Summary

EVA is an AI-assisted penetration testing agent designed to enhance offensive security workflows. It guides users through pentests with structured attack strategies, contextual analysis, and multi-backend AI integration, aiming to accelerate results without replacing professionals. It targets security professionals, researchers, and CTF players.

How It Works

EVA employs an AI-driven approach for intelligent reasoning, automated enumeration, and vulnerability assessment. It guides users through a pentest process flow, from target definition and strategy generation to reconnaissance, exploitation, and post-exploitation. The agent supports multiple AI backends, including local Ollama, OpenAI, and G4F.dev, providing real-time command execution and analysis within interactive sessions.

Quick Start & Requirements

Installation involves cloning the repository, making eva.py executable, and running it. Ollama can be installed separately for local AI.

git clone https://github.com/ARCANGEL0/EVA.git
cd EVA
chmod +x eva.py
./eva.py

Optional: sudo mv eva.py /usr/local/bin/eva for global access. Prerequisites include Git and Python. An OpenAI API key is required for the GPT backend. Ollama models (e.g., jimscard/whiterabbit-neo) require significant resources (~9.8GB, 16GB+ VRAM/RAM recommended). Configuration is managed via eva.py and ~/.config/eva/.

Highlighted Details

• Multi-AI Backend Support: Integrates local Ollama (offline, private), OpenAI GPT (speed, knowledge), G4F.dev (free GPT-5), and custom API endpoints.
• Interactive Pentest Workflow: Guides users through reconnaissance, vulnerability analysis, and exploitation with real-time command execution and output interpretation.
• Session Management: Supports persistent sessions and chat history.
• Roadmap: Includes planned features like automated reporting, CVE database integration, and a web interface.

Maintenance & Community

The project is actively maintained, with recent commits and contributor activity visible on GitHub. No dedicated community channels (Discord/Slack) are listed.

Licensing & Compatibility

EVA is released under the MIT License, permitting broad use. However, strict usage guidelines are enforced, permitting only CTFs, authorized penetration tests, security research, and testing on owned systems. Unauthorized access and illegal activities are explicitly prohibited.

Limitations & Caveats

The project is currently a single-file script, noted by the developer as a deliberate choice for ease of execution but not ideal practice. Key features like automated reporting and CVE database integration are marked as "IN DEVELOPMENT." The G4F.dev backend may suffer from instability. Local Ollama usage demands substantial hardware resources.