AI-powered web vulnerability analysis platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sufa from gravatar.com sufa

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: sufiyansaidsha
  • Tags ai , burp , llm , owasp , pentest , scanner , security , vulnerability
  • Requires: Python >=3.11
  • Provides-Extra: all , crawler , dev , pdf , proxy , server
Classifiers
Report project as malware

Project description

sufa

AI-powered web vulnerability analysis platform.

sufa combines AI reasoning, traditional scanning techniques, attack chain discovery, and pentester workflows into a unified CLI tool with Burp Suite integration.

Features

  • AI-Powered Analysis -- Passive and active vulnerability detection using Ollama, OpenAI, Claude, or Gemini
  • Central Traffic Store -- Persist, replay, and analyze HTTP traffic
  • Smart Deduplication -- Endpoint normalization prevents redundant analysis
  • Attack Chain Discovery -- AI connects individual findings into multi-step attack paths
  • Event-Driven Architecture -- Extensible plugin system with publish/subscribe events
  • Data Redaction -- Automatically strips sensitive data before sending to AI providers
  • Multiple Report Formats -- JSON, HTML, PDF, SARIF for CI/CD integration

Quick Start

pip install sufa

# Configure AI provider
sufa config set ai.provider ollama
sufa config set ai.model deepseek-r1:latest

# Test connectivity
sufa provider test

# Scan a target
sufa scan https://target.example.com

# View findings
sufa findings list

# Generate report
sufa report generate --format html

CLI Commands

sufa scan <url>                    Passive scan a target
sufa scan --profile deep <url>     Deep scan with active verification
sufa proxy start --port 8080       Start intercept proxy
sufa import <file.har>             Import HAR file for analysis
sufa replay <request-id>           Replay a stored request
sufa findings list                 List all findings
sufa findings chains               Show discovered attack chains
sufa report generate --format pdf  Generate report
sufa project create "name"         Create a project
sufa config set <key> <value>      Set configuration
sufa provider test                 Test AI provider connectivity
sufa server start                  Start API server (Enterprise)

AI Providers

Provider Local Cost
Ollama Yes Free
OpenAI No Paid
Claude No Paid
Gemini No Paid

Documentation

For the complete usage guide covering all commands, configuration, plugins, Docker, Burp Suite integration, and more:

Full Usage Guide

Development

pip install -e ".[dev,all]"
pytest

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sufa from gravatar.com sufa

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: sufiyansaidsha
  • Tags ai , burp , llm , owasp , pentest , scanner , security , vulnerability
  • Requires: Python >=3.11
  • Provides-Extra: all , crawler , dev , pdf , proxy , server
Classifiers

Release history Release notifications | RSS feed

0.1.4

0.1.3

0.1.2

This version

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sufa-0.1.1.tar.gz (1.3 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sufa-0.1.1-py3-none-any.whl (93.4 kB view details)

Uploaded Python 3

File details

Details for the file sufa-0.1.1.tar.gz.

File metadata

  • Download URL: sufa-0.1.1.tar.gz
  • Upload date:
  • Size: 1.3 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for sufa-0.1.1.tar.gz
Algorithm Hash digest
SHA256 3574530778064581b54d23543f005af200f76c1e2ec0259ffc110e4ed4e567db
MD5 c94db8516621741fdabc4f556e6c14ce
BLAKE2b-256 b9c6def3c5d8bb84883a045e12a0fae410747b292398cf8e0eed0dda576f86cc

See more details on using hashes here.

Provenance

The following attestation bundles were made for sufa-0.1.1.tar.gz:

Publisher: release.yml on sufiyansaidsha/sufaAI

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sufa-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: sufa-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 93.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for sufa-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 2983333aeaf1f3f50e2502cda11bb30f932ed94914e9a2cc45062062cf790c33
MD5 9836b0babb2e4480950b5defc2c21871
BLAKE2b-256 58b3d210ef3279b2d22d5608b359b34afabe614ad4935bd6449dc54fbde76407

See more details on using hashes here.

Provenance

The following attestation bundles were made for sufa-0.1.1-py3-none-any.whl:

Publisher: release.yml on sufiyansaidsha/sufaAI

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page