AI-powered web vulnerability analysis platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sufa from gravatar.com sufa

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: sufiyansaidsha
  • Tags ai , burp , llm , owasp , pentest , scanner , security , vulnerability
  • Requires: Python >=3.11
  • Provides-Extra: all , crawler , dev , pdf , proxy , server
Classifiers
Report project as malware

Project description

sufa

AI-powered web vulnerability analysis platform.

sufa combines AI reasoning, traditional scanning techniques, attack chain discovery, and pentester workflows into a unified CLI tool with Burp Suite integration.

Features

  • AI-Powered Analysis -- Passive and active vulnerability detection using Ollama, OpenAI, Claude, or Gemini
  • Central Traffic Store -- Persist, replay, and analyze HTTP traffic
  • Smart Deduplication -- Endpoint normalization prevents redundant analysis
  • Attack Chain Discovery -- AI connects individual findings into multi-step attack paths
  • Event-Driven Architecture -- Extensible plugin system with publish/subscribe events
  • Data Redaction -- Automatically strips sensitive data before sending to AI providers
  • Multiple Report Formats -- JSON, HTML, PDF, SARIF for CI/CD integration

Quick Start

pip install sufa

# Configure AI provider
sufa config set ai.provider ollama
sufa config set ai.model deepseek-r1:latest

# Test connectivity
sufa provider test

# Scan a target
sufa scan https://target.example.com

# View findings
sufa findings list

# Generate report
sufa report generate --format html

CLI Commands

sufa scan <url>                    Passive scan a target
sufa scan --profile deep <url>     Deep scan with active verification
sufa proxy start --port 8080       Start intercept proxy
sufa import <file.har>             Import HAR file for analysis
sufa replay <request-id>           Replay a stored request
sufa findings list                 List all findings
sufa findings chains               Show discovered attack chains
sufa report generate --format pdf  Generate report
sufa project create "name"         Create a project
sufa config set <key> <value>      Set configuration
sufa provider test                 Test AI provider connectivity
sufa server start                  Start API server (Enterprise)

AI Providers

Provider Local Cost
Ollama Yes Free
OpenAI No Paid
Claude No Paid
Gemini No Paid

Documentation

For the complete usage guide covering all commands, configuration, plugins, Docker, Burp Suite integration, and more:

Full Usage Guide

Development

pip install -e ".[dev,all]"
pytest

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sufa from gravatar.com sufa

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: sufiyansaidsha
  • Tags ai , burp , llm , owasp , pentest , scanner , security , vulnerability
  • Requires: Python >=3.11
  • Provides-Extra: all , crawler , dev , pdf , proxy , server
Classifiers

Release history Release notifications | RSS feed

0.1.4

0.1.3

This version

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sufa-0.1.2.tar.gz (1.3 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sufa-0.1.2-py3-none-any.whl (101.3 kB view details)

Uploaded Python 3

File details

Details for the file sufa-0.1.2.tar.gz.

File metadata

  • Download URL: sufa-0.1.2.tar.gz
  • Upload date:
  • Size: 1.3 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for sufa-0.1.2.tar.gz
Algorithm Hash digest
SHA256 4a5873f67ba3a9fc5090099847424c6ab3d9446ab68cd87445917a370958746d
MD5 60e68d660166075e65a913ac0ff04084
BLAKE2b-256 96b5f49dc848f73089b6abe013e0bf881bb7692c4aeb8344cac7dd10879ae368

See more details on using hashes here.

Provenance

The following attestation bundles were made for sufa-0.1.2.tar.gz:

Publisher: release.yml on sufiyansaidsha/sufaAI

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sufa-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: sufa-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 101.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for sufa-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 0b875a8fd9323283d81daecb79206a1b39e0b8397307c8801be7f07a899583aa
MD5 48975c2fdaef3cd72facaac709eb06d4
BLAKE2b-256 12d5c523c70bafa80aaf762adbed8090ff2535462271f6e13469ea9f4a30136a

See more details on using hashes here.

Provenance

The following attestation bundles were made for sufa-0.1.2-py3-none-any.whl:

Publisher: release.yml on sufiyansaidsha/sufaAI

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page