GitHub - KeygraphHQ/shannon: Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.
2 months ago
- #AI Pentesting
- #Web Application Security
- #Cybersecurity
- Shannon is an AI pentester designed to autonomously find and exploit vulnerabilities in web applications before malicious actors can.
- It performs white-box penetration testing, requiring access to the application's source code, and executes real exploits to prove vulnerabilities.
- Shannon addresses the security gap created by infrequent penetration tests by providing on-demand testing for every build.
- It is part of the Keygraph Security and Compliance Platform, which automates security and compliance processes.
- Shannon has successfully identified critical vulnerabilities in standard test applications like OWASP Juice Shop.
- Features include autonomous operation, pentester-grade reports, critical OWASP vulnerability coverage, and code-aware dynamic testing.
- Shannon is available in two editions: Shannon Lite (AGPL-3.0) for security teams and independent researchers, and Shannon Pro (commercial) for enterprises.
- Setup involves cloning the repository, configuring credentials, and running the pentest with a single command.
- Shannon uses a multi-agent architecture combining white-box source code analysis with black-box dynamic exploitation.
- Users must have explicit authorization to test systems, as unauthorized testing is illegal.
- Shannon Lite is released under AGPL-3.0, allowing free use for internal security testing with certain sharing requirements for public services.