Run autonomous white-box pentests against web apps and APIs with Shannon
Analyze a web app's source code, execute real exploit attempts against the running target, and return proof-backed findings before release.
What it does
Run autonomous white-box pentests against web apps and APIs with Shannon
Analyze a web app's source code, execute real exploit attempts against the running target, and return proof-backed findings before release.
Prerequisites
Node.js 18+, Docker, target web app URL, local source repository, model/API credentials supported by Shannon
Installation
Requirements and caveats from upstream:
- Data Flow Analysis (SAST): Identifies sources (user input, API requests) and sinks (SQL queries, command execution), then traces paths between them. At each node, an LLM evaluates whether the specific sanitization...
- | Analysis Engine | Code review prompting | CPG-based data flow with LLM reasoning at every node |
- Prerequisites
Basic usage or getting-started notes:
-
Shannon closes that gap by providing on-demand, automated penetration testing that can run against every build or release.
-
Parallel Processing: Vulnerability analysis and exploitation phases run concurrently across all attack categories.
-
Extracted from upstream docs: https://raw.githubusercontent.com/KeygraphHQ/shannon/HEAD/README.md
Documentation
Source
Capabilities
Install
Quality
deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,448 chars)