{"id":47692611,"url":"https://github.com/peaktwilight/pwnkit","last_synced_at":"2026-04-06T10:03:38.988Z","repository":{"id":347424818,"uuid":"1193652922","full_name":"peaktwilight/pwnkit","owner":"peaktwilight","description":"AI writes the code. pwnkit hacks it. Open-source agentic harness for autonomous security research.","archived":false,"fork":false,"pushed_at":"2026-03-28T12:19:17.000Z","size":19808,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-28T13:42:49.041Z","etag":null,"topics":["agentic","ai","ai-agents","cli","code-review","llm-security","mcp","npm-audit","open-source","owasp","pentesting","red-team","sarif","security","typescript","vulnerability-scanner"],"latest_commit_sha":null,"homepage":"https://pwnkit.com","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/peaktwilight.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-27T12:59:22.000Z","updated_at":"2026-03-28T12:18:59.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/peaktwilight/pwnkit","commit_stats":null,"previous_names":["peaktwilight/nightfang","peaktwilight/pwnkit"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/peaktwilight/pwnkit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peaktwilight%2Fpwnkit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peaktwilight%2Fpwnkit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peaktwilight%2Fpwnkit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peaktwilight%2Fpwnkit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/peaktwilight","download_url":"https://codeload.github.com/peaktwilight/pwnkit/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peaktwilight%2Fpwnkit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31309415,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T12:59:32.332Z","status":"ssl_error","status_checked_at":"2026-04-02T12:54:48.875Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentic","ai","ai-agents","cli","code-review","llm-security","mcp","npm-audit","open-source","owasp","pentesting","red-team","sarif","security","typescript","vulnerability-scanner"],"created_at":"2026-04-02T15:51:01.782Z","updated_at":"2026-04-02T15:51:02.392Z","avatar_url":"https://github.com/peaktwilight.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n \u003cimg src=\"assets/pwnkit-icon.gif\" alt=\"pwnkit\" width=\"80\" /\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003epwnkit\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cstrong\u003eGeneral-purpose autonomous pentesting framework\u003c/strong\u003e\u003cbr/\u003e\n \u003cem\u003eScan LLM endpoints. Audit npm packages. Review source code. Re-exploit to kill false positives.\u003c/em\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://www.npmjs.com/package/pwnkit-cli\"\u003e\u003cimg src=\"https://img.shields.io/npm/v/pwnkit-cli?color=crimson\u0026style=flat-square\" alt=\"npm version\" /\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/peaktwilight/pwnkit/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-Apache%202.0-blue?style=flat-square\" alt=\"license\" /\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/peaktwilight/pwnkit/actions\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/peaktwilight/pwnkit/ci.yml?style=flat-square\" alt=\"CI\" /\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/peaktwilight/pwnkit/stargazers\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/peaktwilight/pwnkit?style=flat-square\u0026color=gold\" alt=\"stars\" /\u003e\u003c/a\u003e\n \u003ca href=\"https://pwnkit.com\"\u003e\u003cimg src=\"https://pwnkit.com/badge/peaktwilight/pwnkit\" alt=\"pwnkit verified\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"assets/demo.gif\" alt=\"pwnkit Demo\" width=\"700\" /\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"#quick-start\"\u003eQuick Start\u003c/a\u003e \u0026middot;\n \u003ca href=\"#commands\"\u003eCommands\u003c/a\u003e \u0026middot;\n \u003ca href=\"#how-it-works\"\u003eHow It Works\u003c/a\u003e \u0026middot;\n \u003ca href=\"#what-pwnkit-scans\"\u003eWhat It Scans\u003c/a\u003e \u0026middot;\n \u003ca href=\"#roadmap\"\u003eRoadmap\u003c/a\u003e \u0026middot;\n \u003ca href=\"#how-it-compares\"\u003eComparison\u003c/a\u003e \u0026middot;\n \u003ca href=\"#github-action\"\u003eCI/CD\u003c/a\u003e \u0026middot;\n \u003ca href=\"#built-by\"\u003eAbout\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\npwnkit is an open-source agentic security toolkit. A research agent discovers, attacks, and writes proof-of-concept code for vulnerabilities across LLM endpoints, npm packages, and Git repositories. Then a blind verify agent — given ONLY the PoC and file path, not the reasoning — independently reproduces each finding to **kill false positives**. No templates, no static rules — multi-turn agentic reasoning that thinks like an attacker.\n\nOne command. Zero config. Every finding re-exploited or dropped.\n\n## Quick Start\n\n```bash\n# Scan an LLM endpoint\nnpx pwnkit-cli scan --target https://your-app.com/api/chat\n\n# Scan a traditional web app for CORS, header, and exposure issues\nnpx pwnkit-cli scan --target https://example.com --mode web\n\n# Audit an npm package for vulnerabilities\nnpx pwnkit-cli audit lodash\n\n# Deep security review of a codebase\nnpx pwnkit-cli review ./my-ai-app\n\n# Or just point pwnkit-cli at a target — it auto-detects what to do\nnpx pwnkit-cli express     # audits npm package\nnpx pwnkit-cli ./my-repo    # reviews source code\nnpx pwnkit-cli https://github.com/user/repo # clones and reviews\n```\n\nThat's it. pwnkit discovers your attack surface, launches targeted attacks, verifies findings, and generates a report — all in under 5 minutes.\n\n### Auto-Detect\n\n`pwnkit-cli \u003ctarget\u003e` figures out what you mean without explicit subcommands:\n\n| Input | What pwnkit-cli does |\n|-------|-----------------|\n| `pwnkit-cli express` | Treats it as an npm package name and runs `audit` |\n| `pwnkit-cli ./my-repo` | Detects a local path and runs `review` |\n| `pwnkit-cli https://github.com/user/repo` | Clones the repo and runs `review` |\n| `pwnkit-cli https://example.com/api/chat` | Detects an LLM endpoint URL and runs `scan` |\n\nExplicit subcommands (`scan`, `audit`, `review`) still work — auto-detect is just a convenience layer on top.\n\n## Commands\n\nAll commands are available via `npx pwnkit-cli \u003ccommand\u003e`. Explicit subcommands are optional — thanks to auto-detect, `npx pwnkit-cli \u003ctarget\u003e` works for most use cases (see [Auto-Detect](#auto-detect) above).\n\npwnkit ships a growing command set — from quick API probes to deep source-level audits and local mission control:\n\n| Command | What It Does | Example |\n|---------|-------------|---------|\n| **`scan`** | Probe LLM endpoints or web apps for vulnerabilities | `npx pwnkit-cli scan --target https://api.example.com/chat` |\n| **`audit`** | Install and security-audit any npm package with static analysis + AI review | `npx pwnkit-cli audit express@4.18.2` |\n| **`review`** | Deep source code security review of a local repo or GitHub URL | `npx pwnkit-cli review https://github.com/user/repo` |\n| **`resume`** | Resume a persisted review/audit scan by scan ID | `npx pwnkit-cli resume \u003cscan-id\u003e` |\n| **`history`** | Browse past scans with status, depth, findings count, and duration | `npx pwnkit-cli history --limit 20` |\n| **`findings`** | Query, filter, and inspect verified findings across all scans | `npx pwnkit-cli findings list --severity critical` |\n| **`dashboard`** | Open a local dashboard for scans, grouped findings, and triage | `npx pwnkit-cli dashboard --port 48123` |\n\n## How It Works\n\npwnkit runs autonomous AI agents in a research-then-verify pipeline. Each agent uses tools (`read_file`, `run_command`, `send_prompt`, `save_finding`) and makes multi-turn decisions — adapting its strategy based on what it learns:\n\n```mermaid\ngraph LR\n    A[\"Research\\ndiscover + attack + PoC\\nsingle agent session\"] --\u003e B[\"Blind Verify\\ngets ONLY PoC + path\\nno reasoning, no bias\"]\n    B --\u003e C[\"Report\\nSARIF, Markdown, JSON\\nonly confirmed findings\"]\n    B --\u003e|can't reproduce| D[\"Killed\"]\n\n    style A fill:#1a1a2e,stroke:#DC2626,color:#fff\n    style B fill:#1a1a2e,stroke:#3B82F6,color:#fff\n    style C fill:#1a1a2e,stroke:#8B5CF6,color:#fff\n    style D fill:#1a1a2e,stroke:#6B7280,color:#6B7280\n```\n\n| Agent | Role | What It Does |\n|-------|------|-------------|\n| **Research** | Discover + Attack + PoC | Maps endpoints, detects models, extracts system prompts, crafts multi-turn attacks (prompt injection, jailbreaks, tool poisoning, data exfiltration), and writes proof-of-concept code — all in one agent session |\n| **Verify** | Blind validation | Gets ONLY the PoC code and file path — not the research agent's reasoning. Independently traces data flow and reproduces each finding. Can't reproduce? Killed as false positive |\n| **Report** | Output | SARIF for GitHub Security tab, Markdown for humans, JSON for pipelines — only confirmed findings with severity scores and remediation |\n\nThe **blind verification is the differentiator.** The verify agent can't be biased by the research agent's reasoning — same principle as double-blind peer review. No more triaging 200 \"possible prompt injections\" that turn out to be nothing.\n\n## What pwnkit Scans\n\n| Target | Command | How |\n|--------|---------|-----|\n| **LLM Endpoints** — ChatGPT, Claude, Llama APIs, custom chatbots | `pwnkit-cli scan --target \u003curl\u003e` | HTTP probing + multi-turn agent attacks |\n| **Web Apps** — Traditional websites and HTTP services | `pwnkit-cli scan --target \u003curl\u003e --mode web` | Deterministic checks for CORS, security headers, exposed files, and fingerprint leakage |\n| **npm Packages** — Dependency supply chain, malicious code | `pwnkit-cli audit \u003cpackage\u003e` | Installs in sandbox, runs semgrep + AI code review |\n| **Git Repositories** — Source-level security review | `pwnkit-cli review \u003cpath-or-url\u003e` | Deep analysis with Claude Code, Codex, or Gemini CLI |\n| **Auto-detect** — Give it anything | `pwnkit-cli \u003ctarget\u003e` | URL, package name, or path — pwnkit-cli figures it out |\n\n## Example Output\n\nSee the [demo GIF above](#) for real scan output, or run it yourself:\n\n```bash\nnpx pwnkit-cli scan --target https://your-app.com/api/chat --depth quick\n```\n\nFor a verbose view with the animated attack replay:\n\n```bash\nnpx pwnkit-cli scan --target https://your-app.com/api/chat --verbose\n```\n\n## Scan Depth\n\n| Depth | Test Cases | Time |\n|-------|-----------|------|\n| `quick` | ~15 | ~1 min |\n| `default` | ~50 | ~3 min |\n| `deep` | ~150 | ~10 min |\n\npwnkit is an agentic harness — bring your own AI. Use your API key (OpenRouter, Anthropic, OpenAI), or use the Claude Code CLI, Codex CLI, or Gemini CLI with your existing subscription via `--runtime claude`, `--runtime codex`, or `--runtime gemini`.\n\n```bash\n# Quick scan for CI\nnpx pwnkit-cli scan --target https://api.example.com/chat --depth quick\n\n# Baseline web app pentest\nnpx pwnkit-cli scan --target https://example.com --mode web\n\n# Deep audit before launch\nnpx pwnkit-cli scan --target https://api.example.com/chat --depth deep\n\n# Deep scan with Claude Code CLI\nnpx pwnkit-cli scan --target https://api.example.com/chat --depth deep --runtime claude\n\n# Audit an npm package\nnpx pwnkit-cli audit react --depth deep --runtime claude\n\n# Review a GitHub repo\nnpx pwnkit-cli review https://github.com/user/repo --runtime codex --depth deep\n\n# Diff-aware review against a base branch\nnpx pwnkit-cli review ./my-repo --diff-base origin/main --changed-only\n\n# Local mission control for scan history and grouped findings\nnpx pwnkit-cli dashboard\n\n# Auto-detect — just give it a target\nnpx pwnkit-cli express\nnpx pwnkit-cli ./my-repo\nnpx pwnkit-cli https://api.example.com\n```\n\n## Runtime Modes\n\nBring your own agent CLI — pwnkit orchestrates it:\n\n| Runtime | Flag | Best For |\n|---------|------|----------|\n| `api` | `--runtime api` | CI, quick scans — uses your API key (OpenRouter, Anthropic, OpenAI). Default |\n| `claude` | `--runtime claude` | Deep analysis — spawns Claude Code CLI with your subscription |\n| `codex` | `--runtime codex` | Source analysis — spawns Codex CLI |\n| `gemini` | `--runtime gemini` | Large context source analysis — spawns Gemini CLI |\n| `auto` | `--runtime auto` | Auto-detects installed CLIs, picks best per stage |\n\n## Roadmap\n\nThe short version:\n\n- now: resumable scans, finding triage, diff-aware PR review, deterministic replay\n- now shipping too: a local mission-control dashboard with grouped finding triage\n- next: multi-target orchestration, timeline/activity views, and fuzzy navigation across scans/findings\n- later: policy packs, trends, and distributed workers\n\nThe detailed roadmap lives in [ROADMAP.md](./ROADMAP.md).\n\n## How It Compares\n\n| Feature | pwnkit | promptfoo | garak | semgrep | nuclei |\n|---------|--------|-----------|-------|---------|--------|\n| **Agentic multi-turn pipeline** | Yes — Autonomous agents with tool use | No — Single runner | No — Single runner | No — Rule-based | No — Template runner |\n| **Verification (no false positives)** | Yes — Re-exploits to confirm | No | No | No | No |\n| **LLM endpoint scanning** | Yes — Prompt injection, jailbreaks, exfil | Yes — Red-teaming | Yes — Probes | No | No |\n| **npm package audit** | Yes — Semgrep + AI review | No | No | Yes — Rules only | No |\n| **Source code review** | Yes — AI-powered deep analysis | No | No | Yes — Rules only | No |\n| **OWASP LLM Top 10** | Yes — Covered | Partial | Partial | N/A | N/A |\n| **SARIF + GitHub Security tab** | Yes | Yes | No | Yes | Yes |\n| **One command, zero config** | Yes — `npx pwnkit-cli scan` | Needs YAML config | Needs Python setup | Needs rules config | Needs templates |\n| **Open source** | Yes — Apache-2.0 | Yes — (acquired by OpenAI) | Yes — MIT | Yes — LGPL / Paid Pro | Yes — MIT |\n| **Pricing** | Free + bring your own AI | Varies | Free (local) | Free (OSS) / Paid (Pro) | Free |\n\npwnkit isn't replacing semgrep or nuclei — it covers the AI-specific attack surface they can't see. Use them together.\n\n## GitHub Action\n\nAdd pwnkit to CI with a single root action. It can review source code, audit npm packages, or scan endpoints, posts a stable PR comment on reruns, and can upload SARIF directly when you set `format: sarif`.\n\n```yaml\nname: AI Security Scan\non: [push, pull_request]\n\npermissions:\n contents: read\n issues: write\n security-events: write\n\njobs:\n pwnkit:\n  runs-on: ubuntu-latest\n  steps:\n   - uses: actions/checkout@v4\n\n   - name: Run pwnkit\n    uses: peaktwilight/pwnkit@main\n    with:\n     mode: review\n     path: .\n     depth: default # quick | default | deep\n     severity-threshold: high # critical | high | medium | low | info | none\n     threshold: 0 # fail if qualifying findings exceed this count\n     format: sarif # json | sarif\n    env:\n     OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}\n```\n\n\u003e **API Key Priority:** pwnkit checks for `OPENROUTER_API_KEY` first, then `ANTHROPIC_API_KEY`, then `OPENAI_API_KEY`. OpenRouter gives you access to many models (including free ones) through a single key at [openrouter.ai](https://openrouter.ai).\n\nUse `mode: audit` with `package: express@latest` for dependency review, or `mode: scan` with `target: https://example.com/api/chat` for endpoint scanning. When `format: sarif` is enabled, findings also show up in the **Security** tab of your repository.\n\n### Badge\n\nAdd a pwnkit badge to your README:\n\n```markdown\n[![pwnkit](https://pwnkit.com/badge/YOUR_ORG/YOUR_REPO)](https://pwnkit.com)\n```\n\nThe badge auto-updates from your GitHub Actions scan results. Shows `verified` (green), finding counts (yellow/red), or `not scanned` (gray).\n\nAlso available as a [shields.io endpoint](https://shields.io/endpoint):\n```\nhttps://img.shields.io/endpoint?url=https://pwnkit.com/badge/YOUR_ORG/YOUR_REPO/shield\n```\n\n## Findings Management\n\nEvery finding is persisted in a local SQLite database. Query across scans:\n\n```bash\n# List critical findings\nnpx pwnkit-cli findings list --severity critical\n\n# Group duplicate findings and inspect the family state\nnpx pwnkit-cli findings list\nnpx pwnkit-cli findings show \u003cfinding-id\u003e\n\n# Triage a finding family across scans\nnpx pwnkit-cli findings accept \u003cfinding-id\u003e --note \"confirmed and tracked internally\"\nnpx pwnkit-cli findings suppress \u003cfinding-id\u003e --note \"known test fixture\"\nnpx pwnkit-cli findings reopen \u003cfinding-id\u003e\n\n# Filter by category\nnpx pwnkit-cli findings list --category prompt-injection --status confirmed\n\n# Inspect a specific finding with full evidence\nnpx pwnkit-cli findings show NF-001\n\n# Browse scan history\nnpx pwnkit-cli history --limit 10\n```\n\nFinding lifecycle: `discovered → verified → confirmed → scored → reported` (or `false-positive` if verification fails).\n\n## Roadmap\n\n- [x] Core autonomous agent pipeline (research, blind verify, report)\n- [x] OWASP LLM Top 10 coverage\n- [x] SARIF output + GitHub Action\n- [x] npm package auditing\n- [x] Source code review (local + GitHub)\n- [x] Multi-runtime support (Claude, Codex, Gemini)\n- [x] Multi-turn agentic attacks (agents adapt payloads based on responses)\n- [ ] MCP server scanning (tool poisoning, schema abuse)\n- [ ] Web pentesting mode (SQLi, XSS, SSRF, auth bypass, IDOR)\n- [ ] RAG pipeline security (poisoning, extraction)\n- [ ] Agentic workflow testing (multi-tool chains)\n- [ ] VS Code extension\n- [ ] Team dashboard \u0026 historical tracking\n- [ ] SOC 2 / compliance report generation\n\n## Built By\n\nCreated by a security researcher with [7 published CVEs](https://doruk.ch/blog) across node-forge, mysql2, uptime-kuma, liquidjs, picomatch, and jspdf.\n\npwnkit is a general-purpose autonomous pentesting framework. It exists because modern attack surfaces — LLM endpoints, npm supply chains, AI-powered codebases — require agents that adapt, not static rules that don't. You can't `nmap` a language model. You can't write a rule for a jailbreak that hasn't been invented yet. Static analysis alone misses logical flaws and semantic vulnerabilities that only an agent tracing data flow can find.\n\npwnkit uses autonomous agents that think like attackers, adapt their strategy mid-scan, and re-exploit every finding before reporting it. The result: real vulnerabilities, zero noise.\n\n## Contributing\n\nContributions welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n```bash\ngit clone https://github.com/peaktwilight/pwnkit.git\ncd pwnkit\npnpm install\npnpm test\n```\n\n## License\n\n[Apache 2.0](LICENSE) — use it, fork it, ship it.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeaktwilight%2Fpwnkit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpeaktwilight%2Fpwnkit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeaktwilight%2Fpwnkit/lists"}