pwnkit
AI writes the code. pwnkit hacks it. Open-source agentic harness for autonomous security research.
pwnkit
General-purpose autonomous pentesting framework
Scan LLM endpoints. Audit npm packages. Review source code. Re-exploit to kill false positives.
Quick Start · Commands · How It Works · What It Scans · Comparison · CI/CD · About
pwnkit is an open-source agentic security toolkit. A research agent discovers, attacks, and writes proof-of-concept code for vulnerabilities across LLM endpoints, npm packages, and Git repositories. Then a blind verify agent — given ONLY the PoC and file path, not the reasoning — independently reproduces each finding to kill false positives. No templates, no static rules — multi-turn agentic reasoning that thinks like an attacker.
One command. Zero config. Every finding re-exploited or dropped.
Quick Start
# Scan an LLM endpoint
npx pwnkit-cli scan --target https://your-app.com/api/chat
# Audit an npm package for vulnerabilities
npx pwnkit-cli audit lodash
# Deep security review of a codebase
npx pwnkit-cli review ./my-ai-app
# Or just point pwnkit-cli at a target — it auto-detects what to do
npx pwnkit-cli express # audits npm package
npx pwnkit-cli ./my-repo # reviews source code
npx pwnkit-cli https://github.com/user/repo # clones and reviews
That's it. pwnkit discovers your attack surface, launches targeted attacks, verifies findings, and generates a report — all in under 5 minutes.
Auto-Detect
pwnkit-cli <target> figures out what you mean without explicit subcommands:
| Input | What pwnkit-cli does |
|---|---|
pwnkit-cli express |
Treats it as an npm package name and runs audit |
pwnkit-cli ./my-repo |
Detects a local path and runs review |
pwnkit-cli https://github.com/user/repo |
Clones the repo and runs review |
pwnkit-cli https://example.com/api/chat |
Detects an LLM endpoint URL and runs scan |
Explicit subcommands (scan, audit, review) still work — auto-detect is just a convenience layer on top.
Commands
All commands are available via npx pwnkit-cli <command>. Explicit subcommands are optional — thanks to auto-detect, npx pwnkit-cli <target> works for most use cases (see Auto-Detect above).
pwnkit ships five commands — from quick API probes to deep source-level audits:
| Command | What It Does | Example |
|---|---|---|
scan |
Probe LLM endpoints and AI APIs for vulnerabilities | npx pwnkit-cli scan --target https://api.example.com/chat |
audit |
Install and security-audit any npm package with static analysis + AI review | npx pwnkit-cli audit [email protected] |
review |
Deep source code security review of a local repo or GitHub URL | npx pwnkit-cli review https://github.com/user/repo |
history |
Browse past scans with status, depth, findings count, and duration | npx pwnkit-cli history --limit 20 |
findings |
Query, filter, and inspect verified findings across all scans | npx pwnkit-cli findings list --severity critical |
How It Works
pwnkit runs autonomous AI agents in a research-then-verify pipeline. Each agent uses tools (read_file, run_command, send_prompt, save_finding) and makes multi-turn decisions — adapting its strategy based on what it learns:
graph LR
A["Research\ndiscover + attack + PoC\nsingle agent session"] --> B["Blind Verify\ngets ONLY PoC + path\nno reasoning, no bias"]
B --> C["Report\nSARIF, Markdown, JSON\nonly confirmed findings"]
B -->|can't reproduce| D["Killed"]
style A fill:#1a1a2e,stroke:#DC2626,color:#fff
style B fill:#1a1a2e,stroke:#3B82F6,color:#fff
style C fill:#1a1a2e,stroke:#8B5CF6,color:#fff
style D fill:#1a1a2e,stroke:#6B7280,color:#6B7280
| Agent | Role | What It Does |
|---|---|---|
| Research | Discover + Attack + PoC | Maps endpoints, detects models, extracts system prompts, crafts multi-turn attacks (prompt injection, jailbreaks, tool poisoning, data exfiltration), and writes proof-of-concept code — all in one agent session |
| Verify | Blind validation | Gets ONLY the PoC code and file path — not the research agent's reasoning. Independently traces data flow and reproduces each finding. Can't reproduce? Killed as false positive |
| Report | Output | SARIF for GitHub Security tab, Markdown for humans, JSON for pipelines — only confirmed findings with severity scores and remediation |
The blind verification is the differentiator. The verify agent can't be biased by the research agent's reasoning — same principle as double-blind peer review. No more triaging 200 "possible prompt injections" that turn out to be nothing.
What pwnkit Scans
| Target | Command | How |
|---|---|---|
| LLM Endpoints — ChatGPT, Claude, Llama APIs, custom chatbots | pwnkit-cli scan --target <url> |
HTTP probing + multi-turn agent attacks |
| npm Packages — Dependency supply chain, malicious code | pwnkit-cli audit <package> |
Installs in sandbox, runs semgrep + AI code review |
| Git Repositories — Source-level security review | pwnkit-cli review <path-or-url> |
Deep analysis with Claude Code, Codex, or Gemini CLI |
| Auto-detect — Give it anything | pwnkit-cli <target> |
URL, package name, or path — pwnkit-cli figures it out |
Example Output
See the demo GIF above for real scan output, or run it yourself:
npx pwnkit-cli scan --target https://your-app.com/api/chat --depth quick
For a verbose view with the animated attack replay:
npx pwnkit-cli scan --target https://your-app.com/api/chat --verbose
Scan Depth
| Depth | Test Cases | Time |
|---|---|---|
quick |
~15 | ~1 min |
default |
~50 | ~3 min |
deep |
~150 | ~10 min |
pwnkit is an agentic harness — bring your own AI. Use your API key (OpenRouter, Anthropic, OpenAI, Ollama), or use the Claude Code CLI or Codex CLI with your existing subscription via --runtime claude or --runtime codex.
# Quick scan for CI
npx pwnkit-cli scan --target https://api.example.com/chat --depth quick
# Deep audit before launch
npx pwnkit-cli scan --target https://api.example.com/chat --depth deep
# Deep scan with Claude Code CLI
npx pwnkit-cli scan --target https://api.example.com/chat --depth deep --runtime claude
# Audit an npm package
npx pwnkit-cli audit react --depth deep --runtime claude
# Review a GitHub repo
npx pwnkit-cli review https://github.com/user/repo --runtime codex --depth deep
# Auto-detect — just give it a target
npx pwnkit-cli express
npx pwnkit-cli ./my-repo
npx pwnkit-cli https://api.example.com
Runtime Modes
Bring your own agent CLI — pwnkit orchestrates it:
| Runtime | Flag | Best For |
|---|---|---|
api |
--runtime api |
CI, quick scans — uses your API key (OpenRouter, Anthropic, OpenAI). Default |
claude |
--runtime claude |
Deep analysis — spawns Claude Code CLI with your subscription |
codex |
--runtime codex |
Source analysis — spawns Codex CLI |
gemini |
--runtime gemini |
Large context source analysis — spawns Gemini CLI |
auto |
--runtime auto |
Auto-detects installed CLIs, picks best per stage |
How It Compares
| Feature | pwnkit | promptfoo | garak | semgrep | nuclei |
|---|---|---|---|---|---|
| Agentic multi-turn pipeline | Yes — Autonomous agents with tool use | No — Single runner | No — Single runner | No — Rule-based | No — Template runner |
| Verification (no false positives) | Yes — Re-exploits to confirm | No | No | No | No |
| LLM endpoint scanning | Yes — Prompt injection, jailbreaks, exfil | Yes — Red-teaming | Yes — Probes | No | No |
| npm package audit | Yes — Semgrep + AI review | No | No | Yes — Rules only | No |
| Source code review | Yes — AI-powered deep analysis | No | No | Yes — Rules only | No |
| OWASP LLM Top 10 | Yes — Covered | Partial | Partial | N/A | N/A |
| SARIF + GitHub Security tab | Yes | Yes | No | Yes | Yes |
| One command, zero config | Yes — npx pwnkit-cli scan |
Needs YAML config | Needs Python setup | Needs rules config | Needs templates |
| Open source | Yes — Apache-2.0 | Yes — (acquired by OpenAI) | Yes — MIT | Yes — LGPL / Paid Pro | Yes — MIT |
| Pricing | Free + bring your own AI | Varies | Free (local) | Free (OSS) / Paid (Pro) | Free |
pwnkit isn't replacing semgrep or nuclei — it covers the AI-specific attack surface they can't see. Use them together.
GitHub Action
Add pwnkit to your CI/CD pipeline:
name: AI Security Scan
on: [push, pull_request]
permissions:
contents: read
security-events: write
jobs:
pwnkit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run pwnkit
uses: peaktwilight/pwnkit/action@v1
with:
target: ${{ secrets.STAGING_API_URL }}
depth: default # quick | default | deep
fail-on-severity: high # critical | high | medium | low | info | none
env:
OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: pwnkit-report/report.sarif
API Key Priority: pwnkit checks for
OPENROUTER_API_KEYfirst, thenANTHROPIC_API_KEY, thenOPENAI_API_KEY. OpenRouter gives you access to many models (including free ones) through a single key at openrouter.ai.
Findings show up directly in the Security tab of your repository.
Badge
Add a pwnkit badge to your README:
[](https://pwnkit.com)
The badge auto-updates from your GitHub Actions scan results. Shows verified (green), finding counts (yellow/red), or not scanned (gray).
Also available as a shields.io endpoint:
https://img.shields.io/endpoint?url=https://pwnkit.com/badge/YOUR_ORG/YOUR_REPO/shield
Findings Management
Every finding is persisted in a local SQLite database. Query across scans:
# List critical findings
npx pwnkit-cli findings list --severity critical
# Filter by category
npx pwnkit-cli findings list --category prompt-injection --status confirmed
# Inspect a specific finding with full evidence
npx pwnkit-cli findings show NF-001
# Browse scan history
npx pwnkit-cli history --limit 10
Finding lifecycle: discovered → verified → confirmed → scored → reported (or false-positive if verification fails).
Roadmap
- Core autonomous agent pipeline (research, blind verify, report)
- OWASP LLM Top 10 coverage
- SARIF output + GitHub Action
- npm package auditing
- Source code review (local + GitHub)
- Multi-runtime support (Claude, Codex, Gemini)
- Multi-turn agentic attacks (agents adapt payloads based on responses)
- MCP server scanning (tool poisoning, schema abuse)
- Web pentesting mode (SQLi, XSS, SSRF, auth bypass, IDOR)
- RAG pipeline security (poisoning, extraction)
- Agentic workflow testing (multi-tool chains)
- VS Code extension
- Team dashboard & historical tracking
- SOC 2 / compliance report generation
Built By
Created by a security researcher with 7 published CVEs across node-forge, mysql2, uptime-kuma, liquidjs, picomatch, and jspdf.
pwnkit is a general-purpose autonomous pentesting framework. It exists because modern attack surfaces — LLM endpoints, npm supply chains, AI-powered codebases — require agents that adapt, not static rules that don't. You can't nmap a language model. You can't write a rule for a jailbreak that hasn't been invented yet. Static analysis alone misses logical flaws and semantic vulnerabilities that only an agent tracing data flow can find.
pwnkit uses autonomous agents that think like attackers, adapt their strategy mid-scan, and re-exploit every finding before reporting it. The result: real vulnerabilities, zero noise.
Contributing
Contributions welcome! See CONTRIBUTING.md for guidelines.
git clone https://github.com/peaktwilight/pwnkit.git
cd pwnkit
pnpm install
pnpm test
License
Apache 2.0 — use it, fork it, ship it.
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi