pwnkit-cli 0.3.2 → 0.3.4

package/LICENSE

@@ -0,0 +1,188 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship made available under
+      the License, as indicated by a copyright notice that is included in
+      or attached to the work (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean, as submitted to the Licensor for inclusion
+      in the Work by the copyright owner or by an individual or Legal Entity
+      authorized to submit on behalf of the copyright owner. For the purposes
+      of this definition, "submitted" means any form of electronic, verbal,
+      or written communication sent to the Licensor or its representatives,
+      including but not limited to communication on electronic mailing lists,
+      source code control systems, and issue tracking systems that are managed
+      by, or on behalf of, the Licensor for the purpose of submitting and
+      discussing improvements to the Work, but excluding communication that is
+      conspicuously marked or designated in writing by the copyright owner as
+      "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any Legal Entity on behalf of
+      whom a Contribution has been received by the Licensor and included
+      within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by the combined Work (with their
+      Contribution(s)). If You institute patent litigation against any
+      entity (including a cross-claim or counterclaim in a lawsuit)
+      alleging that the Work or any Contribution embodied within the Work
+      constitutes a patent or copyright infringement, then any patent
+      licenses granted to You under this License for that Work shall
+      terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative
+          Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, You must include a readable copy of the
+          attribution notices contained within such NOTICE file, in
+          at least one of the following places: within a NOTICE text
+          file distributed as part of the Derivative Works; within
+          the Source form or documentation, if provided along with the
+          Derivative Works; or, within a display generated by the
+          Derivative Works, if and wherever such third-party notices
+          normally appear. The contents of the NOTICE file are for
+          informational purposes only and do not modify the License.
+          You may add Your own attribution notices within Derivative
+          Works that You distribute, alongside or in addition to the
+          NOTICE text from the Work, provided that such additional
+          attribution notices cannot be construed as modifying the License.
+
+      You may add Your own license statement for Your modifications and
+      may provide additional grant of rights to use, copy, modify, merge,
+      publish, distribute, sublicense, and/or sell copies of the
+      Contribution.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or reproducing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or exemplary damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or all other
+      commercial damages or losses), even if such Contributor has been
+      advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may offer only
+      conditions consistent with this License.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the syntax of the file. We also recommend
+      that a file or directory "LICENSE" or "COPYING" be included with
+      your work.
+
+   Copyright 2026 Doruk Tan Ozturk (Peak Twilight)
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -0,0 +1,305 @@
+<p align="center">
+ <img src="assets/pwnkit-icon.gif" alt="pwnkit" width="80" />
+</p>
+
+<h1 align="center">pwnkit</h1>
+
+<p align="center">
+ <strong>General-purpose autonomous pentesting framework</strong><br/>
+ <em>Scan LLM endpoints. Audit npm packages. Review source code. Re-exploit to kill false positives.</em>
+</p>
+
+<p align="center">
+ <a href="https://www.npmjs.com/package/pwnkit-cli"><img src="https://img.shields.io/npm/v/pwnkit-cli?color=crimson&style=flat-square" alt="npm version" /></a>
+ <a href="https://github.com/peaktwilight/pwnkit/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-Apache%202.0-blue?style=flat-square" alt="license" /></a>
+ <a href="https://github.com/peaktwilight/pwnkit/actions"><img src="https://img.shields.io/github/actions/workflow/status/peaktwilight/pwnkit/ci.yml?style=flat-square" alt="CI" /></a>
+ <a href="https://github.com/peaktwilight/pwnkit/stargazers"><img src="https://img.shields.io/github/stars/peaktwilight/pwnkit?style=flat-square&color=gold" alt="stars" /></a>
+ <a href="https://pwnkit.com"><img src="https://pwnkit.com/badge/peaktwilight/pwnkit" alt="pwnkit verified" /></a>
+</p>
+
+<p align="center">
+ <img src="assets/demo.gif" alt="pwnkit Demo" width="700" />
+</p>
+
+<p align="center">
+ <a href="#quick-start">Quick Start</a> &middot;
+ <a href="#commands">Commands</a> &middot;
+ <a href="#how-it-works">How It Works</a> &middot;
+ <a href="#what-pwnkit-scans">What It Scans</a> &middot;
+ <a href="#how-it-compares">Comparison</a> &middot;
+ <a href="#github-action">CI/CD</a> &middot;
+ <a href="#built-by">About</a>
+</p>
+
+---
+
+pwnkit is an open-source agentic security toolkit. A research agent discovers, attacks, and writes proof-of-concept code for vulnerabilities across LLM endpoints, npm packages, and Git repositories. Then a blind verify agent — given ONLY the PoC and file path, not the reasoning — independently reproduces each finding to **kill false positives**. No templates, no static rules — multi-turn agentic reasoning that thinks like an attacker.
+
+One command. Zero config. Every finding re-exploited or dropped.
+
+## Quick Start
+
+```bash
+# Scan an LLM endpoint
+npx pwnkit-cli scan --target https://your-app.com/api/chat
+
+# Audit an npm package for vulnerabilities
+npx pwnkit-cli audit lodash
+
+# Deep security review of a codebase
+npx pwnkit-cli review ./my-ai-app
+
+# Or just point pwnkit-cli at a target — it auto-detects what to do
+npx pwnkit-cli express     # audits npm package
+npx pwnkit-cli ./my-repo    # reviews source code
+npx pwnkit-cli https://github.com/user/repo # clones and reviews
+```
+
+That's it. pwnkit discovers your attack surface, launches targeted attacks, verifies findings, and generates a report — all in under 5 minutes.
+
+### Auto-Detect
+
+`pwnkit-cli <target>` figures out what you mean without explicit subcommands:
+
+| Input | What pwnkit-cli does |
+|-------|-----------------|
+| `pwnkit-cli express` | Treats it as an npm package name and runs `audit` |
+| `pwnkit-cli ./my-repo` | Detects a local path and runs `review` |
+| `pwnkit-cli https://github.com/user/repo` | Clones the repo and runs `review` |
+| `pwnkit-cli https://example.com/api/chat` | Detects an LLM endpoint URL and runs `scan` |
+
+Explicit subcommands (`scan`, `audit`, `review`) still work — auto-detect is just a convenience layer on top.
+
+## Commands
+
+All commands are available via `npx pwnkit-cli <command>`. Explicit subcommands are optional — thanks to auto-detect, `npx pwnkit-cli <target>` works for most use cases (see [Auto-Detect](#auto-detect) above).
+
+pwnkit ships five commands — from quick API probes to deep source-level audits:
+
+| Command | What It Does | Example |
+|---------|-------------|---------|
+| **`scan`** | Probe LLM endpoints and AI APIs for vulnerabilities | `npx pwnkit-cli scan --target https://api.example.com/chat` |
+| **`audit`** | Install and security-audit any npm package with static analysis + AI review | `npx pwnkit-cli audit express@4.18.2` |
+| **`review`** | Deep source code security review of a local repo or GitHub URL | `npx pwnkit-cli review https://github.com/user/repo` |
+| **`history`** | Browse past scans with status, depth, findings count, and duration | `npx pwnkit-cli history --limit 20` |
+| **`findings`** | Query, filter, and inspect verified findings across all scans | `npx pwnkit-cli findings list --severity critical` |
+
+## How It Works
+
+pwnkit runs autonomous AI agents in a research-then-verify pipeline. Each agent uses tools (`read_file`, `run_command`, `send_prompt`, `save_finding`) and makes multi-turn decisions — adapting its strategy based on what it learns:
+
+```mermaid
+graph LR
+    A["Research\ndiscover + attack + PoC\nsingle agent session"] --> B["Blind Verify\ngets ONLY PoC + path\nno reasoning, no bias"]
+    B --> C["Report\nSARIF, Markdown, JSON\nonly confirmed findings"]
+    B -->|can't reproduce| D["Killed"]
+
+    style A fill:#1a1a2e,stroke:#DC2626,color:#fff
+    style B fill:#1a1a2e,stroke:#3B82F6,color:#fff
+    style C fill:#1a1a2e,stroke:#8B5CF6,color:#fff
+    style D fill:#1a1a2e,stroke:#6B7280,color:#6B7280
+```
+
+| Agent | Role | What It Does |
+|-------|------|-------------|
+| **Research** | Discover + Attack + PoC | Maps endpoints, detects models, extracts system prompts, crafts multi-turn attacks (prompt injection, jailbreaks, tool poisoning, data exfiltration), and writes proof-of-concept code — all in one agent session |
+| **Verify** | Blind validation | Gets ONLY the PoC code and file path — not the research agent's reasoning. Independently traces data flow and reproduces each finding. Can't reproduce? Killed as false positive |
+| **Report** | Output | SARIF for GitHub Security tab, Markdown for humans, JSON for pipelines — only confirmed findings with severity scores and remediation |
+
+The **blind verification is the differentiator.** The verify agent can't be biased by the research agent's reasoning — same principle as double-blind peer review. No more triaging 200 "possible prompt injections" that turn out to be nothing.
+
+## What pwnkit Scans
+
+| Target | Command | How |
+|--------|---------|-----|
+| **LLM Endpoints** — ChatGPT, Claude, Llama APIs, custom chatbots | `pwnkit-cli scan --target <url>` | HTTP probing + multi-turn agent attacks |
+| **npm Packages** — Dependency supply chain, malicious code | `pwnkit-cli audit <package>` | Installs in sandbox, runs semgrep + AI code review |
+| **Git Repositories** — Source-level security review | `pwnkit-cli review <path-or-url>` | Deep analysis with Claude Code, Codex, or Gemini CLI |
+| **Auto-detect** — Give it anything | `pwnkit-cli <target>` | URL, package name, or path — pwnkit-cli figures it out |
+
+## Example Output
+
+See the [demo GIF above](#) for real scan output, or run it yourself:
+
+```bash
+npx pwnkit-cli scan --target https://your-app.com/api/chat --depth quick
+```
+
+For a verbose view with the animated attack replay:
+
+```bash
+npx pwnkit-cli scan --target https://your-app.com/api/chat --verbose
+```
+
+## Scan Depth
+
+| Depth | Test Cases | Time |
+|-------|-----------|------|
+| `quick` | ~15 | ~1 min |
+| `default` | ~50 | ~3 min |
+| `deep` | ~150 | ~10 min |
+
+pwnkit is an agentic harness — bring your own AI. Use your API key (OpenRouter, Anthropic, OpenAI, Ollama), or use the Claude Code CLI or Codex CLI with your existing subscription via `--runtime claude` or `--runtime codex`.
+
+```bash
+# Quick scan for CI
+npx pwnkit-cli scan --target https://api.example.com/chat --depth quick
+
+# Deep audit before launch
+npx pwnkit-cli scan --target https://api.example.com/chat --depth deep
+
+# Deep scan with Claude Code CLI
+npx pwnkit-cli scan --target https://api.example.com/chat --depth deep --runtime claude
+
+# Audit an npm package
+npx pwnkit-cli audit react --depth deep --runtime claude
+
+# Review a GitHub repo
+npx pwnkit-cli review https://github.com/user/repo --runtime codex --depth deep
+
+# Auto-detect — just give it a target
+npx pwnkit-cli express
+npx pwnkit-cli ./my-repo
+npx pwnkit-cli https://api.example.com
+```
+
+## Runtime Modes
+
+Bring your own agent CLI — pwnkit orchestrates it:
+
+| Runtime | Flag | Best For |
+|---------|------|----------|
+| `api` | `--runtime api` | CI, quick scans — uses your API key (OpenRouter, Anthropic, OpenAI). Default |
+| `claude` | `--runtime claude` | Deep analysis — spawns Claude Code CLI with your subscription |
+| `codex` | `--runtime codex` | Source analysis — spawns Codex CLI |
+| `gemini` | `--runtime gemini` | Large context source analysis — spawns Gemini CLI |
+| `auto` | `--runtime auto` | Auto-detects installed CLIs, picks best per stage |
+
+## How It Compares
+
+| Feature | pwnkit | promptfoo | garak | semgrep | nuclei |
+|---------|--------|-----------|-------|---------|--------|
+| **Agentic multi-turn pipeline** | Yes — Autonomous agents with tool use | No — Single runner | No — Single runner | No — Rule-based | No — Template runner |
+| **Verification (no false positives)** | Yes — Re-exploits to confirm | No | No | No | No |
+| **LLM endpoint scanning** | Yes — Prompt injection, jailbreaks, exfil | Yes — Red-teaming | Yes — Probes | No | No |
+| **npm package audit** | Yes — Semgrep + AI review | No | No | Yes — Rules only | No |
+| **Source code review** | Yes — AI-powered deep analysis | No | No | Yes — Rules only | No |
+| **OWASP LLM Top 10** | Yes — Covered | Partial | Partial | N/A | N/A |
+| **SARIF + GitHub Security tab** | Yes | Yes | No | Yes | Yes |
+| **One command, zero config** | Yes — `npx pwnkit-cli scan` | Needs YAML config | Needs Python setup | Needs rules config | Needs templates |
+| **Open source** | Yes — Apache-2.0 | Yes — (acquired by OpenAI) | Yes — MIT | Yes — LGPL / Paid Pro | Yes — MIT |
+| **Pricing** | Free + bring your own AI | Varies | Free (local) | Free (OSS) / Paid (Pro) | Free |
+
+pwnkit isn't replacing semgrep or nuclei — it covers the AI-specific attack surface they can't see. Use them together.
+
+## GitHub Action
+
+Add pwnkit to your CI/CD pipeline:
+
+```yaml
+name: AI Security Scan
+on: [push, pull_request]
+
+permissions:
+ contents: read
+ security-events: write
+
+jobs:
+ pwnkit:
+  runs-on: ubuntu-latest
+  steps:
+   - uses: actions/checkout@v4
+
+   - name: Run pwnkit
+    uses: peaktwilight/pwnkit/action@v1
+    with:
+     target: ${{ secrets.STAGING_API_URL }}
+     depth: default # quick | default | deep
+     fail-on-severity: high # critical | high | medium | low | info | none
+    env:
+     OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
+
+   - name: Upload SARIF
+    uses: github/codeql-action/upload-sarif@v3
+    with:
+     sarif_file: pwnkit-report/report.sarif
+```
+
+> **API Key Priority:** pwnkit checks for `OPENROUTER_API_KEY` first, then `ANTHROPIC_API_KEY`, then `OPENAI_API_KEY`. OpenRouter gives you access to many models (including free ones) through a single key at [openrouter.ai](https://openrouter.ai).
+
+Findings show up directly in the **Security** tab of your repository.
+
+### Badge
+
+Add a pwnkit badge to your README:
+
+```markdown
+[![pwnkit](https://pwnkit.com/badge/YOUR_ORG/YOUR_REPO)](https://pwnkit.com)
+```
+
+The badge auto-updates from your GitHub Actions scan results. Shows `verified` (green), finding counts (yellow/red), or `not scanned` (gray).
+
+Also available as a [shields.io endpoint](https://shields.io/endpoint):
+```
+https://img.shields.io/endpoint?url=https://pwnkit.com/badge/YOUR_ORG/YOUR_REPO/shield
+```
+
+## Findings Management
+
+Every finding is persisted in a local SQLite database. Query across scans:
+
+```bash
+# List critical findings
+npx pwnkit-cli findings list --severity critical
+
+# Filter by category
+npx pwnkit-cli findings list --category prompt-injection --status confirmed
+
+# Inspect a specific finding with full evidence
+npx pwnkit-cli findings show NF-001
+
+# Browse scan history
+npx pwnkit-cli history --limit 10
+```
+
+Finding lifecycle: `discovered → verified → confirmed → scored → reported` (or `false-positive` if verification fails).
+
+## Roadmap
+
+- [x] Core autonomous agent pipeline (research, blind verify, report)
+- [x] OWASP LLM Top 10 coverage
+- [x] SARIF output + GitHub Action
+- [x] npm package auditing
+- [x] Source code review (local + GitHub)
+- [x] Multi-runtime support (Claude, Codex, Gemini)
+- [x] Multi-turn agentic attacks (agents adapt payloads based on responses)
+- [ ] MCP server scanning (tool poisoning, schema abuse)
+- [ ] Web pentesting mode (SQLi, XSS, SSRF, auth bypass, IDOR)
+- [ ] RAG pipeline security (poisoning, extraction)
+- [ ] Agentic workflow testing (multi-tool chains)
+- [ ] VS Code extension
+- [ ] Team dashboard & historical tracking
+- [ ] SOC 2 / compliance report generation
+
+## Built By
+
+Created by a security researcher with [7 published CVEs](https://doruk.ch/blog) across node-forge, mysql2, uptime-kuma, liquidjs, picomatch, and jspdf.
+
+pwnkit is a general-purpose autonomous pentesting framework. It exists because modern attack surfaces — LLM endpoints, npm supply chains, AI-powered codebases — require agents that adapt, not static rules that don't. You can't `nmap` a language model. You can't write a rule for a jailbreak that hasn't been invented yet. Static analysis alone misses logical flaws and semantic vulnerabilities that only an agent tracing data flow can find.
+
+pwnkit uses autonomous agents that think like attackers, adapt their strategy mid-scan, and re-exploit every finding before reporting it. The result: real vulnerabilities, zero noise.
+
+## Contributing
+
+Contributions welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+```bash
+git clone https://github.com/peaktwilight/pwnkit.git
+cd pwnkit
+pnpm install
+pnpm test
+```
+
+## License
+
+[Apache 2.0](LICENSE) — use it, fork it, ship it.