AI-powered web vulnerability analysis platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sufa from gravatar.com sufa

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: sufiyansaidsha
  • Tags ai , burp , llm , owasp , pentest , scanner , security , vulnerability
  • Requires: Python >=3.11
  • Provides-Extra: all , crawler , dev , pdf , proxy , server
Classifiers
Report project as malware

Project description

sufa

AI-powered web vulnerability analysis platform.

sufa combines AI reasoning, traditional scanning techniques, attack chain discovery, and pentester workflows into a unified CLI tool with Burp Suite integration.

Features

  • AI-Powered Analysis -- Passive and active vulnerability detection using Ollama, OpenAI, Claude, or Gemini
  • Central Traffic Store -- Persist, replay, and analyze HTTP traffic
  • Smart Deduplication -- Endpoint normalization prevents redundant analysis
  • Attack Chain Discovery -- AI connects individual findings into multi-step attack paths
  • Event-Driven Architecture -- Extensible plugin system with publish/subscribe events
  • Data Redaction -- Automatically strips sensitive data before sending to AI providers
  • Multiple Report Formats -- JSON, HTML, PDF, SARIF for CI/CD integration

Quick Start

pip install sufa

# Configure AI provider
sufa config set ai.provider ollama
sufa config set ai.model deepseek-r1:latest

# Test connectivity
sufa provider test

# Scan a target
sufa scan https://target.example.com

# View findings
sufa findings list

# Generate report
sufa report generate --format html

CLI Commands

sufa scan <url>                    Passive scan a target
sufa scan --profile deep <url>     Deep scan with active verification
sufa proxy start --port 8080       Start intercept proxy
sufa import <file.har>             Import HAR file for analysis
sufa replay <request-id>           Replay a stored request
sufa findings list                 List all findings
sufa findings chains               Show discovered attack chains
sufa report generate --format pdf  Generate report
sufa project create "name"         Create a project
sufa config set <key> <value>      Set configuration
sufa provider test                 Test AI provider connectivity
sufa server start                  Start API server (Enterprise)

AI Providers

Provider Local Cost
Ollama Yes Free
OpenAI No Paid
Claude No Paid
Gemini No Paid

Development

pip install -e ".[dev,all]"
pytest

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sufa from gravatar.com sufa

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: sufiyansaidsha
  • Tags ai , burp , llm , owasp , pentest , scanner , security , vulnerability
  • Requires: Python >=3.11
  • Provides-Extra: all , crawler , dev , pdf , proxy , server
Classifiers

Release history Release notifications | RSS feed

0.1.4

0.1.3

0.1.2

0.1.1

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sufa-0.1.0.tar.gz (62.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sufa-0.1.0-py3-none-any.whl (92.9 kB view details)

Uploaded Python 3

File details

Details for the file sufa-0.1.0.tar.gz.

File metadata

  • Download URL: sufa-0.1.0.tar.gz
  • Upload date:
  • Size: 62.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for sufa-0.1.0.tar.gz
Algorithm Hash digest
SHA256 21191bc84e7d33143fe6f3fc4652d8eebe7e4bc74fcd81d1fbcb69a5d9375fac
MD5 c6f52eef156a3723aec98dd2a05c4b16
BLAKE2b-256 e2f8775622848ee59e1c05b92ab50c72cf5bc2d19021edc2fe49df4655dd7409

See more details on using hashes here.

Provenance

The following attestation bundles were made for sufa-0.1.0.tar.gz:

Publisher: release.yml on sufiyansaidsha/sufaAI

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sufa-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: sufa-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 92.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for sufa-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 86620355004cea6d3ee622f2770ac0ee808002928ec01e7a1790c265dfe6904e
MD5 6df645b0b4a9abab6abd0a39bcba67bd
BLAKE2b-256 85983a611cb4bfc73d41af522c608bca373234f7f3f1ccd4c7574ad3b833e89c

See more details on using hashes here.

Provenance

The following attestation bundles were made for sufa-0.1.0-py3-none-any.whl:

Publisher: release.yml on sufiyansaidsha/sufaAI

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page