evasion techniques

evadex tests 13 technique families:

Technique Examples
unicode_encoding Fullwidth digits, homoglyphs, zero-width chars, NFD normalization
delimiter Space, hyphen, dot, tab, newline, mixed, doubled, none
splitting Mid-value line break, HTML comment injection, JSON field split
leetspeak Minimal, moderate, aggressive substitution tiers
regional_digits Arabic-Indic, Devanagari, Bengali, Thai, and 6 more scripts
encoding Base64, ROT13, double URL encoding, encoding chains
context_injection Value in JSON record, XML element, SQL snippet
bidirectional Unicode RLO/LRO/RLE control characters
soft_hyphen U+00AD invisible separator at group boundaries
morse_code Digits encoded as International Morse Code

Capital markets coverage

v3.24.0 adds securities identifiers and financial messaging references to the banking and core tiers:

Category Examples Tier
isin US0378331005 (Apple), CA7800871021 (RBC) banking
cusip_num 037833100 (Apple), 46625H100 (JPMorgan) banking
cins_num G0177J108 (UK-registered), F22797108 (French) core
sedol_num 2005973 (BP), 0540528 (HSBC) core
figi_num BBG000B9XRY4 (Apple), BBG000DMBXR2 (JPMorgan) banking
lei_num HWUPKR0MPOU8FGXBT394 (Apple), R0MUWSFPU8MPRO8K5P83 (BNP) banking
ticker_symbol AAPL, JPM, RY.TO, BRK.A core
reuters_ric AAPL.O, JPM.N, BP.L core
valor_num 3234936 (Apple/SIX), 1225514 (Nestlé) core
wkn_num 865985 (Apple/Frankfurt), 840400 (BMW) core
mt103_ref FT23148BTJK7LMNQ, PAYREF2024031401 banking
mifid_tx_id MIFID20230517ABC0000000012345678… core
chips_uid 0001JPMC banking
sepa_ref RF18539007547034 banking
fedwire_imad 20231015BNKUS33XXXX000123456789 banking

All securities identifiers include checksum-validated synthetic generators (CUSIP ANSI X9.6, SEDOL weighted mod-10, ISIN Luhn, FIGI Luhn, LEI ISO 17442 mod-97).


Configuration

Run evadex init to create evadex.yaml in the current directory:

tool: siphon-cli
exe: /path/to/siphon
tier: northam
concurrency: 32

CLI flags override config values. evadex.yaml is auto-discovered from the working directory.


Analysis commands

evadex history                       # past scan and falsepos runs
evadex trend                         # ASCII chart of detection rate over time
evadex techniques --top 10           # techniques with highest bypass rate
evadex doctor                        # environment health check
evadex benchmark                     # measure generate/scan performance

Scoring & coverage (v3.33)

# Composite 0-100 scanner quality score from audit history (detection,
# false-positive rate, category coverage, response time) with a letter grade
evadex score
evadex score --json                  # machine-readable output

# Ranked comparison of every scanner label seen in the audit log
evadex leaderboard

# Per-category / per-technique breakdown: sample value, variants produced,
# evasion rationale, and the recommended scanner fix
evadex explain --category credit_card
evadex explain --category ssn --technique splitting
evadex explain --category iban --sample GB33BUKB20201555555555

# Gap analysis for a tier: which payload categories have been tested and which
# are untested
evadex coverage --tier northam
evadex coverage --missing-only
evadex coverage --show-all --scanner-label post-patch

Result commands (v3.27–3.28)

# Compare two scan runs at the individual variant level
evadex diff before.json after.json
evadex diff before.json after.json --format html --output diff.html
evadex diff before.json after.json --format json --output diff.json

# Export scan results as CSV or Markdown
evadex export scan.json --format csv --output findings.csv
evadex export scan.json --format markdown --output findings.md
evadex export scan.json --format csv --only-bypassed  # evasions only

# Validate that a document template generates a correct, openable file
evadex validate --template trade_confirmation --format docx
evadex validate --all-templates --format csv
evadex validate --template swift_mt103 --format docx --scan   # also submit to scanner

# Current state at a glance: scanner, last scan, bridge, cache, scheduled jobs
evadex status
evadex status --json

# Manage the scan result cache (SQLite, 24-hour TTL by default)
evadex cache stats
evadex cache clear --yes

# Resume an interrupted scan from a saved checkpoint
evadex scan --resume
evadex scan --tier northam --resume --scanner-label post-patch

Advanced commands (Siphon-specific)

evadex entropy --url http://localhost:8080   # test entropy detection modes
evadex edm    --url http://localhost:8080   # test Exact Data Match engine
evadex lsh    --url http://localhost:8080   # test document-similarity detection
evadex bridge --port 9191                   # start HTTP API bridge

Requirements

  • Python 3.11+
  • A DLP scanner (Siphon recommended, dlpscan-rs supported, any CLI scanner via adapter)

Optional extras:

pip install evadex[barcodes]      # PNG/JPG barcode generation (QR, Code128, EAN-13)
pip install evadex[data-formats]  # Parquet and SQLite output
pip install evadex[archives]      # 7z archive output
pip install evadex[bridge]        # HTTP API bridge (FastAPI)

Full documentation

See docs/REFERENCE.md for the complete CLI reference:

  • All flags and options for every command
  • Payload coverage by region (593 payloads, 501 categories)
  • Adapter configuration (Siphon, dlpscan-rs, Presidio)
  • Profile system and scheduling
  • Bridge/C2 integration
  • Architecture overview

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

evadex-3.36.0.tar.gz (392.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

evadex-3.36.0-py3-none-any.whl (466.4 kB view details)

Uploaded Python 3

File details

Details for the file evadex-3.36.0.tar.gz.

File metadata

  • Download URL: evadex-3.36.0.tar.gz
  • Upload date:
  • Size: 392.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for evadex-3.36.0.tar.gz
Algorithm Hash digest
SHA256 0e0558f7b8f2c302442845a997bca95bb43b27d80029e834408e09b5c5b8d784
MD5 7d7d0542eb1886e4f2dad60febe94185
BLAKE2b-256 6ab9877585956f38ca7b37c3081dfa70459e3a709fd61872c1c8c6243b34e738

See more details on using hashes here.

File details

Details for the file evadex-3.36.0-py3-none-any.whl.

File metadata

  • Download URL: evadex-3.36.0-py3-none-any.whl
  • Upload date:
  • Size: 466.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for evadex-3.36.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d4b7f26034ee1105ab04b3954a5682283b7b9ca34a4e22eb038f670a9fd487a7
MD5 4229ccdff6a030f79aac171e0b7728ff
BLAKE2b-256 4049ce35f51b8a6107cfbc5c11b858312a3896ca9e5eb905b56002f9296ecdf9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page