GitHub - KeygraphHQ/shannon: Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.
Shannon is a fully autonomous AI pentester designed to find and prove actual exploits in web applications using white-box analysis.Summary
Shannon, developed by KeygraphHQ, is a fully autonomous AI penetration tester designed to close the security gap between rapid code deployment and infrequent penetration testing. It acts as an on-demand white-box pentester, analyzing source code and executing real browser-based exploits (like injection or auth bypass) to deliver concrete proof of vulnerabilities, achieving a 96.15% success rate on the XBOW Benchmark.
The tool operates autonomously through four phases: Reconnaissance, parallel Vulnerability Analysis, Exploitation (only reporting proven exploits), and Reporting, ensuring minimal false positives. Shannon covers critical OWASP vulnerabilities including Injection, XSS, SSRF, and Broken Authentication/Authorization. It requires access to source code and leverages AI providers like Anthropic's Claude, with optional support for AWS Bedrock or Google Vertex AI.
Shannon is available in two editions: Shannon Lite (AGPL-3.0, for researchers/small teams) and Shannon Pro (Commercial, for enterprises with CI/CD integration). Users must run tests only on non-production environments due to the potential for mutative effects from active exploitation.
(Source:GitHub)