AI-powered web vulnerability analysis platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sufa from gravatar.com sufa

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: sufiyansaidsha
  • Tags ai , burp , llm , owasp , pentest , scanner , security , vulnerability
  • Requires: Python >=3.11
  • Provides-Extra: all , crawler , dev , pdf , proxy , server
Classifiers
Report project as malware

Project description

sufa

AI-powered web vulnerability analysis platform.

sufa combines AI reasoning, traditional scanning techniques, attack chain discovery, and pentester workflows into a unified CLI tool with Burp Suite integration.

Features

  • AI-Powered Analysis -- Passive and active vulnerability detection using Ollama, OpenAI, Claude, or Gemini
  • Central Traffic Store -- Persist, replay, and analyze HTTP traffic
  • Smart Deduplication -- Endpoint normalization prevents redundant analysis
  • Attack Chain Discovery -- AI connects individual findings into multi-step attack paths
  • Event-Driven Architecture -- Extensible plugin system with publish/subscribe events
  • Data Redaction -- Automatically strips sensitive data before sending to AI providers
  • Multiple Report Formats -- JSON, HTML, PDF, SARIF for CI/CD integration

Quick Start

pip install sufa

# Configure AI provider
sufa config set ai.provider ollama
sufa config set ai.model deepseek-r1:latest

# Test connectivity
sufa provider test

# Scan a target
sufa scan https://target.example.com

# View findings
sufa findings list

# Generate report
sufa report generate --format html

CLI Commands

sufa scan <url>                    Passive scan a target
sufa scan --profile deep <url>     Deep scan with active verification
sufa proxy start --port 8080       Start intercept proxy
sufa import <file.har>             Import HAR file for analysis
sufa replay <request-id>           Replay a stored request
sufa findings list                 List all findings
sufa findings chains               Show discovered attack chains
sufa report generate --format pdf  Generate report
sufa project create "name"         Create a project
sufa config set <key> <value>      Set configuration
sufa provider test                 Test AI provider connectivity
sufa server start                  Start API server (Enterprise)

AI Providers

Provider Local Cost
Ollama Yes Free
OpenAI No Paid
Claude No Paid
Gemini No Paid

Documentation

For the complete usage guide covering all commands, configuration, plugins, Docker, Burp Suite integration, and more:

Full Usage Guide

Development

pip install -e ".[dev,all]"
pytest

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sufa from gravatar.com sufa

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: sufiyansaidsha
  • Tags ai , burp , llm , owasp , pentest , scanner , security , vulnerability
  • Requires: Python >=3.11
  • Provides-Extra: all , crawler , dev , pdf , proxy , server
Classifiers

Release history Release notifications | RSS feed

This version

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sufa-0.1.4.tar.gz (1.3 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sufa-0.1.4-py3-none-any.whl (101.6 kB view details)

Uploaded Python 3

File details

Details for the file sufa-0.1.4.tar.gz.

File metadata

  • Download URL: sufa-0.1.4.tar.gz
  • Upload date:
  • Size: 1.3 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for sufa-0.1.4.tar.gz
Algorithm Hash digest
SHA256 7958840b559e9d15867a3af78f6a4dfa275cc66a9445ef03d4c7161c237cc2d7
MD5 fd10166660a14e251f6a0829506f0dfd
BLAKE2b-256 fa610822dc25e095ad0ca5cd1460f80e27907ebdb377f81dbc67d0673ccdd018

See more details on using hashes here.

Provenance

The following attestation bundles were made for sufa-0.1.4.tar.gz:

Publisher: release.yml on sufiyansaidsha/sufaAI

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sufa-0.1.4-py3-none-any.whl.

File metadata

  • Download URL: sufa-0.1.4-py3-none-any.whl
  • Upload date:
  • Size: 101.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for sufa-0.1.4-py3-none-any.whl
Algorithm Hash digest
SHA256 ca7f7c59a0eed390e37fe56008ec6a7b6a3500e50fc3b25eeff0cd38b7211113
MD5 071d4595f06b0c7f4d748059108a9a8b
BLAKE2b-256 5ffaf683b8acb86eeeacc589311573581f446dec5a11d22ea61f274c700ed9ef

See more details on using hashes here.

Provenance

The following attestation bundles were made for sufa-0.1.4-py3-none-any.whl:

Publisher: release.yml on sufiyansaidsha/sufaAI

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page