pwnkit-cli 0.2.2 → 0.3.1

package/LICENSE

@@ -1,21 +1,188 @@
-MIT License
-
-Copyright (c) 2026 Peak Twilight
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship made available under
+      the License, as indicated by a copyright notice that is included in
+      or attached to the work (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean, as submitted to the Licensor for inclusion
+      in the Work by the copyright owner or by an individual or Legal Entity
+      authorized to submit on behalf of the copyright owner. For the purposes
+      of this definition, "submitted" means any form of electronic, verbal,
+      or written communication sent to the Licensor or its representatives,
+      including but not limited to communication on electronic mailing lists,
+      source code control systems, and issue tracking systems that are managed
+      by, or on behalf of, the Licensor for the purpose of submitting and
+      discussing improvements to the Work, but excluding communication that is
+      conspicuously marked or designated in writing by the copyright owner as
+      "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any Legal Entity on behalf of
+      whom a Contribution has been received by the Licensor and included
+      within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by the combined Work (with their
+      Contribution(s)). If You institute patent litigation against any
+      entity (including a cross-claim or counterclaim in a lawsuit)
+      alleging that the Work or any Contribution embodied within the Work
+      constitutes a patent or copyright infringement, then any patent
+      licenses granted to You under this License for that Work shall
+      terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative
+          Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, You must include a readable copy of the
+          attribution notices contained within such NOTICE file, in
+          at least one of the following places: within a NOTICE text
+          file distributed as part of the Derivative Works; within
+          the Source form or documentation, if provided along with the
+          Derivative Works; or, within a display generated by the
+          Derivative Works, if and wherever such third-party notices
+          normally appear. The contents of the NOTICE file are for
+          informational purposes only and do not modify the License.
+          You may add Your own attribution notices within Derivative
+          Works that You distribute, alongside or in addition to the
+          NOTICE text from the Work, provided that such additional
+          attribution notices cannot be construed as modifying the License.
+
+      You may add Your own license statement for Your modifications and
+      may provide additional grant of rights to use, copy, modify, merge,
+      publish, distribute, sublicense, and/or sell copies of the
+      Contribution.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or reproducing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or exemplary damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or all other
+      commercial damages or losses), even if such Contributor has been
+      advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may offer only
+      conditions consistent with this License.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the syntax of the file. We also recommend
+      that a file or directory "LICENSE" or "COPYING" be included with
+      your work.
+
+   Copyright 2026 Doruk Tan Ozturk (Peak Twilight)
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -1,39 +1,39 @@
 <p align="center">
-  <img src="assets/pwnkit-icon.gif" alt="pwnkit" width="80" />
+ <img src="assets/pwnkit-icon.gif" alt="pwnkit" width="80" />
 </p>
 
 <h1 align="center">pwnkit</h1>
 
 <p align="center">
-  <strong>General-purpose autonomous pentesting framework</strong><br/>
-  <em>Scan LLM endpoints. Audit npm packages. Review source code. Pentest web apps. Re-exploit to kill false positives.</em>
+ <strong>General-purpose autonomous pentesting framework</strong><br/>
+ <em>Scan LLM endpoints. Audit npm packages. Review source code. Pentest web apps. Re-exploit to kill false positives.</em>
 </p>
 
 <p align="center">
-  <a href="https://www.npmjs.com/package/pwnkit-cli"><img src="https://img.shields.io/npm/v/pwnkit-cli?color=crimson&style=flat-square" alt="npm version" /></a>
-  <a href="https://github.com/peaktwilight/pwnkit/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-MIT-blue?style=flat-square" alt="license" /></a>
-  <a href="https://github.com/peaktwilight/pwnkit/actions"><img src="https://img.shields.io/github/actions/workflow/status/peaktwilight/pwnkit/ci.yml?style=flat-square" alt="CI" /></a>
-  <a href="https://github.com/peaktwilight/pwnkit/stargazers"><img src="https://img.shields.io/github/stars/peaktwilight/pwnkit?style=flat-square&color=gold" alt="stars" /></a>
-  <a href="https://pwnkit.com"><img src="https://pwnkit.com/badge/peaktwilight/pwnkit" alt="pwnkit verified" /></a>
+ <a href="https://www.npmjs.com/package/pwnkit-cli"><img src="https://img.shields.io/npm/v/pwnkit-cli?color=crimson&style=flat-square" alt="npm version" /></a>
+ <a href="https://github.com/peaktwilight/pwnkit/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-Apache%202.0-blue?style=flat-square" alt="license" /></a>
+ <a href="https://github.com/peaktwilight/pwnkit/actions"><img src="https://img.shields.io/github/actions/workflow/status/peaktwilight/pwnkit/ci.yml?style=flat-square" alt="CI" /></a>
+ <a href="https://github.com/peaktwilight/pwnkit/stargazers"><img src="https://img.shields.io/github/stars/peaktwilight/pwnkit?style=flat-square&color=gold" alt="stars" /></a>
+ <a href="https://pwnkit.com"><img src="https://pwnkit.com/badge/peaktwilight/pwnkit" alt="pwnkit verified" /></a>
 </p>
 
 <p align="center">
-  <img src="assets/demo.gif" alt="pwnkit Demo" width="700" />
+ <img src="assets/demo.gif" alt="pwnkit Demo" width="700" />
 </p>
 
 <p align="center">
-  <a href="#quick-start">Quick Start</a> &middot;
-  <a href="#commands">Commands</a> &middot;
-  <a href="#how-it-works">How It Works</a> &middot;
-  <a href="#what-pwnkit-scans">What It Scans</a> &middot;
-  <a href="#how-it-compares">Comparison</a> &middot;
-  <a href="#github-action">CI/CD</a> &middot;
-  <a href="#built-by">About</a>
+ <a href="#quick-start">Quick Start</a> &middot;
+ <a href="#commands">Commands</a> &middot;
+ <a href="#how-it-works">How It Works</a> &middot;
+ <a href="#what-pwnkit-scans">What It Scans</a> &middot;
+ <a href="#how-it-compares">Comparison</a> &middot;
+ <a href="#github-action">CI/CD</a> &middot;
+ <a href="#built-by">About</a>
 </p>
 
 ---
 
-pwnkit is an open-source agentic security toolkit. Autonomous agents discover, attack, verify, and report vulnerabilities across LLM endpoints, web applications, npm packages, and Git repositories — the agents read code, craft payloads, analyze responses, and **re-exploit each finding to kill false positives**. No templates, no static rules — multi-turn agentic reasoning that thinks like an attacker.
+pwnkit is an open-source agentic security toolkit. A research agent discovers, attacks, and writes proof-of-concept code for vulnerabilities across LLM endpoints, web applications, npm packages, and Git repositories. Then a blind verify agent — given ONLY the PoC and file path, not the reasoning — independently reproduces each finding to **kill false positives**. No templates, no static rules — multi-turn agentic reasoning that thinks like an attacker.
 
 One command. Zero config. Every finding re-exploited or dropped.
 
@@ -50,10 +50,10 @@ npx pwnkit-cli audit lodash
 npx pwnkit-cli review ./my-ai-app
 
 # Or just point pwnkit at a target — it auto-detects what to do
-npx pwnkit-cli express          # audits npm package
-npx pwnkit-cli ./my-repo        # reviews source code
-npx pwnkit-cli https://github.com/user/repo  # clones and reviews
-npx pwnkit-cli https://example.com           # scans web endpoint
+npx pwnkit-cli express     # audits npm package
+npx pwnkit-cli ./my-repo    # reviews source code
+npx pwnkit-cli https://github.com/user/repo # clones and reviews
+npx pwnkit-cli https://example.com      # scans web endpoint
 ```
 
 That's it. pwnkit discovers your attack surface, launches targeted attacks, verifies findings, and generates a report — all in under 5 minutes.
@@ -87,27 +87,28 @@ pwnkit ships five commands — from quick API probes to deep source-level audits
 
 ## How It Works
 
-pwnkit runs autonomous AI agents in sequence. Each agent uses tools (`read_file`, `run_command`, `send_prompt`, `save_finding`) and makes multi-turn decisions — adapting its strategy based on what it learns:
+pwnkit runs autonomous AI agents in a research-then-verify pipeline. Each agent uses tools (`read_file`, `run_command`, `send_prompt`, `save_finding`) and makes multi-turn decisions — adapting its strategy based on what it learns:
 
 ```
-  +-----------+     +-----------+     +-----------+     +-----------+
-  | DISCOVER  | --> |  ATTACK   | --> |  VERIFY   | --> |  REPORT   |
-  |  (Recon)  |     | (Offense) |     | (Confirm) |     | (Output)  |
-  +-----------+     +-----------+     +-----------+     +-----------+
-   Maps endpoints    Agents craft      Re-exploits       Generates SARIF,
-   Model detection   payloads in       each finding       Markdown, and JSON
-   System prompt     multi-turn        to kill false      with severity +
-   extraction        conversations     positives          remediation
+ +-----------+   +------------------+   +-----------+
+ | RESEARCH | --> | BLIND VERIFY  | --> | REPORT  |
+ | (Discover |   | (PoC + path only |   | (Output) |
+ | + Attack |   | no reasoning)  |   |      |
+ | + PoC)  |   +------------------+   +-----------+
+ +-----------+   Runs in parallel     Only confirmed
+  Single agent   per finding —      findings in SARIF,
+  session: recon,  independently      Markdown, and JSON
+  payloads, and   reproduces or      with severity +
+  proof-of-concept kills finding      remediation
 ```
 
 | Agent | Role | What It Does |
 |-------|------|-------------|
-| **Discover** | Recon | Maps endpoints, detects models, extracts system prompts, enumerates MCP tool schemas |
-| **Attack** | Offense | Agentic multi-turn attacks: prompt injection, jailbreaks, tool poisoning, data exfiltration, encoding bypasses — agent reads responses and adapts |
-| **Verify** | Validation | Re-exploits each finding independently. If it can't reproduce it, it's killed as a false positive |
-| **Report** | Output | SARIF for GitHub Security tab, Markdown for humans, JSON for pipelines — with severity scores and remediation |
+| **Research** | Discover + Attack + PoC | Maps endpoints, detects models, extracts system prompts, crafts multi-turn attacks (prompt injection, jailbreaks, tool poisoning, data exfiltration), and writes proof-of-concept code — all in one agent session |
+| **Verify** | Blind validation | Gets ONLY the PoC code and file path — not the research agent's reasoning. Independently traces data flow and reproduces each finding. Can't reproduce? Killed as false positive |
+| **Report** | Output | SARIF for GitHub Security tab, Markdown for humans, JSON for pipelines — only confirmed findings with severity scores and remediation |
 
-The **verification step is the differentiator.** No more triaging 200 "possible prompt injections" that turn out to be nothing.
+The **blind verification is the differentiator.** The verify agent can't be biased by the research agent's reasoning — same principle as double-blind peer review. No more triaging 200 "possible prompt injections" that turn out to be nothing.
 
 ## What pwnkit Scans
 
@@ -134,15 +135,15 @@ For a verbose view with the animated attack replay:
 npx pwnkit-cli scan --target https://your-app.com/api/chat --verbose
 ```
 
-## Scan Depth & Cost
+## Scan Depth
 
-| Depth | Test Cases | Time | Estimated Cost |
-|-------|-----------|------|----------------|
-| `quick` | ~15 | ~1 min | $0.05–$0.15 |
-| `default` | ~50 | ~3 min | $0.15–$0.50 |
-| `deep` | ~150 | ~10 min | $0.50–$1.00 |
+| Depth | Test Cases | Time |
+|-------|-----------|------|
+| `quick` | ~15 | ~1 min |
+| `default` | ~50 | ~3 min |
+| `deep` | ~150 | ~10 min |
 
-Default model is `anthropic/claude-sonnet-4.6` via [OpenRouter](https://openrouter.ai). Free tier available with `--model free`. You can also use OpenAI, Anthropic direct, or local models via Ollama.
+pwnkit is an agentic harness — bring your own AI. Use your API key (OpenRouter, Anthropic, OpenAI, Ollama), or use the Claude Code CLI or Codex CLI with your existing subscription via `--runtime claude` or `--runtime codex`.
 
 ```bash
 # Quick scan for CI
@@ -177,7 +178,7 @@ Bring your own agent CLI — pwnkit orchestrates it:
 | `claude` | `--runtime claude` | Attack generation, deep analysis — spawns Claude Code CLI |
 | `codex` | `--runtime codex` | Verification, source analysis — spawns Codex CLI |
 | `gemini` | `--runtime gemini` | Large context source analysis — spawns Gemini CLI |
-| `opencode` | `--runtime opencode` | Multi-provider flexibility — spawns OpenCode CLI |
+| `` | `--runtime ` | Multi-provider flexibility — spawns CLI |
 | `auto` | `--runtime auto` | Best overall — auto-detects installed runtimes, picks best per stage |
 
 Combined with scan modes:
@@ -189,7 +190,7 @@ Combined with scan modes:
 | `mcp` | `--mode mcp` | Connect to MCP server, enumerate tools, test each for security issues |
 | `web` | `--mode web` | Full web pentesting — SQLi, XSS, SSRF, auth bypass, IDOR |
 
-> `deep`, `mcp`, and `web` modes require a process runtime (`claude`, `codex`, `gemini`, `opencode`, or `auto`).
+> `deep`, `mcp`, and `web` modes require a process runtime (`claude`, `codex`, `gemini`, ``, or `auto`).
 
 ## How It Compares
 
@@ -205,8 +206,8 @@ Combined with scan modes:
 | **OWASP LLM Top 10** | Yes — 8/10 covered | Partial | Partial | N/A | N/A |
 | **SARIF + GitHub Security tab** | Yes | Yes | No | Yes | Yes |
 | **One command, zero config** | Yes — `npx pwnkit-cli scan` | Needs YAML config | Needs Python setup | Needs rules config | Needs templates |
-| **Open source** | Yes — MIT | Yes — (acquired by OpenAI) | Yes — MIT | Yes — LGPL / Paid Pro | Yes — MIT |
-| **Cost per scan** | $0.05–$1.00 | Varies | Free (local) | Free (OSS) / Paid (Pro) | Free |
+| **Open source** | Yes — Apache-2.0 | Yes — (acquired by OpenAI) | Yes — MIT | Yes — LGPL / Paid Pro | Yes — MIT |
+| **Pricing** | Free + bring your own AI | Varies | Free (local) | Free (OSS) / Paid (Pro) | Free |
 
 pwnkit isn't replacing semgrep or nuclei — it covers the AI-specific attack surface they can't see. Use them together.
 
@@ -219,28 +220,28 @@ name: AI Security Scan
 on: [push, pull_request]
 
 permissions:
-  contents: read
-  security-events: write
+ contents: read
+ security-events: write
 
 jobs:
-  pwnkit:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Run pwnkit
-        uses: peaktwilight/pwnkit/action@v1
-        with:
-          target: ${{ secrets.STAGING_API_URL }}
-          depth: default  # quick | default | deep
-          fail-on-severity: high  # critical | high | medium | low | info | none
-        env:
-          OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
-
-      - name: Upload SARIF
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: pwnkit-report/report.sarif
+ pwnkit:
+  runs-on: ubuntu-latest
+  steps:
+   - uses: actions/checkout@v4
+
+   - name: Run pwnkit
+    uses: peaktwilight/pwnkit/action@v1
+    with:
+     target: ${{ secrets.STAGING_API_URL }}
+     depth: default # quick | default | deep
+     fail-on-severity: high # critical | high | medium | low | info | none
+    env:
+     OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
+
+   - name: Upload SARIF
+    uses: github/codeql-action/upload-sarif@v3
+    with:
+     sarif_file: pwnkit-report/report.sarif
 ```
 
 > **API Key Priority:** pwnkit checks for `OPENROUTER_API_KEY` first, then `ANTHROPIC_API_KEY`, then `OPENAI_API_KEY`. OpenRouter gives you access to many models (including free ones) through a single key at [openrouter.ai](https://openrouter.ai).
@@ -284,13 +285,13 @@ Finding lifecycle: `discovered → verified → confirmed → scored → reporte
 
 ## Roadmap
 
-- [x] Core autonomous agent pipeline (discover, attack, verify, report)
+- [x] Core autonomous agent pipeline (research, blind verify, report)
 - [x] OWASP LLM Top 10 coverage (8/10)
 - [x] SARIF output + GitHub Action
 - [x] MCP server scanning
 - [x] npm package auditing
 - [x] Source code review (local + GitHub)
-- [x] Multi-runtime support (Claude, Codex, Gemini, OpenCode)
+- [x] Multi-runtime support (Claude, Codex, Gemini)
 - [x] Multi-turn agentic attacks (agents adapt payloads based on responses)
 - [x] Web pentesting mode (SQLi, XSS, SSRF, auth bypass, IDOR)
 - [ ] RAG pipeline security (poisoning, extraction)
@@ -320,4 +321,4 @@ pnpm test
 
 ## License
 
-[MIT](LICENSE) — use it, fork it, ship it.
+[Apache 2.0](LICENSE) — use it, fork it, ship it.