This repo is a template for building an OXO agent in Python. It ships with Good best practices like:
- Github actions workflow
- Linting checks with Ruff
- Static typing checks with Mypy
- Running the unit test with Pytest
Here are links to good resources to get started:
To contribute to this project, follow these steps:
- Fork this repository.
- Clone your forked repository:
git clone <your_fork_url> - Navigate into your repository's directory:
cd <repository_directory> - Create a new branch:
git checkout -b <branch_name>. - Install the dependencies:
pip install -r requirements.txt. - Make your changes.
- Ensure the tests pass:
pip install -r tests/requirements.txt pytest . - Ensure the linter passes:
pip install -r linting-requirements.txt ruff format . ruff check .
- Ensure the static type checks pass:
pip install -r typing-requirements.txt mypy
- Commit your changes:
git commit -m '<commit_message>'. - Push to the remote branch:
git push origin <branch_name>. - Create a pull request from the forked repository.
Implementation of popular tools like:
semgrep for source code scanning.- nbtscan: Scans for open NETBIOS nameservers on your target’s network.
- onesixtyone: Fast scanner to find publicly exposed SNMP services.
- Retire.js: Scanner detecting the use of JavaScript libraries with known vulnerabilities.
- snallygaster: Finds file leaks and other security problems on HTTP servers.
- testssl.sh: Identify various TLS/SSL weaknesses, including Heartbleed, CRIME and ROBOT.
TruffleHog: Searches through git repositories for high entropy strings and secrets, digging deep into commit history.- cve-bin-tool: Scan binaries for vulnerable components.
- XSStrike: XSS web vulnerability scanner with generative payload.
Subjack: Subdomain takeover scanning tool.- DnsReaper: Subdomain takeover scanning tool.