feat: enhance reconnaissance, add AI recon analyzer, multi-stage test generation, and --instruction flag

Author: vishnurajkv

.gitignore

@@ -4,28 +4,92 @@ env/
 .venv/
 .env
 .sisyphus
+ENV/
+env.bak/
+venv.bak/
 
 # Application results
 results/
+strix_runs/
+test_output.txt
+all_tests.txt
 
-# Python Cache
+# Python Cache and Compilation
 __pycache__/
-*.pyc
-*.pyo
-*.pyd
+*.py[cod]
+*$py.class
+*.so
 .pytest_cache/
 .coverage
+.coverage.*
+coverage.xml
 htmlcov/
 *.egg-info/
+.eggs/
+*.egg
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.installed.cfg
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+.ruff_cache/
+.mypy_cache/
+.tox/
+
+# Logs
+*.log
 
 # macOS
 .DS_Store
+.AppleDouble
+.LSOverride
+Icon
+._*
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.Trashes
+.VolumeIcon.icns
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# Windows
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+*.stackdump
+[Dd]esktop.ini
+$RECYCLE.BIN/
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+*.lnk
 
-# IDEs
+# IDEs and Editors
 .idea/
 .vscode/
 .cursor/
-test_output.txt
-all_tests.txt
-results/
-strix_runs/
+*.swp
+*.swo
+*~
+.history/
+*.code-workspace
+.metadata/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+

README.md

@@ -11,7 +11,8 @@ AI-augmented, schema-driven API penetration testing from OpenAPI/Swagger specs,
 SecNode API helps security engineers and backend teams run repeatable API risk assessments in staging and CI without writing one-off test scripts for every target.
 
 - Ingests local or remote OpenAPI/Swagger schema files
-- Uses an LLM to understand API behavior and generate adversarial test cases
+- Performs **Multi-stage specialized AI generation** (Auth, Injection, Infrastructure, Business Logic) to maximize vulnerability coverage
+- Performs enhanced reconnaissance (mutations, method probing, parameter fuzzing) augmented by an **AI Recon Analyzer** for shadow endpoints
 - Executes tests concurrently with optional proxy routing
 - Supports autonomous agent mode with request budgets and iterative replanning
 - Supports direct microservices mode with controller/planner/worker boundaries
@@ -120,6 +121,7 @@ secnodeapi --target https://api.example.com/swagger.json --dry-run --dry-run-out
 secnodeapi --target https://api.example.com/swagger.json --auth-header "Authorization: Bearer <token>"
 secnodeapi --target https://api.example.com/swagger.json --proxy http://127.0.0.1:8080 --insecure
 secnodeapi --target https://api.example.com/swagger.json --mode agent --request-budget 500 --max-iterations 6
+secnodeapi --target https://api.example.com/swagger.json --mode agent --instruction "username=admin, role=superuser" --instruction "username=user"
 secnodeapi --target https://api.example.com/swagger.json --mode microservices
 ```
 
@@ -132,6 +134,7 @@ secnodeapi --target https://api.example.com/swagger.json --mode microservices
 - `--auth-header` single inline auth header
 - `--auth-file` JSON file of auth headers
 - `--identities-file` JSON identities for differential auth testing
+- `--instruction` comma-separated key=value pairs for instruction sets (repeatable)
 - `--schema-only` output normalized API structure and exit
 - `--dry-run` generate tests without executing
 - `--dry-run-output` write generated tests to JSON (requires `--dry-run`)