OpenSource-Hub

shannon

命令行工具

KeygraphHQ/shannon

自主AI渗透测试工具,分析源码并执行实弹攻击。

项目简介

Shannon Lite 是一款自主白盒AI渗透测试工具,通过分析源码识别攻击面,并在运行中的应用上执行真实漏洞利用。它提供可复现的概念验证利用,覆盖注入、XSS、SSRF、认证绕过等OWASP漏洞。适用于按需安全测试,填补手动渗透测试之间的空白。

README 预览

>[!NOTE]\n> **[📢 Sunsetting Router Mode (claude-code-router)`. →](https://github.com/KeygraphHQ/shannon/discussions/301)**\n\n\n\n\n\n# Shannon — AI Pentester by Keygraph\n\n\n\nShannon is an autonomous, white-box AI pentester for web applications and APIs. \nIt analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.\n\n---\n\n\n\n\n---\n\n\n## What is Shannon?\n\nShannon is an AI pentester developed by [Keygraph](https://keygraph.io). It performs white-box security testing of web applications and their underlying APIs by combining source code analysis with live exploitation.\n\nShannon analyzes your web application's source code to identify potential attack vectors, then uses browser automation and command-line tools to execute real exploits (injection attacks, authentication bypass, SSRF, XSS) against the running application and its APIs. Only vulnerabilities with a working proof-of-concept are included in the final report.\n\n**Why Shannon Exists**\n\nThanks to tools like Claude Code and Cursor, your team ships code non-stop. But your penetration test? That happens once a year. This creates a *massive* security gap. For the other 364 days, you could be unknowingly shipping vulnerabilities to production.\n\nShannon closes that gap by providing on-demand, automated penetration testing that can run against every build or release.\n\n## Shannon in Action\n\nShannon identified 20+ vulnerabilities in OWASP Juice Shop, including authentication bypass and database exfiltration. [Full report →](sample-reports/shannon-report-juice-shop.md)\n\n\n\n## Features\n\n- **Fully Autonomous Operation**: A single command launches the full pentest. Shannon handles 2FA/TOTP logins (including SSO), browser navigation, exploitation, and report generation without manual intervention.\n- **Reproducible Proof-of-Concept Exploits**: The final report contains only proven, exploitable findings with copy-and-paste

常见问题 (2)

故障排除
如何解决运行Shannon时遇到的'pnpm: command not found'和'EACCES: permission denied'错误?

从 https://pnpm.io/installation 安装 pnpm。删除任何残留的 Shannon 目录:rm -rf ~/shannon。使用 npx 快捷方式跳过手动构建:先运行 npx @keygraph/shannon setup,然后运行 npx @keygraph/shannon start -u <URL> -r <REPO_PATH>。确保仓库路径归当前用户所有;如果在 .shannon/deliverables 上遇到 EACCES 错误,则该目录可能是由其他用户(例如通过 sudo)创建的。以同一用户克隆仓库,或者使用 sudo chown -R $USER:$USER /path/to/repo 修复所有权。

来源 Issue #320
故障排除
为什么Shannon在使用本地LLM时会陷入带有OutputValidationError的重试循环?

这是使用非Claude模型时的预期行为。Shannon针对Anthropic Claude模型(haiku、sonnet、opus层级)进行了优化和测试。本地LLM可能会产生无效输出,触发输出验证失败和Temporal重试。为避免卡死,请使用默认的Claude模型层级。目前暂无计划直接支持本地LLM以防止此类循环。

来源 Issue #260