{"id":50849358,"url":"https://github.com/chatbotkit/rook","last_synced_at":"2026-06-14T12:30:46.269Z","repository":{"id":362253885,"uuid":"1256528164","full_name":"chatbotkit/rook","owner":"chatbotkit","description":"AI bug hunting harness","archived":false,"fork":false,"pushed_at":"2026-06-03T09:02:10.000Z","size":582,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-03T11:04:31.930Z","etag":null,"topics":["ai","bughu","harness"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chatbotkit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE.md","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-01T21:32:59.000Z","updated_at":"2026-06-03T09:02:06.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/chatbotkit/rook","commit_stats":null,"previous_names":["chatbotkit/rook"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/chatbotkit/rook","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chatbotkit%2Frook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chatbotkit%2Frook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chatbotkit%2Frook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chatbotkit%2Frook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chatbotkit","download_url":"https://codeload.github.com/chatbotkit/rook/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chatbotkit%2Frook/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34322072,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-14T02:00:07.365Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","bughu","harness"],"created_at":"2026-06-14T12:30:44.679Z","updated_at":"2026-06-14T12:30:46.260Z","avatar_url":"https://github.com/chatbotkit.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Rook\n\n\u003cimg width=\"1672\" height=\"941\" alt=\"ChatGPT Image Jun 1, 2026, 10_29_04 PM\" src=\"https://github.com/user-attachments/assets/15d285bc-4310-4690-b2cb-f325b43ba0eb\" /\u003e\n\n**Rook** is a standalone, autonomous security agent for vulnerability research,\nbug hunting and source-code auditing. It is a single Go executable built on the\n[ChatBotKit Go SDK](https://github.com/chatbotkit/go-sdk), with a library of\nsecurity skills embedded directly into the binary - no external files, no setup\nbeyond an API key.\n\nGive Rook a target and a scope, and it works through the problem the way a\nresearcher would: reconnaissance, analysis, hypothesis, verification, and a\nwritten report.\n\n\u003e ⚠️ **Authorized use only.** Rook is an offensive-security tool. Only run it\n\u003e against systems, code and services you own or are explicitly authorized to\n\u003e test. Always pass an explicit `--scope`.\n\n## What can it do?\n\nA single binary, a plain-English task, and an explicit scope. Each example\nbelow is backed by Rook's built-in [skills](#embedded-skills):\n\n```bash\n# Source-code audit - injection, IDOR and broken access control\nrook --scope \"repo: ./api, read-only, no network\" \\\n     \"Audit ./api for SQL injection, IDOR and auth bypass\"\n\n# Web app / API - SSRF in a URL-fetching feature (authorized target)\nrook --scope-file scope.txt \\\n     \"Test the link-preview endpoint on staging.example.com for SSRF to cloud metadata\"\n\n# External recon \u0026 OSINT - map an organisation's attack surface\nrook --scope \"domain: example.com + subdomains, passive recon only\" \\\n     \"Map example.com's external surface: subdomains, exposed services and leaked secrets\"\n\n# Cloud misconfiguration - read-only review\nrook --scope \"AWS, describe/list only, no mutations\" \\\n     \"Check for public S3 buckets, over-permissive IAM roles and IMDS exposure\"\n\n# Smart-contract audit\nrook --scope \"repo: ./contracts\" \\\n     \"Audit the Solidity contracts for reentrancy, access-control and oracle bugs\"\n\n# Supply chain - dependencies and CI exposure\nrook --scope \"repo: ., read-only\" \\\n     \"Review dependencies for known CVEs and flag supply-chain risks\"\n```\n\nRook also covers OAuth/SAML/JWT flaws, file-upload and SSTI/RCE chains,\nbusiness-logic and race conditions, HTTP request smuggling, and enterprise\nidentity/infrastructure attack surfaces (M365/Entra, Okta, VPN appliances,\nvCenter, SharePoint) - see the full [skill library](#embedded-skills).\n\n## Why Rook?\n\nSecurity work happens in awkward places - a hardened bastion, an air-gapped\nnetwork, a throwaway cloud VM, a CI runner, someone else's laptop during an\nengagement. Rook is built for exactly those:\n\n- **One single executable.** Everything - the agent loop, the tools, and the\n  entire skill library - is compiled into one binary via Go's `embed`. There is\n  no runtime to install, no interpreter, no `node_modules`, no virtualenv, no\n  config files to ship alongside it. Download one file, `chmod +x`, run.\n- **Portable everywhere.** Statically linked (`CGO_ENABLED=0`) and\n  cross-compiled for Linux, macOS and Windows on both amd64 and arm64. The same\n  tool drops onto an Apple-silicon laptop, an x86 server, or an ARM box with no\n  changes. Nothing to match against the host's libraries or OS version.\n- **Nothing to fetch at runtime.** Because the skills are baked in, Rook works\n  in locked-down or offline environments where you can't `pip install` or pull\n  containers. Its only external dependency is the ChatBotKit API (and your key).\n- **The hard parts run as a service.** This is the real reason Rook feels so\n  light. The AI agent harness - model orchestration, the reasoning and\n  tool-execution loop, skill handling, scaling and reliability - runs as a\n  managed service on ChatBotKit, built and maintained by a dedicated team of\n  engineers who do only this. The binary doesn't reimplement any of that\n  complexity; it embeds the skills and streams the conversation. So the agent\n  itself stays small and focused on the task at hand, and you inherit harness\n  improvements without shipping a new build.\n- **Trivial to distribute and audit.** A single artifact with a published\n  checksum is easy to vet, copy onto a target box, version-pin, and remove\n  cleanly afterwards - important when you're operating inside someone else's\n  scope.\n- **Purpose-built, not a general chatbot.** Rook ships as a focused\n  vulnerability-research and bug-hunting agent: it knows the methodology, the\n  bug classes, and the reporting discipline out of the box, and stays within\n  the authorization boundary you give it.\n\nIn short: the value isn't just \"an AI security agent\" - it's an AI security\nagent you can carry anywhere as **one file** and run with **zero setup**.\n\n## Features\n\n- **Single self-contained binary.** The skill library is compiled into the\n  executable via Go's `embed`, so it ships and runs as one file.\n- **Autonomous agent loop.** Built on the Go SDK's `agent.ExecuteWithTools` -\n  the agent plans, acts, tracks progress and exits on its own, bounded by\n  `--max-iterations`.\n- **Built-in tools.** File read/write/edit and sandboxed shell execution via\n  the SDK's `DefaultTools`.\n- **Embedded skill library.** Phase-by-phase security playbooks (see below)\n  surfaced to the model through the SDK skills feature.\n- **Cross-platform releases.** GitHub Actions builds binaries for Linux, macOS\n  and Windows (amd64/arm64) on every tag.\n\n## Install\n\n### From a release (recommended)\n\nPrebuilt, self-contained binaries are published for every release on the\n[releases page](https://github.com/chatbotkit/rook/releases), for Linux, macOS\nand Windows on both amd64 and arm64. Each archive contains a single `rook`\nbinary (plus README and LICENSE), and a `checksums.txt` is published alongside.\n\nPick the archive for your platform - e.g. `rook-v0.1.0-linux-amd64.tar.gz` - then\ndownload, (optionally) verify, extract and put `rook` on your `PATH`:\n\n```bash\nVERSION=v0.1.0\nOS=linux       # linux | darwin | windows\nARCH=amd64     # amd64 | arm64\nBASE=\"https://github.com/chatbotkit/rook/releases/download/${VERSION}\"\n\n# download the archive and checksums\ncurl -sSLO \"${BASE}/rook-${VERSION}-${OS}-${ARCH}.tar.gz\"\ncurl -sSLO \"${BASE}/checksums.txt\"\n\n# verify (optional but recommended)\nsha256sum --ignore-missing -c checksums.txt\n\n# extract and install\ntar -xzf \"rook-${VERSION}-${OS}-${ARCH}.tar.gz\"\nsudo mv \"rook-${VERSION}-${OS}-${ARCH}/rook\" /usr/local/bin/rook\n\nrook version\n```\n\nOn Windows, download `rook-\u003cversion\u003e-windows-amd64.tar.gz`, extract it, and add\n`rook.exe` to a directory on your `PATH`.\n\n### From source\n\n```bash\ngo install github.com/chatbotkit/rook/cmd/rook@latest\n```\n\nOr clone and build with the provided `Makefile`:\n\n```bash\nmake build      # → ./rook\n```\n\n## Authentication\n\nRook talks to the ChatBotKit API, so it needs an API token supplied via\n`CHATBOTKIT_API_SECRET`.\n\n1. **Create a ChatBotKit account** at [chatbotkit.com](https://chatbotkit.com)\n   or [console.cbk.ai](https://console.cbk.ai).\n2. **Create an API token** from the Tokens page\n   ([chatbotkit.com/tokens](https://chatbotkit.com/tokens)) and set it as\n   `CHATBOTKIT_API_SECRET` (export it, or put it in a `.env` file).\n\n### Recommended: run under a sub-account\n\nFor better **isolation, cost control and observability**, we suggest running\nRook under a dedicated **sub-account** rather than your main account - each\nengagement, tool or user then gets its own usage, billing and logs. For a\nsub-account that is fully dedicated to Rook, a **standard token is enough**.\n\n### Recommended: use a scoped token\n\nWe also recommend a **scoped token**, which limits the token to specific\nChatBotKit API routes (principle of least privilege), so a leaked key can't\ntouch the rest of your account. This matters less for a fully dedicated\nsub-account, but it is good practice everywhere.\n\nRook runs **statelessly**, so it only needs the stateless completion route.\nWhen creating the token, set its `allowedRoutes` to:\n\n```yaml\nallowedRoutes:\n  - conversation/complete\n```\n\nRoute patterns omit the `/v1/` prefix. See\n[How to Create Scoped API Tokens](https://chatbotkit.com/tutorials/how-to-create-scoped-api-tokens-for-restricted-access)\nfor the full guide.\n\n## Usage\n\n```bash\nexport CHATBOTKIT_API_SECRET=\"your-api-key\"\n\n# Audit a local codebase\nrook --scope \"repo: ./server, no network access\" \\\n     \"Audit the HTTP handlers in ./server for injection and auth bypass bugs\"\n\n# Hunt with reasoning streamed to the terminal\nrook -v --scope-file scope.txt \"Find SSRF in the URL-fetching service\"\n\n# Version\nrook version\n```\n\nRook loads a `.env` file automatically if present (see `.env.example`).\n\n### Flags\n\n| Flag               | Default         | Description                                   |\n| ------------------ | --------------- | --------------------------------------------- |\n| `--model`          | `qwen-3.6-plus` | Model the agent reasons with                  |\n| `--max-iterations` | `10000`         | Maximum agent iterations before a forced stop |\n| `--scope`          | -               | Authorization boundary (hosts, repos, paths)  |\n| `--scope-file`     | -               | Read the authorization scope from a file      |\n| `-v`, `--verbose`  | `false`         | Stream the agent's reasoning tokens to stdout |\n| `-V`, `--version`  | -               | Print version and exit                        |\n\nThe agent's findings stream to **stderr**; with `--verbose`, reasoning tokens\nstream to **stdout**. The final report is delivered as the agent's response -\nRook does not write files on its own. If you want the report (or any other\nartifact) saved to disk, ask for it in the task and the agent will use its\n`write` tool.\n\n## Embedded Skills\n\nRook ships with **51 security skills** - each a `SKILL.md` playbook under\n[`skills/`](skills/), embedded into the binary at build time and offered to the\nagent as it works. They cover, roughly:\n\n- **Methodology \u0026 mindset** - `bug-bounty`, `bb-methodology`, `redteam-mindset`,\n  `bb-local-toolkit`, `hunt-dispatch`.\n- **Web/API vulnerability hunting** (24 `hunt-*` classes + `security-arsenal`) -\n  IDOR, SQLi, XSS, SSRF, RCE, SSTI, XXE, CSRF, OAuth, SAML, GraphQL, auth/MFA\n  bypass, ATO, business logic, cache poisoning, HTTP smuggling, file upload,\n  API misconfig, race conditions, and more.\n- **Enterprise \u0026 infrastructure attack chains** - `m365-entra-attack`,\n  `okta-attack`, `cloud-iam-deep`, `vmware-vcenter-attack`,\n  `enterprise-vpn-attack`, `hunt-sharepoint`, `hunt-aspnet`, `hunt-ntlm-info`,\n  `apk-redteam-pipeline`, `supply-chain-attack-recon`.\n- **Recon \u0026 OSINT** - `web2-recon`, `offensive-osint`, `osint-methodology`,\n  `hunt-subdomain`.\n- **Web3** - `web3-audit`, `meme-coin-audit`.\n- **Triage, reporting \u0026 hygiene** - `triage-validation`, `bugcrowd-reporting`,\n  `report-writing`, `redteam-report-template`, `evidence-hygiene`,\n  `mid-engagement-ir-detection`.\n\nThese skills are sourced from the **claude-bughunter** project - see\n[Credits](#credits).\n\n### Adding a skill\n\nCreate `skills/\u003cname\u003e/SKILL.md` with YAML front matter:\n\n```markdown\n---\nname: My Skill\ndescription: One sentence the model uses to decide when to apply this skill.\n---\n\n# My Skill\n\nStep-by-step guidance...\n```\n\nRebuild the binary - the new skill is picked up automatically by the `embed`\ndirective. No registration code required.\n\n## How it works\n\n```\ncmd/rook          CLI: flags, .env, signal handling, version\ninternal/config   Central config: default model, max iterations, system prompt\ninternal/agent    Loads embedded skills, registers tools, drives the agent loop\ninternal/version  Build-time version + GitHub release update check\nembed.go          //go:embed skills  →  the embedded skill library\nskills/           SKILL.md playbooks compiled into the binary\n```\n\nThe default model and the agent's system prompt (backstory) live in one place -\n[`internal/config/config.go`](internal/config/config.go) - so they can be tuned\nwithout touching the CLI or the agent loop.\n\nAt startup Rook loads the embedded skills with `agent.LoadSkillsFromFS`,\nregisters `agent.DefaultTools()`, builds a security-focused backstory that\npins the agent to your authorized scope, and runs `agent.ExecuteWithTools`\nuntil the agent calls `exit`.\n\n## Development\n\nThe committed `go.mod` pins a published version of the Go SDK, so the\nstandalone repository builds from a clean clone with no extra steps:\n\n```bash\ngit clone https://github.com/chatbotkit/rook\ncd rook\ngo build ./...        # or: make build\n```\n\n```bash\nmake build    # build ./rook\nmake test     # run tests\nmake vet      # go vet\nmake dist     # cross-platform release archives under dist/\n```\n\n### Developing against a local go-sdk\n\nTo build against a local checkout of the Go SDK instead of the published\nmodule, place it at `../go-sdk` (or anywhere) and create a Go workspace:\n\n```bash\nmake workspace        # writes a gitignored go.work\n```\n\n`go.work` is **gitignored**, so it only affects your local builds. See\n[RELEASES.md](RELEASES.md) for the release flow.\n\n## Credits\n\nRook's embedded skill library is sourced from the **claude-bughunter** project\nby **[Sachin Sharma](https://www.linkedin.com/in/sachinsharma8080/)**:\n\n\u003e https://github.com/elementalsouls/Claude-BugHunter\n\nThe skills are used under the MIT License (Copyright © 2026 Sachin Sharma). The\nfull upstream license is preserved in [NOTICE.md](NOTICE.md). Our thanks to the\nauthor and the bug-bounty community whose disclosed reports informed them.\n\n## License\n\nRook itself is MIT licensed - see [LICENSE](LICENSE). Bundled third-party\ncontent retains its original license; see [NOTICE.md](NOTICE.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchatbotkit%2Frook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchatbotkit%2Frook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchatbotkit%2Frook/lists"}