Metadata-Version: 2.3
Name: logicpwn
Version: 0.2.2
Summary: LogicPwn represents a paradigm shift from traditional security testing toward intelligent, business-aware security automation. Its unique focus on business logic vulnerabilities, combined with enterprise-grade performance and comprehensive documentation, positions it as a leader in the next generation of security testing tools.
Author: Jash Naik
Author-email: jashnaik2004@gmail.com
Requires-Python: >=3.9,<4.0
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Provides-Extra: email
Provides-Extra: providers
Provides-Extra: sms
Requires-Dist: aiohttp (>=3.9.0,<4.0.0)
Requires-Dist: boto3 (>=1.34.0,<2.0.0) ; extra == "sms" or extra == "providers"
Requires-Dist: cryptography (>=42.0.0,<43.0.0)
Requires-Dist: jsonpath-ng (>=1.7.0,<2.0.0)
Requires-Dist: loguru (>=0.7.2,<0.8.0)
Requires-Dist: psutil (>=5.9.0,<6.0.0)
Requires-Dist: pydantic (>=2.5.0,<3.0.0)
Requires-Dist: pytest-asyncio (<1.0)
Requires-Dist: pyyaml (>=6.0.2,<7.0.0)
Requires-Dist: qrcode[pil] (>=7.4.2,<8.0.0)
Requires-Dist: requests (>=2.31.0,<3.0.0)
Requires-Dist: sendgrid (>=6.11.0,<7.0.0) ; extra == "email" or extra == "providers"
Requires-Dist: sphinx (>=7.2.0,<8.0.0)
Requires-Dist: sphinx-autodoc-typehints (>=1.22.0,<2.0.0)
Requires-Dist: sphinx-rtd-theme (>=3.0.2,<4.0.0)
Requires-Dist: tenacity (>=9.1.2,<10.0.0)
Requires-Dist: twilio (>=9.0.0,<10.0.0) ; extra == "sms" or extra == "providers"
Description-Content-Type: text/markdown

# LogicPWN

**Advanced Business Logic Security Testing Framework**

[![Python 3.9+](https://img.shields.io/badge/python-3.9+-blue.svg)](https://www.python.org/downloads/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

A comprehensive Python framework for advanced business logic vulnerability testing, IDOR detection, and multi-step security exploitation. Built for penetration testers, security researchers, and bug bounty hunters.

## Features

- **IDOR Detection**: Intelligent enumeration and cross-user testing
- **Multi-Step Exploit Chains**: Automated complex attack scenarios  
- **High-Performance Async**: Concurrent testing with intelligent rate limiting
- **Enterprise Authentication**: OAuth 2.0, SAML, JWT, MFA support
- **Stress Testing**: Performance validation with security monitoring
- **Rich Reporting**: Comprehensive vulnerability analysis and documentation

## Quick Start

```bash
# Install LogicPWN
pip install logicpwn

# Or install with all features
pip install logicpwn[async,stress,reporting]
```

### Basic Usage

```python
from logicpwn.core.auth import AuthConfig, authenticate_session
from logicpwn.core.access import detect_idor_flaws

# Configure authentication
auth_config = AuthConfig(
    url="https://target.com/login",
    credentials={"username": "testuser", "password": "password"},
    success_indicators=["dashboard", "welcome"]
)

# Get authenticated session
session = authenticate_session(auth_config)

# Test for IDOR vulnerabilities
results = detect_idor_flaws(
    session=session,
    endpoint_template="https://target.com/api/users/{id}",
    test_ids=["user1", "user2", "admin"],
    success_indicators=["profile_data"],
    failure_indicators=["access_denied", "unauthorized"]
)

# Check results
for result in results:
    if result.vulnerability_detected:
        print(f"🚨 IDOR found: {result.test_url}")
```

### Async Testing

```python
import asyncio
from logicpwn.core.runner import AsyncRequestRunner

async def test_endpoints():
    async with AsyncRequestRunner() as runner:
        results = await runner.send_request(
            url="https://target.com/api/data",
            method="GET"
        )
        print(f"Response: {results.status_code}")

asyncio.run(test_endpoints())
```

### Stress Testing

```python
from logicpwn.core.stress import StressTester, StressTestConfig

async def run_stress_test():
    config = StressTestConfig(
        max_concurrent=25,
        duration=30,
        memory_monitoring=True
    )
    
    async with StressTester(config) as tester:
        metrics = await tester.run_stress_test([
            {"url": "https://target.com/api/endpoint", "method": "GET"}
        ])
    
    print(f"Requests/sec: {metrics.requests_per_second:.1f}")
    print(f"Error rate: {metrics.error_rate:.1f}%")

asyncio.run(run_stress_test())
```

## Performance Benchmarks

Real-world performance metrics from comprehensive testing:

| Test Scenario | Requests | Duration | Req/s | Memory | CPU | Error Rate |
|---------------|----------|----------|-------|--------|-----|------------|
| **Basic HTTP Requests** | 100 | 11.36s | 8.8 | 62.2 MB | 12.2% | 0.0% |
| **Async Concurrent** | 100 | 24.82s | 4.0 | 66.3 MB | 30.4% | 3.0% |
| **IDOR Detection** | 25 | 24.90s | 1.0 | 68.8 MB | 50.0% | 0.0% |
| **Stress Testing** | 169 | 51.61s | 3.3 | 73.5 MB | 12.5% | 0.0% |

**Overall Averages:**
- **4.3 requests/second** average throughput
- **67.7 MB** average memory usage  
- **26.2%** average CPU utilization
- **Excellent reliability** with minimal error rates

*Benchmarks performed against public test endpoints with real network conditions.*

## Architecture

LogicPWN is built with a modular, extensible architecture:

```
logicpwn/
├── core/
│   ├── auth/           # Authentication & session management
│   ├── access/         # IDOR & access control testing
│   ├── runner/         # HTTP request execution (sync/async)
│   ├── stress/         # Performance & stress testing
│   ├── validator/      # Response validation & analysis
│   └── logging/        # Secure audit logging
├── models/             # Pydantic data models
├── exceptions/         # Custom exception hierarchy
└── middleware/         # Extensible request/response middleware
```

## Key Components

### Authentication System
- **Multi-protocol support**: OAuth 2.0, SAML, JWT, form-based
- **Session persistence**: Automatic token refresh and CSRF handling
- **MFA integration**: TOTP, SMS verification support

### Access Control Testing
- **Intelligent IDOR detection** with pattern recognition
- **Cross-tenant isolation** testing for SaaS applications
- **Privilege escalation** path discovery and validation

### Performance Engine
- **Async/concurrent execution** for high-throughput testing
- **Adaptive rate limiting** to respect application constraints
- **Memory-efficient** processing for large-scale assessments

## Installation

### Prerequisites
- Python 3.9 or higher
- pip package manager

### Install Options

```bash
# Basic installation
pip install logicpwn

# Full installation with all features
pip install logicpwn[async,stress,reporting]

# Development installation
git clone https://github.com/logicpwn/logicpwn.git
cd logicpwn
poetry install
```

## Documentation

- **[API Reference](docs/api/)** - Complete API documentation
- **[User Guide](docs/guide/)** - Comprehensive usage guide  
- **[Examples](examples/)** - Real-world usage examples
- **[Performance Analysis](docs/performance/)** - Detailed benchmark results

## Testing

```bash
# Run test suite
poetry run pytest

# Run with coverage
poetry run pytest --cov=logicpwn --cov-report=html

# Run performance benchmarks
poetry run python tests/benchmarks/performance_benchmarks.py
```

## Contributing

We welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.

### Development Setup

```bash
git clone https://github.com/logicpwn/logicpwn.git
cd logicpwn
poetry install --with dev
poetry run pre-commit install
```

## Security

LogicPWN is designed for **authorized security testing only**. Please:

- Obtain proper authorization before testing any systems
- Follow responsible disclosure practices
- Respect privacy and confidentiality
- Comply with applicable laws and regulations

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

## Acknowledgments

Built by the security community for security professionals. Special thanks to:

- OWASP for business logic vulnerability research
- The bug bounty community for real-world testing feedback
- Open source contributors and security researchers

---

**⭐ Star us on GitHub if LogicPWN helps secure your applications!**
# LogicPWN

**Advanced Business Logic Security Testing Framework**

[![Python 3.9+](https://img.shields.io/badge/python-3.9+-blue.svg)](https://www.python.org/downloads/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Tests](https://github.com/logicpwn/logicpwn/workflows/tests/badge.svg)](https://github.com/logicpwn/logicpwn/actions)

A comprehensive Python framework for advanced business logic vulnerability testing, IDOR detection, and multi-step security exploitation. Built for penetration testers, security researchers, and bug bounty hunters.

## Features

- **IDOR Detection**: Intelligent enumeration and cross-user testing
- **Multi-Step Exploit Chains**: Automated complex attack scenarios  
- **High-Performance Async**: Concurrent testing with intelligent rate limiting
- **Enterprise Authentication**: OAuth 2.0, SAML, JWT, MFA support
- **Stress Testing**: Performance validation with security monitoring
- **Rich Reporting**: Comprehensive vulnerability analysis and documentation

## Quick Start

```bash
# Install LogicPWN
pip install logicpwn

# Or install with all features
pip install logicpwn[async,stress,reporting]
```

### Basic Usage

```python
from logicpwn.core.auth import AuthConfig, authenticate_session
from logicpwn.core.access import detect_idor_flaws

# Configure authentication
auth_config = AuthConfig(
    url="https://target.com/login",
    credentials={"username": "testuser", "password": "password"},
    success_indicators=["dashboard", "welcome"]
)

# Get authenticated session
session = authenticate_session(auth_config)

# Test for IDOR vulnerabilities
results = detect_idor_flaws(
    session=session,
    endpoint_template="https://target.com/api/users/{id}",
    test_ids=["user1", "user2", "admin"],
    success_indicators=["profile_data"],
    failure_indicators=["access_denied", "unauthorized"]
)

# Check results
for result in results:
    if result.vulnerability_detected:
        print(f"🚨 IDOR found: {result.test_url}")
```

### Async Testing

```python
import asyncio
from logicpwn.core.runner import AsyncRequestRunner

async def test_endpoints():
    async with AsyncRequestRunner() as runner:
        results = await runner.send_request(
            url="https://target.com/api/data",
            method="GET"
        )
        print(f"Response: {results.status_code}")

asyncio.run(test_endpoints())
```

### Stress Testing

```python
from logicpwn.core.stress import StressTester, StressTestConfig

async def run_stress_test():
    config = StressTestConfig(
        max_concurrent=25,
        duration=30,
        memory_monitoring=True
    )
    
    async with StressTester(config) as tester:
        metrics = await tester.run_stress_test([
            {"url": "https://target.com/api/endpoint", "method": "GET"}
        ])
    
    print(f"Requests/sec: {metrics.requests_per_second:.1f}")
    print(f"Error rate: {metrics.error_rate:.1f}%")

asyncio.run(run_stress_test())
```

## Performance Benchmarks

performance metrics from comprehensive testing:

| Test Scenario | Requests | Duration | Req/s | Memory | CPU | Error Rate |
|---------------|----------|----------|-------|--------|-----|------------|
| **Basic HTTP Requests** | 100 | 11.36s | 8.8 | 62.2 MB | 12.2% | 0.0% |
| **Async Concurrent** | 100 | 24.82s | 4.0 | 66.3 MB | 30.4% | 3.0% |
| **IDOR Detection** | 25 | 24.90s | 1.0 | 68.8 MB | 50.0% | 0.0% |
| **Stress Testing** | 169 | 51.61s | 3.3 | 73.5 MB | 12.5% | 0.0% |

**Overall Averages:**
- **4.3 requests/second** average throughput
- **67.7 MB** average memory usage  
- **26.2%** average CPU utilization
- **Excellent reliability** with minimal error rates

*Benchmarks performed against public test endpoints with real network conditions.*

## Architecture

LogicPWN is built with a modular, extensible architecture:

```
logicpwn/
├── core/
│   ├── auth/           # Authentication & session management
│   ├── access/         # IDOR & access control testing
│   ├── runner/         # HTTP request execution (sync/async)
│   ├── stress/         # Performance & stress testing
│   ├── validator/      # Response validation & analysis
│   └── logging/        # Secure audit logging
├── models/             # Pydantic data models
├── exceptions/         # Custom exception hierarchy
└── middleware/         # Extensible request/response middleware
```

## Key Components

### Authentication System
- **Multi-protocol support**: OAuth 2.0, SAML, JWT, form-based
- **Session persistence**: Automatic token refresh and CSRF handling
- **MFA integration**: TOTP, SMS verification support

### Access Control Testing
- **Intelligent IDOR detection** with pattern recognition
- **Cross-tenant isolation** testing for SaaS applications
- **Privilege escalation** path discovery and validation

### Performance Engine
- **Async/concurrent execution** for high-throughput testing
- **Adaptive rate limiting** to respect application constraints
- **Memory-efficient** processing for large-scale assessments

## Installation

### Prerequisites
- Python 3.9 or higher
- pip package manager

### Install Options

```bash
# Basic installation
pip install logicpwn

# Full installation with all features
pip install logicpwn[async,stress,reporting]

# Development installation
git clone https://github.com/logicpwn/logicpwn.git
cd logicpwn
poetry install
```

## Documentation

- **[API Reference](docs/api/)** - Complete API documentation
- **[User Guide](docs/guide/)** - Comprehensive usage guide  
- **[Examples](examples/)** - Real-world usage examples
- **[Performance Analysis](docs/performance/)** - Detailed benchmark results

## Testing

```bash
# Run test suite
poetry run pytest

# Run with coverage
poetry run pytest --cov=logicpwn --cov-report=html

# Run performance benchmarks
poetry run python tests/benchmarks/performance_benchmarks.py
```

## Contributing

We welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.

### Development Setup

```bash
git clone https://github.com/logicpwn/logicpwn.git
cd logicpwn
poetry install --with dev
poetry run pre-commit install
```

## Security

LogicPWN is designed for **authorized security testing only**. Please:

- Obtain proper authorization before testing any systems
- Follow responsible disclosure practices
- Respect privacy and confidentiality
- Comply with applicable laws and regulations

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

## Acknowledgments

Built by the security community for security professionals. Special thanks to:

- OWASP for business logic vulnerability research
- The bug bounty community for real-world testing feedback
- Open source contributors and security researchers

---

**⭐ Star us on GitHub if LogicPWN helps secure your applications!**

