ENNAENNA

Shannon

FeaturedAGPL-3.0

๐Ÿ•ธ Web Scanning ยท TypeScript

Shannon Lite is an autonomous, white-box AI pentester that takes a fundamentally different approach to security testing. Instead of running predefined checks, it reads your source code, understands the application logic, identifies attack vectors, and then executes real exploits to prove vulnerabilities before they reach production. It achieves a 96% score on the XBOW benchmark, outperforming traditional scanners on complex vulnerability chains that require multi-step reasoning. Shannon works with any web application or API, supports multiple frameworks, and produces proof-of-exploitation reports rather than theoretical findings.

41.4kstars
2.1kforks
145issues
Updated today
+I use this
View on GitHub

Installation

$ npm install -g @keygraph/shannon

Use Cases

  • Automated penetration testing of web applications
  • Source code-aware vulnerability discovery
  • Proof-of-exploitation for CI/CD security gates
  • Finding complex multi-step vulnerability chains

Tags

ai-pentestingautonomouswhite-boxexploit-proofsource-analysis

Details

Category
๐Ÿ•ธ Web Scanning
Language
TypeScript
License
AGPL-3.0
Platforms
๐Ÿงlinux๐ŸŽmacos

Links

GitHub Repository

github.com/KeygraphHQ/shannon

Releases

github.com/KeygraphHQ/shannon/releases

Issues

github.com/KeygraphHQ/shannon/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

Nuclei

Go

Fast vulnerability scanner driven by YAML templates. Thousands of community-contributed detection templates.

Compare Shannon vs Nuclei

reNgine

Python

Automated reconnaissance framework with correlated scan engines, continuous monitoring, and vulnerability reporting.

Compare Shannon vs reNgine

Wapiti

Python

Black-box web application vulnerability scanner with built-in fuzzer modules.

Compare Shannon vs Wapiti

OWASP ZAP

Java

Full-featured intercepting proxy for web application security testing. Automated scanners, fuzzing, scripting, and API testing built in.

Compare Shannon vs OWASP ZAP

Lonkero

Rust

Professional web app scanner with 126+ checks, ML-powered false positive reduction, proof-based XSS detection, and blind SQLi engine.

Compare Shannon vs Lonkero

More in Web Scanning

httpx

Go

Fast multi-purpose HTTP toolkit. Probes for running HTTP servers with retries and fallbacks.

http-probetech-detectionprojectdiscovery

Nikto

Perl

Classic web server scanner. Tests for dangerous files, outdated server software, and version-specific problems.

web-serverclassiccgi-scan

Gobuster

Go

Directory/file, DNS, and vhost busting tool. Brute-forces URIs, DNS subdomains, virtual host names, and S3 buckets.

directory-brutedns-brutevhost

Feroxbuster

Rust

Fast, recursive content discovery tool written in Rust. Like gobuster on steroids with auto-recursion.

directory-bruterecursiverust

Burp Suite Community

Java

Web vulnerability scanner and proxy. Intercept, modify, and replay HTTP/S traffic for web app testing.

proxyweb-appinterceptor

ffuf

Go

Fast web fuzzer written in Go. Fuzz anything - URLs, headers, POST data - with blazing speed.

fuzzingdirectory-brutefast