pwnkit

Let autonomous AI agents hack you before attackers do.
Fully autonomous agentic pentesting framework.

Docs · Website · Blog · Benchmark · Triage

---

Fully autonomous agentic pentesting for web apps, AI/LLM apps, package ecosystems, and source code.

This README is the fast path. The detailed command reference, configuration, architecture notes, recipes, and benchmark breakdowns live in the docs site.

Quick Start

Docker

docker run --rm -e OPENROUTER_API_KEY=$KEY \
  ghcr.io/peaktwilight/pwnkit:latest scan --target https://example.com

If you use Azure OpenAI instead, also pass AZURE_OPENAI_BASE_URL and AZURE_OPENAI_MODEL. For the Responses API, the Azure base URL should include /openai/v1.

The image ships with Node 20, Playwright/Chromium, and the standard pentest toolbox (sqlmap, nmap, nikto, gobuster, ffuf, hydra, john, …) preinstalled.

npx / bunx

# Scan an AI / LLM endpoint
npx pwnkit-cli scan --target https://example.com/api/chat

# Pentest a web app
npx pwnkit-cli scan --target https://example.com --mode web

# White-box scan with source code access
npx pwnkit-cli scan --target https://example.com --repo ./source

# Audit a package
npx pwnkit-cli audit lodash

# Review source code
npx pwnkit-cli review ./my-app

# Auto-detect — just give it a target
npx pwnkit-cli https://example.com

Prefer Bun? Swap npx for bunx — same commands, same flags, zero-install, noticeably faster cold start. pwnkit-cli is pure-JS with a WASM SQLite core, so there are no native bindings to rebuild on either runtime.

Global install:

npm i -g pwnkit-cli
# or
bun add -g pwnkit-cli

What It Does

• scan targets AI / LLM apps, web apps, REST / OpenAPI APIs, and MCP servers.
• audit installs and inspects packages across npm, pypi, cargo, and oci with ecosystem-specific prep, static analysis, and AI review.
• review performs deep source-code security review on a local repo or Git URL.
• triage-data turns benchmark runs and verified findings into labeled JSONL for triage-model training.
• cloud-sink can stream findings and final reports to an orchestrator with PWNKIT_CLOUD_SINK + PWNKIT_CLOUD_SCAN_ID.
• dashboard, history, findings, and triage provide local persistence and review workflows.

Why It’s Different

• Shell-first web pentesting. The agent uses bash, writes scripts, and chains tools like a human pentester instead of being trapped in a small HTTP-tool DSL.
• Blind verification. Findings are independently re-exploited before they are reported.
• Docs-backed benchmark transparency. The current benchmark details live in the docs and raw artifacts under packages/benchmark/results.

Docs

• Getting Started
• Adversarial evals
• Commands
• Configuration
• Recipes
• Architecture
• Triage Pipeline
• Benchmark

Snapshot

• XBOW retained artifact-backed aggregate: 99/104 = 95.2%
• XBOW retained artifact-backed black-box: 74/104 = 71.2%
• XBOW historical mixed local+CI publication: 95/104 aggregate and 90/104 black-box
• Cybench: 8/10 = 80%
• AI / LLM regression set: 10/10

The benchmark docs page is the canonical benchmark surface. It distinguishes the current retained artifact-backed tally from the older mixed local+CI publication line and lists the remaining challenge-set mismatches explicitly.

GitHub Action

- uses: PwnKit-Labs/pwnkit@main
  with:
    mode: review
    path: .
    format: sarif
  env:
    OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}

Development

git clone https://github.com/PwnKit-Labs/pwnkit.git
cd pwnkit
pnpm install
pnpm lint
pnpm test

See CONTRIBUTING.md.

Part of PwnKit Labs

Open-source adversarial security for the agentic AI era. pwnkit is one piece of the open-source PwnKit Labs stack:

• pwnkit — AI agent pentester (detect)
• foxguard — Rust security scanner (prevent)
• opensoar — Python-native SOAR platform (respond)

License

Apache 2.0