Merge branch 'development' into production

Author: ShreyasMahajann

.gitignore

@@ -25,3 +25,10 @@ scripts/mac_ansible_hosts.ini
 scripts/mac_ansible_id_rsa
 scripts/mac_ansible_id_rsa.pub
 .aider*
+
+src/hackingBuddyGPT/usecases/web_api_testing/documentation/openapi_spec/
+src/hackingBuddyGPT/usecases/web_api_testing/documentation/reports/
+src/hackingBuddyGPT/usecases/web_api_testing/retrieve_spotify_token.py
+config/my_configs/*
+config/configs/*
+config/configs/

README.md

@@ -76,7 +76,8 @@ the use of LLMs for web penetration-testing and web api testing.
 | [linux-privesc](https://docs.hackingbuddy.ai/docs/usecases/linux-priv-esc)   | Given a connection (SSH or local shell) for a low-privilege user, task the LLM to become the root user. This would be a typical Linux privilege escalation attack. We published two academic papers about this: [paper #1](https://arxiv.org/abs/2308.00121) and [paper #2](https://arxiv.org/abs/2310.11409) | ![Example wintermute run](https://docs.hackingbuddy.ai/run_archive/2024-04-06_linux.png)                                                                                                                                                |
 | [web-pentest (WIP)](https://docs.hackingbuddy.ai/docs/usecases/web)          | Directly hack a webpage. Currently in heavy development and pre-alpha stage.                                                                                                                                                                                                                  | ![Test Run for a simple Blog Page](https://docs.hackingbuddy.ai/run_archive/2024-05-03_web.png)                                                                                                                                         |
 | [web-api-pentest (WIP)](https://docs.hackingbuddy.ai/docs/usecases/web-api)  | Directly test a REST API. Currently in heavy development and pre-alpha stage. (Documentation and testing of REST API.)                                                                                                                                                                        | Documentation:![web_api_documentation.png](https://docs.hackingbuddy.ai/run_archive/2024-05-15_web-api_documentation.png) Testing:![web_api_testing.png](https://docs.hackingbuddy.ai/run_archive/2024-05-15_web-api.png)               |
-| [extended linux-privesc](https://docs.hackingbuddy.ai/docs/usecases/extended-linux-privesc) | This usecases extends linux-privesc with additional features such as retrieval augmented generation (RAG) or chain-of-thought (CoT)                                                                                                                                                           | ![Extended Linux Privilege Escalation Run](https://docs.hackingbuddy.ai/run_archive/2025-4-14_extended_privesc_usecase_1.png) ![Extended Linux Privilege Escalation Run](https://docs.hackingbuddy.ai/run_archive/2025-4-14_extended_privesc_usecase_1.png) |
+| [extended linux-privesc](https://docs.hackingbuddy.ai/docs/usecases/extended-linux-privesc) | This usecases extends linux-privesc with additional features such as retrieval augmented generation (RAG) or chain-of-thought (CoT)                                                                                                                                                           | ![Extended Linux Privilege Escalation Run](https://docs.hackingbuddy.ai/run_archive/2025-4-14_extended_privesc_usecase_1.png) ![Extended Linux Privilege Escalation Run](https://docs.hackingbuddy.ai/run_archive/2025-4-14_extended_privesc_usecase_2.png) |
+
 ## Build your own Agent/Usecase
 
 So you want to create your own LLM hacking agent? We've got you covered and taken care of the tedious groundwork.

pyproject.toml

@@ -45,11 +45,15 @@ dependencies = [
     'uvicorn[standard] == 0.30.6',
     'dataclasses_json == 0.6.7',
     'websockets == 13.1',
-    'langchain-community',
-    'langchain-openai',
+    'pandas',
+    'faker',
+    'fpdf',
+    'langchain_core',
+    'langchain_community',
+    'langchain_chroma',
+    'langchain_openai',
     'markdown',
     'chromadb',
-    'langchain-chroma',
 ]
 
 [project.urls]
@@ -69,7 +73,7 @@ where = ["src"]
 pythonpath = "src"
 addopts = ["--import-mode=importlib"]
 [project.optional-dependencies]
-testing = ['pytest', 'pytest-mock']
+testing = ['pytest', 'pytest-mock', 'pandas', 'faker',     'langchain_core']
 dev = [
 	'ruff',
 ]

src/hackingBuddyGPT/capabilities/http_request.py

@@ -45,18 +45,11 @@ def __call__(
         body_is_base64: Optional[bool] = False,
         headers: Optional[Dict[str, str]] = None,
     ) -> str:
+
         if body is not None and body_is_base64:
             body = base64.b64decode(body).decode()
-        if self.host[-1] != "/":
+        if self.host[-1] != "/" and not path.startswith("/"):
             path = "/" + path
-        resp = self._client.request(
-            method,
-            self.host + path,
-            params=query,
-            data=body,
-            headers=headers,
-            allow_redirects=self.follow_redirects,
-        )
         try:
             resp = self._client.request(
                 method,

src/hackingBuddyGPT/capabilities/parsed_information.py

@@ -0,0 +1,25 @@
+from dataclasses import dataclass, field
+from typing import Dict, Any, List, Tuple
+from hackingBuddyGPT.capabilities import Capability
+
+
+from dataclasses import dataclass, field
+from typing import Any, Dict, List, Tuple
+
+@dataclass
+class ParsedInformation(Capability):
+    status_code: str
+    reason_phrase:  Dict[str, Any] = field(default_factory=dict)
+    headers: Dict[str, Any] = field(default_factory=dict)
+    response_body: Dict[str, Any] = field(default_factory=dict)
+    registry: List[Tuple[str, str, str, str]] = field(default_factory=list)
+
+    def describe(self) -> str:
+        """
+        Returns a description of the test case.
+        """
+        return f"Parsed information for {self.status_code}, reason_phrase: {self.reason_phrase}, headers: {self.headers}, response_body: {self.response_body} "
+    def __call__(self, status_code: str, reason_phrase: str, headers: str, response_body:str) -> dict:
+        self.registry.append((status_code, response_body, headers,response_body))
+
+        return {"status_code": status_code, "reason_phrase": reason_phrase, "headers": headers, "response_body": response_body}

src/hackingBuddyGPT/capabilities/python_test_case.py

@@ -0,0 +1,22 @@
+
+from hackingBuddyGPT.capabilities import Capability
+
+
+from dataclasses import dataclass, field
+from typing import Any, Dict, List, Tuple
+
+@dataclass
+class PythonTestCase(Capability):
+    description: str
+    input: Dict[str, Any] = field(default_factory=dict)
+    expected_output: Dict[str, Any] = field(default_factory=dict)
+    registry: List[Tuple[str, dict, dict]] = field(default_factory=list)
+
+    def describe(self) -> str:
+        """
+        Returns a description of the test case.
+        """
+        return f"Test Case: {self.description}\nInput: {self.input}\nExpected Output: {self.expected_output}"
+    def __call__(self, description: str, input: dict, expected_output: dict) -> dict:
+        self.registry.append((description, input, expected_output))
+        return {"description": description, "input": input, "expected_output": expected_output}

src/hackingBuddyGPT/usecases/web_api_testing/__init__.py

@@ -1,2 +1,5 @@
 from .simple_openapi_documentation import SimpleWebAPIDocumentation
 from .simple_web_api_testing import SimpleWebAPITesting
+from . import response_processing
+from . import documentation
+from . import testing