ENNAENNA

Lonkero

MIT

๐Ÿ•ธ Web Scanning ยท Rust

Lonkero is a professional-grade web application security scanner designed to minimize false positives through machine learning classification. It runs 126+ security checks including proof-based XSS detection (generates working payloads that prove exploitability), the OOBZero blind SQL injection engine, SSRF detection, and authentication bypass testing. The ML layer reduces false positive rates to approximately 5%, making results actionable without extensive manual triage. Written in Rust for speed.

790stars
85forks
14issues
Updated 2d ago
+I use this
View on GitHub

Installation

$ cargo install lonkero

Use Cases

  • Low-false-positive web vulnerability scanning
  • Proof-based XSS and blind SQLi detection
  • CI/CD security scanning with actionable results
  • Professional web application assessments

Tags

web-scannerml-poweredlow-false-positivexsssqli

Details

Category
๐Ÿ•ธ Web Scanning
Language
Rust
License
MIT
Platforms
๐Ÿงlinux๐ŸŽmacos

Links

GitHub Repository

github.com/bountyyfi/lonkero

Releases

github.com/bountyyfi/lonkero/releases

Issues

github.com/bountyyfi/lonkero/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

Nuclei

Go

Fast vulnerability scanner driven by YAML templates. Thousands of community-contributed detection templates.

Compare Lonkero vs Nuclei

Wapiti

Python

Black-box web application vulnerability scanner with built-in fuzzer modules.

Compare Lonkero vs Wapiti

OWASP ZAP

Java

Full-featured intercepting proxy for web application security testing. Automated scanners, fuzzing, scripting, and API testing built in.

Compare Lonkero vs OWASP ZAP

Shannon

TypeScript

Autonomous AI pentester for web apps and APIs. Analyzes source code, identifies attack vectors, and executes real exploits to prove vulnerabilities.

Compare Lonkero vs Shannon

More in Web Scanning

httpx

Go

Fast multi-purpose HTTP toolkit. Probes for running HTTP servers with retries and fallbacks.

http-probetech-detectionprojectdiscovery

Nikto

Perl

Classic web server scanner. Tests for dangerous files, outdated server software, and version-specific problems.

web-serverclassiccgi-scan

Gobuster

Go

Directory/file, DNS, and vhost busting tool. Brute-forces URIs, DNS subdomains, virtual host names, and S3 buckets.

directory-brutedns-brutevhost

Feroxbuster

Rust

Fast, recursive content discovery tool written in Rust. Like gobuster on steroids with auto-recursion.

directory-bruterecursiverust

Burp Suite Community

Java

Web vulnerability scanner and proxy. Intercept, modify, and replay HTTP/S traffic for web app testing.

proxyweb-appinterceptor

ffuf

Go

Fast web fuzzer written in Go. Fuzz anything - URLs, headers, POST data - with blazing speed.

fuzzingdirectory-brutefast