Thank you for your interest in contributing! This document provides guidelines for contributing to the project.
- Additional DBMS support (Cassandra, Redis, CouchDB)
- More WAF signatures (Sucuri, Wordfence, etc.)
- HTML report generation
- Burp Suite / ZAP integration plugin
- Mobile app testing support
- Additional tamper scripts
- Rate limiting improvements
- Proxy chain support
- Custom payload file loading
- Session management improvements
- Documentation translations
- Video tutorials
- CI/CD pipeline improvements
# Clone the repository
git clone https://github.com/fevra-dev/Stiletto.git
cd Stiletto
# Create virtual environment
python3 -m venv venv
source venv/bin/activate
# Install dependencies
pip install -r requirements.txt
# Run tests
pytest tests/ -v- Follow PEP 8 guidelines
- Use type hints for function signatures
- Maximum line length: 100 characters
- Use descriptive variable names
- All functions must have docstrings (JSDoc3 style)
- Comments should explain "why" not "what"
- Update README.md for new features
def detect_waf(self, headers: Dict[str, str], body: str, status: int) -> WAFDetectionResult:
"""
Detect WAF from HTTP response characteristics.
Uses three-phase detection methodology:
1. Header pattern matching
2. Response body analysis
3. Status code correlation
Args:
headers: HTTP response headers dictionary
body: Response body content
status: HTTP status code
Returns:
WAFDetectionResult with detection details and bypass recommendations
Raises:
ValueError: If headers is None
"""# All tests
pytest tests/ -v
# Specific test file
pytest tests/test_scanner.py -v
# With coverage
pytest tests/ --cov=src --cov-report=html- Add tests for all new features
- Test both success and failure cases
- Use descriptive test names
- Mock external HTTP requests
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Commit changes:
git commit -m 'Add amazing feature' - Push to branch:
git push origin feature/amazing-feature - Open a Pull Request
- Code follows style guidelines
- Tests pass locally
- New tests added for new features
- Documentation updated
- No linting errors
Use conventional commits:
feat: add MongoDB NoSQL injection support
fix: resolve timeout issue in time-based detection
docs: update README with new examples
test: add WAF detection tests
refactor: improve payload generation logic
Include:
- Python version
- OS and version
- Steps to reproduce
- Expected vs actual behavior
- Error messages/logs
Include:
- Use case description
- Proposed solution
- Alternative solutions considered
For security vulnerabilities, please email directly instead of opening a public issue.
By contributing, you agree that your contributions will be licensed under the MIT License.
Thank you for helping make Stiletto better! π