Automated penetration testing tool for web applications deployed by inmydata's agentic coding pipeline. Combines OWASP ZAP (DAST scanning) and Nuclei (template-driven vulnerability detection) into a single orchestrated pipeline with unified HTML reporting.
┌─────────────────────────────────────────────────────────┐
│ CI/CD Pipeline │
│ (GitHub Actions / AWS CodePipeline) │
└──────────────────────┬──────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ pentest.py (Orchestrator) │
│ │
│ 1. Load config.yaml │
│ 2. Authenticate via AWS Cognito │
│ 3. Run ZAP spider + active scan (authenticated) │
│ 4. Run Nuclei with custom + community templates │
│ 5. Merge findings, deduplicate, rank by severity │
│ 6. Generate HTML report │
└───────┬────────────────────────┬────────────────────────┘
│ │
▼ ▼
┌───────────────┐ ┌───────────────────────┐
│ OWASP ZAP │ │ Nuclei │
│ (Docker) │ │ (Binary / Docker) │
│ │ │ │
│ - Spider │ │ - Community temps │
│ - Ajax Spider│ │ - Custom temps │
│ - Passive │ │ (inmydata-specific) │
│ - Active │ │ - CVE detection │
│ - Auth scan │ │ - Misconfig checks │
└───────────────┘ └───────────────────────┘
│ │
└──────────┬─────────────┘
▼
┌────────────────────┐
│ HTML Report │
│ │
│ - Executive summ │
│ - Findings table │
│ - Risk breakdown │
│ - Remediation │
└────────────────────┘
- Docker and Docker Compose
- Python 3.11+
- AWS credentials configured (for Cognito authentication)
# Clone the repo
git clone <your-repo-url>
cd inmydata-pentest
# Install Python dependencies
pip install -r requirements.txt
# Pull ZAP Docker image
docker pull ghcr.io/zaproxy/zaproxy:stable
# Install Nuclei
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
# Or use Docker: docker pull projectdiscovery/nuclei:latestCopy and edit the config file:
cp config.example.yaml config.yamlEdit config.yaml with your target URLs, Cognito settings, and scan preferences.
# Full scan against a target
python pentest.py --config config.yaml --target https://app.example.com
# Quick scan (passive only, no active exploitation)
python pentest.py --config config.yaml --target https://app.example.com --mode quick
# Scan with custom Nuclei templates only
python pentest.py --config config.yaml --target https://app.example.com --nuclei-onlyAdd the workflow from .github/workflows/pentest.yml to your repo. Configure the following secrets:
PENTEST_TARGET_URL- the URL to scanAWS_ACCESS_KEY_ID- for Cognito authAWS_SECRET_ACCESS_KEY- for Cognito authCOGNITO_USER_POOL_ID- your Cognito user poolCOGNITO_CLIENT_ID- your Cognito app client IDCOGNITO_USERNAME- test user for authenticated scanningCOGNITO_PASSWORD- test user password
The templates/nuclei/ directory contains inmydata-specific templates targeting common patterns in agentic-built applications.
api-auth-bypass.yaml- Tests for authentication bypass on API routescors-misconfiguration.yaml- Detects overly permissive CORS policiesexposed-debug-endpoints.yaml- Finds debug/admin endpoints left exposednextjs-misconfig.yaml- Next.js specific misconfigurationsexposed-env-vars.yaml- Environment variable and secret exposure
Reports are saved to the reports/ directory as timestamped HTML files. Each report includes an executive summary with risk scoring, a detailed findings table sorted by severity, remediation guidance for each finding, and scan metadata (duration, tools used, coverage).
| Level | Description |
|---|---|
| Critical | Actively exploitable, immediate data breach risk |
| High | Exploitable with moderate effort, significant impact |
| Medium | Potential vulnerability, requires specific conditions |
| Low | Informational, best-practice violations |
Internal use only. Copyright DataPA Limited.