New feature: Full LLM Pentest mode where the AI drives the entire
penetration test cycle autonomously. The LLM plans HTTP requests,
the system executes them, and the LLM analyzes real responses to
identify vulnerabilities — like a human pentester using Burp Suite.
- New OperationMode.FULL_LLM_PENTEST + AgentMode enum
- _run_full_llm_pentest(): 30-round ReACT loop (plan→execute→analyze→adapt)
- 3 new prompt functions in ai_prompts.py (system, round, report)
- Anti-hallucination: findings without real evidence are rejected
- All findings routed through ValidationJudge pipeline
- FullIATestingPage updated: 4-phase UI (Recon→Testing→PostExploit→Report)
- No Kali sandbox required — uses system HTTP client directly
- Methodology injection from pentestcompleto_en.md (118KB)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Issues fixed:
- OpenRouter API key not recognized: _set_no_provider_error() now checks all 7
provider keys (was only checking Anthropic/OpenAI/Google), so users with only
OPENROUTER_API_KEY set no longer get "No API keys configured" error
- Error message now lists all 8 providers (added OpenRouter, Together, Fireworks)
instead of only 5 (Anthropic, OpenAI, Google, Ollama, LM Studio)
- gpt-4-turbo-preview (deprecated by OpenAI, 404 error) replaced with gpt-4o
as default OpenAI model in LLMClient init and generate() fallback
- Settings API model list updated: removed gpt-4-turbo-preview and o1-preview/mini,
added gpt-4.1, gpt-4.1-mini, o3-mini
- .env.example comment updated to reference gpt-4o instead of gpt-4-turbo
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
