Skip to content

3lyly0/ZAgent

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

1 Commit
docs
docs
Β 
Β 
zagent
zagent
Β 
Β 
.gitignore
.gitignore
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
chat_config.json
chat_config.json
Β 
Β 
main.py
main.py
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 
system.txt
system.txt
Β 
Β 

Repository files navigation

ZAgent: Modular Elite Bug Hunter πŸ•΅οΈβ€β™‚οΈπŸ›‘οΈ

ZAgent is a powerful, modular AI agent designed for professional security researchers and bug hunters. It automates reconnaissance, vulnerability discovery, and reporting within a secure, containerized environment.

Key Features

  • Modular Tool System: Easily extend ZAgent by adding new tools to zagent/tools/.
  • Auto-Discovery: Tools are automatically registered at runtime.
  • Docker Sandbox: Safely execute shell commands and file operations.
  • Persistent Auth: Your credentials are saved securely for repeated use.
  • Structured Reporting: Automatically documents findings in report.md with incremental IDs.
  • Relentless Persona: Optimized to pivot and never surrender until a weakness is found.

Installation πŸ› οΈ

  1. Clone the Repository:

    git clone https://github.com/3lyly0/ZAgent.git
cd ZAgent

  2. Install Dependencies:

    pip install -r requirements.txt

  3. Docker Setup (Recommended): Ensure Docker is running and create a sandbox container:

    docker run -itd --name zagent-sandbox alpine sh

Usage πŸš€

First Run

Provide your API token (and optional cookie). ZAgent will save these for future sessions.

python main.py --token YOUR_TOKEN --save-auth "start hunting on example.com"

Configuration

Customize behaviors in chat_config.json:

{
  "tools": {
    "shell": {
      "auto_approve": false,   // Set to true for hands-free automation
      "use_docker": true,      // Execution takes place inside Docker
      "container_name": "zagent-sandbox"
    }
  }
}

Subsequent runs (uses saved auth)

python main.py "your prompt here"


### Authentication

```bash
# Save auth explicitly
python main.py --token YOUR_TOKEN --save-auth

# Clear saved auth
python main.py --clear-auth

# Use with cookie
python main.py --token YOUR_TOKEN --cookie "your_cookie"

Project Structure πŸ“

ZAgent/
β”œβ”€β”€ zagent/                # Main package
β”‚   β”œβ”€β”€ core/             # Core functionality
β”‚   β”‚   β”œβ”€β”€ auth.py       # Auth persistence
β”‚   β”‚   β”œβ”€β”€ client.py     # API client
β”‚   β”‚   └── state.py      # Chat state management
β”‚   β”œβ”€β”€ tools/            # Tool modules
β”‚   β”‚   β”œβ”€β”€ base.py       # Base tool class
β”‚   β”‚   β”œβ”€β”€ shell_tool.py # Shell command execution
β”‚   β”‚   └── __init__.py   # Tool registry
β”‚   └── cli.py            # CLI interface
β”œβ”€β”€ docs/                 # Documentation
β”‚   └── adding_tools.md   # Tool development guide
β”œβ”€β”€ main.py               # Entry point
β”œβ”€β”€ system.txt            # System prompt
└── chat_config.json      # Configuration

Configuration βš™οΈ

Edit chat_config.json to customize:

{
  "model": "GLM-4-6-API-V1",
  "features": {
    "enable_thinking": false,
    "web_search": false
  },
  "runtime": {
    "show_thinking": true,
    "thinking_color": "gray"
  },
  "tools": {
    "enabled": ["shell"],
    "max_iterations": 3,
    "auto_discover": true
  }
}

Available Tools πŸ› οΈ

Shell Tool

Execute shell commands with confirmation:

Assistant: <shell>ls -la</shell>
[tool] assistant requested shell command:
ls -la
Execute this command? [y/N]: y

Adding Custom Tools 🎨

See docs/adding_tools.md for detailed guide.

Quick example:

# Create zagent/tools/my_tool.py
from zagent.tools.base import BaseTool, ToolResult
import re

class MyTool(BaseTool):
    @property
    def name(self) -> str:
        return "my_tool"
    
    @property
    def description(self) -> str:
        return "Does something awesome"
    
    def can_handle(self, message: str) -> bool:
        return bool(re.search(r"<mytool>", message))
    
    def extract_request(self, message: str) -> str | None:
        match = re.search(r"<mytool>(.*?)</mytool>", message, re.DOTALL)
        return match.group(1).strip() if match else None
    
    def execute(self, request: str, context=None) -> str:
        # Your logic here
        return ToolResult(
            self.name, request, True,
            output="Result!"
        ).format()

That's it! The tool will be auto-discovered on next run.

Examples πŸ’‘

Basic Chat

python main.py "explain quantum computing"

Interactive Mode

python main.py
You: what can you do?
Assistant: [response]
You: help me with python
Assistant: [response]
You: exit

Using Tools

python main.py "list files in current directory"
# AI will use <shell>ls</shell> or <shell>dir</shell>

Architecture Highlights πŸ—οΈ

  • BaseTool: Abstract class for all tools
  • ToolRegistry: Manages tool lifecycle
  • Auto-Discovery: Scans zagent/tools/ for tool classes
  • AuthConfig: Secure credential storage
  • Modular: Each component has single responsibility

Development πŸ”§

Adding Dependencies

pip install new_package
# Update requirements.txt if you create one

Testing Tools

# Test shell tool
python main.py "run 'echo test'"

# Test custom tool
python main.py "use my custom tool"

Security πŸ”’

  • Auth saved to ~/.zagent_auth.json (user-readable only)
  • Shell commands require explicit confirmation
  • No auto-execution of dangerous operations

Contributing 🀝

  1. Create tool in zagent/tools/
  2. Inherit from BaseTool
  3. Implement required methods
  4. Tool auto-loads on restart

License

Open source - use as you wish!

Credits

Built with ❀️ by 3lyly0

Need help? Check docs/adding_tools.md for detailed examples.

About

The modular, autonomous security researcher for the elite bug hunter.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages