Skip to content

pentest-ai

v0.10.5 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo Offensive & Pentesting
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai-security bug-bounty claude ctf security exploit
+12 more
exploit-chaining hacking-tools mcp model-context-protocol nmap offensive-security osint penetration-testing pentest-ai pentesting python vulnerability-scanning

Affected surfaces

rce_ssrf

Summary

AI summary

Fixed a CWE-78 injection vulnerability in tool_installer.py and updated SARIF version resolution at runtime.

Full changelog

Pre-launch security sweep with bandit, pip-audit, gitleaks, and ruff. Three real fixes:

  • tool_installer.py: `subprocess.run(shell=True, ...)` with sudo password f-string was a CWE-78 injection vector if a password ever contained shell metacharacters. Switched to argv + stdin pipe.
  • cli/menu.py: `os.system` replaced with `subprocess.run` (defense in depth).
  • SARIF tool version was hardcoded `0.8.0` in every generated report. Now resolved at runtime via `importlib.metadata`.

The 5 `verify=False` findings in built-in scanners are intentional (we deliberately scan targets with potentially-broken SSL — cert validity is part of what we report). Each is now annotated with `# nosec B501`.

`.gitleaks.toml` allowlists `tests/` so test fixtures don't fail a launch-blocking CI scan.

Install

```bash
pip install ptai==0.10.5
```

Verified

  • `bandit -r ... --severity-level high`: 0 HIGH (was 8)
  • `pip-audit`: 0 known CVE-vulnerable dependencies
  • `gitleaks detect`: 0 real leaks across 94 commits
  • 658 tests pass

Security Fixes

  • tool_installer.py: Fixed CWE-78 command injection by switching from subprocess.run with shell=True and f-string password to argv + stdin pipe.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track pentest-ai

Get notified when new releases ship.

Sign up free

About pentest-ai

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

All releases →

Related context

Beta — feedback welcome: [email protected]