guardian-ai-pentest-cli

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Guardian AI Pentest CLI

Guardian AI渗透测试CLI

Skill by ara.so — Devtools Skills collection.

Guardian is an enterprise-grade AI-powered penetration testing automation framework that combines multiple AI providers (OpenAI GPT-4, Claude, Gemini, OpenRouter) with 19+ battle-tested security tools to deliver intelligent, adaptive security assessments with comprehensive evidence capture. It uses a multi-agent architecture where specialized AI agents (Planner, Tool Selector, Analyst, Reporter) collaborate to conduct penetration tests.

由 ara.so 开发的技能工具 — 属于Devtools Skills合集。

Guardian 是一款企业级的AI驱动渗透测试自动化框架，它结合了多个AI提供商（OpenAI GPT-4、Claude、Gemini、OpenRouter）以及19款以上经过实战检验的安全工具，可提供智能化、自适应的安全评估，并完成全面的证据捕获。它采用多Agent架构，由专业的AI Agent（规划器、工具选择器、分析器、报告生成器）协作开展渗透测试。

Installation

安装

Prerequisites

前置条件

Python 3.11 or higher
AI Provider API Key (OpenAI, Anthropic, Google, or OpenRouter)
Git

Python 3.11 或更高版本
AI提供商API密钥（OpenAI、Anthropic、Google或OpenRouter）
Git

Setup

安装步骤

bash

undefined

bash

undefined

Clone the repository

克隆仓库

git clone https://github.com/zakirkun/guardian-cli.git cd guardian-cli

Create virtual environment

创建虚拟环境

python3 -m venv venv source venv/bin/activate # On Windows: .\venv\Scripts\activate

python3 -m venv venv source venv/bin/activate # Windows系统请执行: .\venv\Scripts\activate

Install Guardian

安装Guardian

pip install -e .

Verify installation

验证安装

python -m cli.main --help

undefined

python -m cli.main --help

undefined

Environment Variables

环境变量

Set your AI provider API key:

bash

undefined

设置AI提供商的API密钥：

bash

undefined

OpenAI (recommended)

OpenAI（推荐）

export OPENAI_API_KEY="sk-your-key-here"

Or Anthropic Claude

或Anthropic Claude

export ANTHROPIC_API_KEY="sk-ant-your-key-here"

Or Google Gemini

或Google Gemini

export GOOGLE_API_KEY="your-gemini-key"

Or OpenRouter

或OpenRouter

export OPENROUTER_API_KEY="your-router-key"

undefined

export OPENROUTER_API_KEY="your-router-key"

undefined

Configuration

配置

Guardian uses

config/guardian.yaml

for configuration:

yaml

undefined

Guardian 使用

config/guardian.yaml

文件进行配置：

yaml

undefined

config/guardian.yaml

ai: provider: openai # openai, claude, gemini, openrouter

openai: model: gpt-4o api_key: null # Uses OPENAI_API_KEY env var

claude: model: claude-3-5-sonnet-20241022 api_key: null # Uses ANTHROPIC_API_KEY env var

gemini: model: gemini-2.5-pro api_key: null # Uses GOOGLE_API_KEY env var

temperature: 0.2 max_tokens: 8000

pentest: safe_mode: true # Prevent destructive actions require_confirmation: true # Confirm before each step max_parallel_tools: 3 # Concurrent tool execution max_depth: 3 # Maximum scan depth tool_timeout: 300 # Tool timeout in seconds

output: format: markdown # markdown, html, json save_path: ./reports include_reasoning: true verbosity: normal # quiet, normal, verbose, debug

scope: blacklist: # Never scan these networks - 127.0.0.0/8 - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 require_scope_file: false max_targets: 100

tools: httpx: threads: 50 timeout: 10 tech_detect: true

nuclei: severity: ["critical", "high", "medium"] templates_path: ~/nuclei-templates

nmap: default_args: "-sV -sC" rate: 1000

undefined

ai: provider: openai # 可选值：openai, claude, gemini, openrouter

openai: model: gpt-4o api_key: null # 使用OPENAI_API_KEY环境变量

claude: model: claude-3-5-sonnet-20241022 api_key: null # 使用ANTHROPIC_API_KEY环境变量

gemini: model: gemini-2.5-pro api_key: null # 使用GOOGLE_API_KEY环境变量

temperature: 0.2 max_tokens: 8000

pentest: safe_mode: true # 防止破坏性操作 require_confirmation: true # 每一步操作前需确认 max_parallel_tools: 3 # 工具并发执行数量 max_depth: 3 # 最大扫描深度 tool_timeout: 300 # 工具超时时间（秒）

output: format: markdown # 输出格式：markdown, html, json save_path: ./reports include_reasoning: true verbosity: normal # 日志级别：quiet, normal, verbose, debug

scope: blacklist: # 禁止扫描的网络 - 127.0.0.0/8 - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 require_scope_file: false max_targets: 100

tools: httpx: threads: 50 timeout: 10 tech_detect: true

nuclei: severity: ["critical", "high", "medium"] templates_path: ~/nuclei-templates

nmap: default_args: "-sV -sC" rate: 1000

undefined

Key Commands

核心命令

Workflow Management

工作流管理

bash

undefined

bash

undefined

List all available workflows

列出所有可用工作流

python -m cli.main workflow list

Run a specific workflow

运行指定工作流

python -m cli.main workflow run --name web_pentest --target example.com

Run with custom AI provider

使用自定义AI提供商运行

python -m cli.main workflow run --name network --target 192.168.1.0/24 --provider claude

Run with confirmation disabled for automation

禁用确认模式以实现自动化运行

python -m cli.main workflow run --name recon --target example.com --no-confirm

undefined

python -m cli.main workflow run --name recon --target example.com --no-confirm

undefined

AI Provider Management

AI提供商管理

bash

undefined

bash

undefined

List available AI providers and models

列出可用的AI提供商及模型

python -m cli.main models

Test AI provider connection

测试AI提供商连接

python -m cli.main models --provider openai

undefined

python -m cli.main models --provider openai

undefined

Report Generation

报告生成

bash

undefined

bash

undefined

Generate report from session (Markdown)

从会话生成Markdown报告

python -m cli.main report --session 20260203_175905 --format markdown

Generate HTML report with evidence

生成包含证据的HTML报告

python -m cli.main report --session 20260203_175905 --format html

Generate JSON report for parsing

生成可解析的JSON报告

python -m cli.main report --session 20260203_175905 --format json

List all sessions

列出所有会话

python -m cli.main sessions list

undefined

python -m cli.main sessions list

undefined

Built-in Workflows

内置工作流

Guardian includes several pre-configured workflows:

Guardian 包含多个预配置的工作流：

1. Web Penetration Testing

1. Web渗透测试

bash

python -m cli.main workflow run --name web_pentest --target https://example.com

What it does:

HTTP probing with httpx
Technology fingerprinting with WhatWeb
WAF detection with Wafw00f
Vulnerability scanning with Nuclei
Directory enumeration with Gobuster
Parameter discovery with Arjun
XSS detection with XSStrike

bash

python -m cli.main workflow run --name web_pentest --target https://example.com

执行内容：

使用httpx进行HTTP探测
使用WhatWeb进行技术指纹识别
使用Wafw00f进行WAF检测
使用Nuclei进行漏洞扫描
使用Gobuster进行目录枚举
使用Arjun进行参数发现
使用XSStrike进行XSS检测

2. Network Assessment

2. 网络评估

bash

python -m cli.main workflow run --name network --target 192.168.1.0/24

What it does:

Port scanning with Nmap/Masscan
Service enumeration
SSL/TLS testing with TestSSL/SSLyze
Vulnerability assessment

bash

python -m cli.main workflow run --name network --target 192.168.1.0/24

执行内容：

使用Nmap/Masscan进行端口扫描
服务枚举
使用TestSSL/SSLyze进行SSL/TLS测试
漏洞评估

3. Reconnaissance

3. 信息收集

bash

python -m cli.main workflow run --name recon --target example.com

What it does:

Subdomain discovery with Subfinder/Amass
DNS enumeration with DNSRecon
HTTP discovery
Technology mapping

bash

python -m cli.main workflow run --name recon --target example.com

执行内容：

使用Subfinder/Amass进行子域名发现
使用DNSRecon进行DNS枚举
HTTP服务发现
技术映射

4. Autonomous Mode

4. 自主模式

bash

python -m cli.main workflow run --name autonomous --target example.com

What it does:

AI-driven decision making at each step
Adaptive testing based on findings
Dynamic tool selection
Continuous analysis and pivoting

bash

python -m cli.main workflow run --name autonomous --target example.com

执行内容：

每一步均由AI驱动决策
根据发现结果自适应测试
动态选择工具
持续分析与渗透

Creating Custom Workflows

创建自定义工作流

Workflows are defined in

config/workflows/

as YAML files:

yaml

undefined

工作流以YAML文件形式定义在

config/workflows/

目录下：

yaml

undefined

config/workflows/my_custom_workflow.yaml

name: my_custom_workflow description: Custom security assessment workflow version: 1.0.0

metadata: author: Security Team tags: - custom - web - api

parameters:

These override config defaults

httpx: threads: 100 timeout: 15 nuclei: severity: ["critical", "high"] rate_limit: 150

steps:

name: http_discovery tool: httpx description: Discover live HTTP services parameters: tech_detect: true status_code: true
name: vulnerability_scan tool: nuclei description: Scan for known vulnerabilities depends_on:
- http_discovery parameters: severity: ["critical", "high"]
name: api_fuzzing tool: ffuf description: Fuzz API endpoints depends_on:
- http_discovery parameters: wordlist: /usr/share/wordlists/api-endpoints.txt threads: 50

analysis: focus_areas: - API security - Authentication bypass - Data exposure

severity_threshold: medium

ai_guidance: | Focus on API-specific vulnerabilities including: - Broken authentication - Excessive data exposure - Lack of rate limiting - Injection flaws


Run your custom workflow:

```bash
python -m cli.main workflow run --name my_custom_workflow --target api.example.com

name: my_custom_workflow description: 自定义安全评估工作流 version: 1.0.0

metadata: author: Security Team tags: - custom - web - api

parameters:

覆盖配置文件中的默认值

httpx: threads: 100 timeout: 15 nuclei: severity: ["critical", "high"] rate_limit: 150

steps:

name: http_discovery tool: httpx description: 发现存活的HTTP服务 parameters: tech_detect: true status_code: true
name: vulnerability_scan tool: nuclei description: 扫描已知漏洞 depends_on:
- http_discovery parameters: severity: ["critical", "high"]
name: api_fuzzing tool: ffuf description: 模糊测试API端点 depends_on:
- http_discovery parameters: wordlist: /usr/share/wordlists/api-endpoints.txt threads: 50

analysis: focus_areas: - API安全 - 身份认证绕过 - 数据泄露

severity_threshold: medium

ai_guidance: | 重点关注API特有的漏洞，包括： - 身份认证失效 - 过度数据暴露 - 缺少速率限制 - 注入缺陷


运行自定义工作流：

```bash
python -m cli.main workflow run --name my_custom_workflow --target api.example.com

Creating Custom Tools

创建自定义工具

Define custom tools in

config/tools/

as Python modules:

python

undefined

自定义工具以Python模块形式定义在

config/tools/

目录下：

python

undefined

config/tools/my_tool.py

from core.tools.base import BaseTool, ToolResult from typing import Dict, Any, Optional import subprocess import json

class MyCustomTool(BaseTool): """Custom security tool integration."""

name = "my_custom_tool"
description = "Performs custom security checks"
category = "web"

def __init__(self):
    super().__init__()
    self.required_params = ["target"]
    self.optional_params = ["timeout", "verbose"]

async def execute(
    self,
    target: str,
    timeout: int = 30,
    verbose: bool = False,
    **kwargs
) -> ToolResult:
    """Execute the custom tool."""
    
    # Build command
    cmd = [
        "my-custom-tool",
        "--target", target,
        "--timeout", str(timeout),
    ]
    
    if verbose:
        cmd.append("--verbose")
    
    try:
        # Execute tool
        result = subprocess.run(
            cmd,
            capture_output=True,
            text=True,
            timeout=timeout,
            check=False
        )
        
        # Parse output
        findings = self._parse_output(result.stdout)
        
        return ToolResult(
            success=result.returncode == 0,
            output=result.stdout,
            error=result.stderr if result.returncode != 0 else None,
            data={
                "findings": findings,
                "target": target,
                "exit_code": result.returncode
            }
        )
        
    except subprocess.TimeoutExpired:
        return ToolResult(
            success=False,
            output="",
            error=f"Tool timed out after {timeout} seconds"
        )
    except Exception as e:
        return ToolResult(
            success=False,
            output="",
            error=f"Tool execution failed: {str(e)}"
        )

def _parse_output(self, output: str) -> list:
    """Parse tool output into structured findings."""
    findings = []
    
    for line in output.splitlines():
        if line.strip() and not line.startswith("#"):
            findings.append({
                "raw": line,
                "severity": self._detect_severity(line)
            })
    
    return findings

def _detect_severity(self, line: str) -> str:
    """Detect finding severity from output."""
    line_lower = line.lower()
    if any(word in line_lower for word in ["critical", "severe"]):
        return "critical"
    elif any(word in line_lower for word in ["high", "important"]):
        return "high"
    elif any(word in line_lower for word in ["medium", "moderate"]):
        return "medium"
    else:
        return "low"

def validate_params(self, params: Dict[str, Any]) -> tuple[bool, Optional[str]]:
    """Validate tool parameters."""
    if "target" not in params:
        return False, "Target parameter is required"
    
    target = params["target"]
    if not target or not isinstance(target, str):
        return False, "Target must be a non-empty string"
    
    return True, None


Register your tool in `config/tools/__init__.py`:

```python
from .my_tool import MyCustomTool

__all__ = ["MyCustomTool"]

from core.tools.base import BaseTool, ToolResult from typing import Dict, Any, Optional import subprocess import json

class MyCustomTool(BaseTool): """自定义安全工具集成。"""

name = "my_custom_tool"
description = "执行自定义安全检查"
category = "web"

def __init__(self):
    super().__init__()
    self.required_params = ["target"]
    self.optional_params = ["timeout", "verbose"]

async def execute(
    self,
    target: str,
    timeout: int = 30,
    verbose: bool = False,
    **kwargs
) -> ToolResult:
    """执行自定义工具。"""
    
    # 构建命令
    cmd = [
        "my-custom-tool",
        "--target", target,
        "--timeout", str(timeout),
    ]
    
    if verbose:
        cmd.append("--verbose")
    
    try:
        # 执行工具
        result = subprocess.run(
            cmd,
            capture_output=True,
            text=True,
            timeout=timeout,
            check=False
        )
        
        # 解析输出
        findings = self._parse_output(result.stdout)
        
        return ToolResult(
            success=result.returncode == 0,
            output=result.stdout,
            error=result.stderr if result.returncode != 0 else None,
            data={
                "findings": findings,
                "target": target,
                "exit_code": result.returncode
            }
        )
        
    except subprocess.TimeoutExpired:
        return ToolResult(
            success=False,
            output="",
            error=f"工具在{timeout}秒后超时"
        )
    except Exception as e:
        return ToolResult(
            success=False,
            output="",
            error=f"工具执行失败: {str(e)}"
        )

def _parse_output(self, output: str) -> list:
    """将工具输出解析为结构化的发现结果。"""
    findings = []
    
    for line in output.splitlines():
        if line.strip() and not line.startswith("#"):
            findings.append({
                "raw": line,
                "severity": self._detect_severity(line)
            })
    
    return findings

def _detect_severity(self, line: str) -> str:
    """从输出中识别发现结果的严重级别。"""
    line_lower = line.lower()
    if any(word in line_lower for word in ["critical", "severe"]):
        return "critical"
    elif any(word in line_lower for word in ["high", "important"]):
        return "high"
    elif any(word in line_lower for word in ["medium", "moderate"]):
        return "medium"
    else:
        return "low"

def validate_params(self, params: Dict[str, Any]) -> tuple[bool, Optional[str]]:
    """验证工具参数。"""
    if "target" not in params:
        return False, "必须提供目标参数"
    
    target = params["target"]
    if not target or not isinstance(target, str):
        return False, "目标必须是非空字符串"
    
    return True, None


在 `config/tools/__init__.py` 中注册自定义工具：

```python
from .my_tool import MyCustomTool

__all__ = ["MyCustomTool"]

Python API Usage

Python API 使用

Guardian can be used programmatically:

python

from core.orchestrator import PentestOrchestrator
from core.ai.factory import AIProviderFactory
from core.config import Config
import asyncio

async def run_pentest():
    # Load configuration
    config = Config.load("config/guardian.yaml")
    
    # Initialize AI provider
    ai_provider = AIProviderFactory.create_provider(
        provider_type="openai",
        config=config.ai
    )
    
    # Create orchestrator
    orchestrator = PentestOrchestrator(
        ai_provider=ai_provider,
        config=config
    )
    
    # Define target
    target = "https://example.com"
    
    # Run workflow
    results = await orchestrator.run_workflow(
        workflow_name="web_pentest",
        target=target,
        parameters={
            "httpx": {"threads": 100},
            "nuclei": {"severity": ["critical", "high"]}
        }
    )
    
    # Access results
    print(f"Total findings: {len(results.findings)}")
    
    for finding in results.findings:
        print(f"\n[{finding.severity}] {finding.title}")
        print(f"Tool: {finding.tool}")
        print(f"Evidence: {finding.evidence[:200]}...")
    
    # Generate report
    report = await orchestrator.generate_report(
        results=results,
        format="markdown"
    )
    
    with open("report.md", "w") as f:
        f.write(report)

Guardian 支持以编程方式调用：

python

from core.orchestrator import PentestOrchestrator
from core.ai.factory import AIProviderFactory
from core.config import Config
import asyncio

async def run_pentest():
    # 加载配置
    config = Config.load("config/guardian.yaml")
    
    # 初始化AI提供商
    ai_provider = AIProviderFactory.create_provider(
        provider_type="openai",
        config=config.ai
    )
    
    # 创建编排器
    orchestrator = PentestOrchestrator(
        ai_provider=ai_provider,
        config=config
    )
    
    # 定义目标
    target = "https://example.com"
    
    # 运行工作流
    results = await orchestrator.run_workflow(
        workflow_name="web_pentest",
        target=target,
        parameters={
            "httpx": {"threads": 100},
            "nuclei": {"severity": ["critical", "high"]}
        }
    )
    
    # 访问结果
    print(f"总发现数: {len(results.findings)}")
    
    for finding in results.findings:
        print(f"\n[{finding.severity}] {finding.title}")
        print(f"工具: {finding.tool}")
        print(f"证据: {finding.evidence[:200]}...")
    
    # 生成报告
    report = await orchestrator.generate_report(
        results=results,
        format="markdown"
    )
    
    with open("report.md", "w") as f:
        f.write(report)

Run the pentest

执行渗透测试

asyncio.run(run_pentest())

undefined

asyncio.run(run_pentest())

undefined

Advanced Usage Patterns

高级使用模式

Custom AI Agent Configuration

自定义AI Agent配置

python

from core.ai.agents import PlannerAgent, ToolSelectorAgent, AnalystAgent
from core.ai.factory import AIProviderFactory

python

from core.ai.agents import PlannerAgent, ToolSelectorAgent, AnalystAgent
from core.ai.factory import AIProviderFactory

Initialize AI provider

初始化AI提供商

ai_provider = AIProviderFactory.create_provider("openai")

Create custom planner agent

创建自定义规划Agent

planner = PlannerAgent( ai_provider=ai_provider, temperature=0.3, max_tokens=4000 )

Create plan for target

为目标创建测试计划

plan = await planner.create_plan( target="example.com", objectives=[ "Identify web technologies", "Discover subdomains", "Scan for common vulnerabilities" ], constraints={ "time_limit": 3600, "scope": ["*.example.com"], "exclude_tools": ["sqlmap"] } )

plan = await planner.create_plan( target="example.com", objectives=[ "识别Web技术栈", "发现子域名", "扫描常见漏洞" ], constraints={ "time_limit": 3600, "scope": ["*.example.com"], "exclude_tools": ["sqlmap"] } )

Execute plan steps

执行计划步骤

for step in plan.steps: print(f"Step: {step.description}") print(f"Tool: {step.tool}") print(f"Parameters: {step.parameters}")

undefined

for step in plan.steps: print(f"步骤: {step.description}") print(f"工具: {step.tool}") print(f"参数: {step.parameters}")

undefined

Evidence-Based Reporting

基于证据的报告生成

python

from core.reporting import ReportGenerator
from core.evidence import EvidenceCollector

python

from core.reporting import ReportGenerator
from core.evidence import EvidenceCollector

Initialize evidence collector

初始化证据收集器

evidence_collector = EvidenceCollector()

Run tool with evidence capture

运行工具并捕获证据

result = await tool.execute(target="example.com")

Store evidence

存储证据

evidence_collector.add_evidence( tool_name="nuclei", command="nuclei -u https://example.com -severity critical", output=result.output, finding_id="VULN-001" )

Generate report with evidence

生成包含证据的报告

report_generator = ReportGenerator(evidence_collector) report = report_generator.generate( format="html", include_evidence=True, include_commands=True )

undefined

report_generator = ReportGenerator(evidence_collector) report = report_generator.generate( format="html", include_evidence=True, include_commands=True )

undefined

Parallel Tool Execution

工具并行执行

python

from core.tools.executor import ToolExecutor
import asyncio

async def parallel_scan(target: str):
    executor = ToolExecutor(max_parallel=5)
    
    # Define tasks
    tasks = [
        executor.execute("httpx", target=target),
        executor.execute("whatweb", target=target),
        executor.execute("wafw00f", target=target),
        executor.execute("nuclei", target=target),
    ]
    
    # Execute in parallel
    results = await asyncio.gather(*tasks, return_exceptions=True)
    
    # Process results
    for i, result in enumerate(results):
        if isinstance(result, Exception):
            print(f"Task {i} failed: {result}")
        else:
            print(f"Task {i} completed: {len(result.findings)} findings")

asyncio.run(parallel_scan("https://example.com"))

python

from core.tools.executor import ToolExecutor
import asyncio

async def parallel_scan(target: str):
    executor = ToolExecutor(max_parallel=5)
    
    # 定义任务
    tasks = [
        executor.execute("httpx", target=target),
        executor.execute("whatweb", target=target),
        executor.execute("wafw00f", target=target),
        executor.execute("nuclei", target=target),
    ]
    
    # 并行执行
    results = await asyncio.gather(*tasks, return_exceptions=True)
    
    # 处理结果
    for i, result in enumerate(results):
        if isinstance(result, Exception):
            print(f"任务{i}失败: {result}")
        else:
            print(f"任务{i}完成: {len(result.findings)}个发现结果")

asyncio.run(parallel_scan("https://example.com"))

Scope Validation

范围验证

Guardian includes built-in scope validation to prevent unauthorized scanning:

python

from core.scope import ScopeValidator

Guardian 内置范围验证功能，防止未授权扫描：

python

from core.scope import ScopeValidator

Initialize validator

初始化验证器

validator = ScopeValidator( blacklist=[ "127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ] )

Validate target

验证目标

is_valid, reason = validator.validate_target("192.168.1.1") if not is_valid: print(f"Target rejected: {reason}") else: print("Target is in scope")

is_valid, reason = validator.validate_target("192.168.1.1") if not is_valid: print(f"目标被拒绝: {reason}") else: print("目标在允许范围内")

Load scope from file

从文件加载范围

validator.load_scope_file("scope.txt")

Check if target is in scope

检查目标是否在范围内

if validator.is_in_scope("example.com"): # Proceed with scanning pass

undefined

if validator.is_in_scope("example.com"): # 继续扫描 pass

undefined

Troubleshooting

故障排除

AI Provider Issues

AI提供商问题

bash

undefined

bash

undefined

Test AI provider connection

测试AI提供商连接

python -m cli.main models --provider openai

Check API key is set

检查API密钥是否设置

echo $OPENAI_API_KEY

Verify configuration

验证配置

cat config/guardian.yaml | grep -A 5 "ai:"

undefined

cat config/guardian.yaml | grep -A 5 "ai:"

undefined

Tool Execution Failures

工具执行失败

bash

undefined

bash

undefined

Check if tool is installed

检查工具是否已安装

which nmap which nuclei

Verify tool permissions

验证工具权限

ls -la $(which nmap)

Test tool manually

手动测试工具

nmap -sV example.com

Check Guardian logs

查看Guardian日志

tail -f logs/guardian.log

undefined

tail -f logs/guardian.log

undefined

Workflow Not Found

工作流未找到

bash

undefined

bash

undefined

List available workflows

列出所有可用工作流

python -m cli.main workflow list

Check workflow file exists

检查工作流文件是否存在

ls config/workflows/

Verify workflow YAML syntax

验证工作流YAML语法

python -c "import yaml; yaml.safe_load(open('config/workflows/web_pentest.yaml'))"

undefined

python -c "import yaml; yaml.safe_load(open('config/workflows/web_pentest.yaml'))"

undefined

Report Generation Issues

报告生成问题

bash

undefined

bash

undefined

List available sessions

列出所有会话

python -m cli.main sessions list

Check session data exists

检查会话数据是否存在

ls -la results/sessions/

Verify report directory permissions

验证报告目录权限

ls -ld reports/

Generate report with verbose output

生成报告并启用详细输出

python -m cli.main report --session 20260203_175905 --format markdown --verbose

undefined

python -m cli.main report --session 20260203_175905 --format markdown --verbose

undefined

Configuration Errors

配置错误

python

undefined

python

undefined

Validate configuration programmatically

以编程方式验证配置

from core.config import Config

try: config = Config.load("config/guardian.yaml") print("Configuration is valid") except Exception as e: print(f"Configuration error: {e}")

undefined

from core.config import Config

try: config = Config.load("config/guardian.yaml") print("配置有效") except Exception as e: print(f"配置错误: {e}")

undefined

Legal and Ethical Use

法律与伦理使用

Guardian is designed exclusively for authorized security testing.

Before using Guardian:

Obtain explicit written permission to test the target system
Understand applicable laws (CFAA, GDPR, etc.)
Configure scope validation to prevent unauthorized scanning
Enable safe mode to prevent destructive actions
Maintain detailed audit logs

yaml

undefined

Guardian 专为授权安全测试设计。

使用Guardian前，请确保：

获得测试目标系统的明确书面许可
了解适用法律（如CFAA、GDPR等）
配置范围验证以防止未授权扫描
启用安全模式以防止破坏性操作
保留详细的审计日志

yaml

undefined

config/guardian.yaml - Recommended safety settings

config/guardian.yaml - 推荐安全设置

pentest: safe_mode: true # Prevent destructive actions require_confirmation: true # Confirm before each step

scope: blacklist: # Block private networks - 127.0.0.0/8 - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 require_scope_file: true # Require explicit scope file


**You are fully responsible for ensuring you have authorization before testing any system.**

pentest: safe_mode: true # 防止破坏性操作 require_confirmation: true # 每一步操作前需确认

scope: blacklist: # 阻止私有网络 - 127.0.0.0/8 - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 require_scope_file: true # 要求提供明确的范围文件


**您需全权负责确保在测试任何系统前已获得授权。**