A Flask web application for vulnerability management and penetration testing using NodeZero MCP, Apify, Claude AI, and Redis Cloud.
PatchPilot implements a Find-Fix-Verify (FFV) security cycle that:
- Find: Scrapes web vulnerabilities using Apify
- Fix: Uses Claude AI to correlate vulnerabilities with support tickets
- Verify: Launches penetration tests via NodeZero MCP integration
- Frontend: Bootstrap 5 with vanilla JavaScript
- Backend: Flask with Python 3.13
- AI Integration: Claude Messages API with MCP support
- Web Scraping: Apify MCP server
- Penetration Testing: NodeZero MCP server
- Vector Database: Redis Cloud for ticket similarity search
- Python 3.13+
- NodeZero API account
- Apify API account
- Claude API account
- Redis Cloud instance
-
Clone the repository
-
Create virtual environment:
python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate
-
Install dependencies:
pip install flask anthropic redis python-dotenv requests
-
Create
.env.localfile:APIFY_API_KEY=your_apify_key ANTHROPIC_API_KEY=your_claude_key NODEZERO_API_KEY=your_nodezero_key REDIS_HOST=your_redis_host REDIS_PORT=your_redis_port REDIS_PASSWORD=your_redis_password
Start the application:
source venv/bin/activate
python app.pyAccess at http://localhost:5001
- Web scraping for security vulnerabilities
- Support ticket vector database
- AI-powered correlation and prioritization
- System overview with metrics
- Recent activity monitoring
- Quick navigation
- AI-generated test scenarios
- Real-time progress tracking
- Log viewing and reporting
- Vulnerability assessments
- Penetration test results
- Executive summaries
- Scrape Vulnerabilities: Use the first tab to collect security data from web sources
- Create Vector Database: Build searchable database of support tickets
- AI Analysis: Let Claude correlate vulnerabilities with tickets and prioritize targets
- Launch Pentests: Start penetration tests on priority targets
- Monitor Progress: Track test execution and view logs
- Generate Reports: Export findings and recommendations
The application connects to Redis Cloud without SSL due to connection issues. See REDIS_FIX.md for troubleshooting.
- NodeZero MCP: Handles penetration testing operations
- Apify MCP: Manages web scraping tasks
The application uses Flask's debug mode for development. File changes trigger automatic reloads.
Key files:
app.py: Main Flask applicationtemplates/: HTML templatesstatic/: CSS and JavaScript files.env.local: Environment variables