import json import urllib.error import urllib.request from datetime import datetime BUG_SCOPE_TEMPLATE = """Bug bounty scope card Program: Authorized assets: Out-of-scope assets: Allowed test types: Disallowed test types: Rate limits: Data handling: Proof standard: Stop conditions: Notes: """ BUG_CHECKLIST = """Bug bot checklist 1. Confirm the target is in scope and write down the exact asset. 2. Identify the user role, account type, and permission level being tested. 3. Map normal behavior before looking for broken behavior. 4. Capture request, response, timestamp, account, and environment notes. 5. Prefer low-impact proof with synthetic data. 6. Stop if testing risks service disruption, privacy exposure, or out-of-scope access. 7. Convert every finding into: impact, evidence, reproduction, fix, and confidence. """ BUG_REPORT_TEMPLATE = """# Title Clear vulnerability type in one affected asset. ## Summary What is broken, where it is broken, and why it matters. ## Scope - Program: - Asset: - Account/role: - Authorization notes: ## Impact Explain the realistic security consequence without exaggerating. ## Steps To Reproduce 1. 2. 3. ## Evidence - Request/response IDs: - Screenshots or Burp items: - Timestamps: ## Expected Result What should happen. ## Actual Result What happened instead. ## Suggested Fix Practical remediation or hardening idea. ## Notes Limits, assumptions, and anything intentionally not tested. """ def bridge_status(url="http://localhost:11434"): started = datetime.now().isoformat(timespec="seconds") try: with urllib.request.urlopen(url, timeout=2) as response: body = response.read(160).decode("utf-8", errors="replace").strip() return ( "Local AI bridge\n" f"- url: {url}\n" f"- status: reachable ({response.status})\n" f"- checked_at: {started}\n" f"- preview: {body or 'no body'}" ) except urllib.error.URLError as exc: return ( "Local AI bridge\n" f"- url: {url}\n" "- status: offline or unreachable\n" f"- checked_at: {started}\n" f"- detail: {exc.reason}" ) except Exception as exc: return ( "Local AI bridge\n" f"- url: {url}\n" "- status: check failed\n" f"- checked_at: {started}\n" f"- detail: {type(exc).__name__}: {exc}" ) def format_mission(target, goal, status="active", notes=""): target = target.strip() goal = goal.strip() status = status.strip() or "active" notes = notes.strip() return { "target": target, "goal": goal, "status": status, "notes": notes, "created_at": datetime.now().isoformat(timespec="seconds"), } def render_mission(mission): return ( "Bug mission\n" f"- target: {mission.get('target', '')}\n" f"- goal: {mission.get('goal', '')}\n" f"- status: {mission.get('status', '')}\n" f"- created_at: {mission.get('created_at', '')}\n" f"- notes: {mission.get('notes', '') or 'none'}" ) def parse_mission_args(args): target, sep, rest = args.partition("|") goal, sep2, notes = rest.partition("|") if not sep or not target.strip() or not goal.strip(): raise ValueError("Use: /bug mission | | [notes]") return format_mission(target, goal, notes=notes if sep2 else "") def parse_note_args(args): target, sep, note = args.partition("|") if not sep or not target.strip() or not note.strip(): raise ValueError("Use: /bug note | ") return target.strip(), note.strip() def mission_to_document(mission): return ( f"Bug Mission: {mission['target']}\n" f"Goal: {mission['goal']}\n" f"Status: {mission['status']}\n" f"Notes: {mission['notes'] or 'none'}\n" f"Created: {mission['created_at']}" ) def note_to_document(target, note): return ( f"Bug Note: {target}\n" f"Note: {note}\n" f"Created: {datetime.now().isoformat(timespec='seconds')}" ) def metadata_json(payload): return json.dumps(payload, sort_keys=True)