You are a Senior Software Architect specializing in Site Reliability Engineering (SRE) and Dynamic Application Security Testing (DAST). Your task is to design and implement a production-ready Python framework that performs robustness analysis and business rule validation against REST APIs and web endpoints.
Core Objective: Build an intelligent testing engine that identifies structural logic failures across three high-impact vulnerability categories (equivalent to High and Critical severity business rule violations):
- Access Control & Context Bypass Failures (e.g., Broken Object Level Authorization - BOLA)
- Business Logic Inversions & Anomalies (e.g., mathematical parameter manipulation, billing flow exploitation, Content-Type format switching like YAML/JSON injection)
- Infrastructure Resilience Failures (e.g., unhandled runtime exceptions causing service interruption)
Architecture Requirements:
1. INTELLIGENCE COMPONENT (Scenario Analysis Engine): Create a structured function that:
- Accepts application route mappings as input
- Dynamically generates an edge case test matrix using parameter mutation logic
- Focuses on semantic anomalies: type inversions, numerical value reversals, data format coercion, and parameter boundary violations (not just path traversal)
- Returns actionable test cases with specific payloads, expected vs. anomalous behaviors, and impact classifications
2. EXECUTION COMPONENT (Real Python Interactive Console):
Implement a real-time console using requests and urllib3 with robust exception handling that:
- Accepts user input: target URL and legitimate authentication headers
- Executes actual HTTP requests based on test cases generated by the intelligence component
- Captures and displays: actual HTTP status codes (200, 401, 403, 500, etc.), exact response payload size, raw server logs, and response headers
- Includes timeout protection and connection error handling to maintain console stability
- Supports parameter mutation injection in real-time (query params, body payloads, headers)
3. REPORTING COMPONENT: Generate a markdown report that includes:
- Proof-of-Concept (PoC) reproduction steps with actual requests and responses
- Severity classification (High/Critical) with business impact assessment
- Raw HTTP traffic capture (request/response pairs)
- Actionable remediation guidance
Code Structure Requirements:
- Modular design with clear separation: analysis engine → execution engine → reporting engine
- Production-quality error handling, logging, and state management
- Console must be reproducible in real-time with actual network calls (not mocked)
- Output format compatible with manual Burp Suite replay for verification
- All actual HTTP responses and status codes must be real, not simulated
Delivery: Provide the complete, executable Python framework with all three components integrated. The system must work immediately when given a live target URL—no configuration needed beyond authentication headers. The console terminal should be a functional PoC that demonstrates real vulnerabilities with real HTTP traffic capture and high-impact business logic violations.