KeygraphHQ/shannon
Shannon Lite is a fully autonomous AI pentester that does something most security tools only promise: it actually exploits the vulnerabilities it finds. Point it at a running web app with source code access, and Shannon analyzes the codebase to identify attack vectors, then uses browser automation and command-line tools to execute real injection attacks, authentication bypasses, SSRF, XSS, and more -- all without human intervention. The numbers back it up. On a cleaned, hint-free variant of the XBOW benchmark (104 intentionally vulnerable apps), Shannon scored 96.15%, successfully executing 100 out of 104 exploits. The "hint-free" part matters: the benchmark was stripped of descriptive variable names, comments, and filenames that could artificially inflate results. In real-world testing against OWASP Juice Shop, it uncovered 20+ critical vulnerabilities including full auth bypass and database exfiltration via injection. The workflow is refreshingly simple. Clone the repo, drop your target's source code into the repos directory, and run a single command: `./shannon start URL=https://your-app.com REPO=repo-name`. Shannon handles everything from 2FA/TOTP login flows to parallel vulnerability scanning across attack categories to final report generation. It only reports proven, exploitable findings with copy-paste proof-of-concept code -- no theoretical warnings or false positive noise. Under the hood, Shannon integrates Nmap, Subfinder, WhatWeb, and Schemathesis for comprehensive reconnaissance and API testing. It runs in Docker containers and supports Anthropic Claude, AWS Bedrock, and Google Vertex AI as LLM backends. A full pentest run typically takes 1 to 1.5 hours and costs roughly $50 in API calls using Claude 4.5 Sonnet. Shannon Pro (commercial) extends Lite with SAST, SCA, and secrets scanning, correlating static analysis findings with dynamic exploit validation in a single workflow. But Lite alone is a serious tool for security-conscious teams who want automated, proof-based vulnerability assessment.
Why It Matters
Most security scanners generate long lists of theoretical vulnerabilities that require manual triage. Shannon flips this model by only reporting issues it can actually exploit, which eliminates false positives and gives developers copy-paste PoCs to reproduce every finding. This is white-box penetration testing that previously required hiring specialized security consultants or running expensive bug bounty programs. With a 96.15% exploit success rate on a rigorous benchmark, Shannon brings autonomous offensive security testing into the CI/CD pipeline at a fraction of the cost. For startups and mid-size teams that lack dedicated security staff, this is the difference between hoping your app is secure and knowing where the real holes are before an attacker finds them.