pwnkit-cli 0.3.3 → 0.3.4

package/README.md

@@ -6,7 +6,7 @@
 
 <p align="center">
  <strong>General-purpose autonomous pentesting framework</strong><br/>
- <em>Scan LLM endpoints. Audit npm packages. Review source code. Pentest web apps. Re-exploit to kill false positives.</em>
+ <em>Scan LLM endpoints. Audit npm packages. Review source code. Re-exploit to kill false positives.</em>
 </p>
 
 <p align="center">
@@ -33,7 +33,7 @@
 
 ---
 
-pwnkit is an open-source agentic security toolkit. A research agent discovers, attacks, and writes proof-of-concept code for vulnerabilities across LLM endpoints, web applications, npm packages, and Git repositories. Then a blind verify agent — given ONLY the PoC and file path, not the reasoning — independently reproduces each finding to **kill false positives**. No templates, no static rules — multi-turn agentic reasoning that thinks like an attacker.
+pwnkit is an open-source agentic security toolkit. A research agent discovers, attacks, and writes proof-of-concept code for vulnerabilities across LLM endpoints, npm packages, and Git repositories. Then a blind verify agent — given ONLY the PoC and file path, not the reasoning — independently reproduces each finding to **kill false positives**. No templates, no static rules — multi-turn agentic reasoning that thinks like an attacker.
 
 One command. Zero config. Every finding re-exploited or dropped.
 
@@ -49,25 +49,24 @@ npx pwnkit-cli audit lodash
 # Deep security review of a codebase
 npx pwnkit-cli review ./my-ai-app
 
-# Or just point pwnkit at a target — it auto-detects what to do
+# Or just point pwnkit-cli at a target — it auto-detects what to do
 npx pwnkit-cli express     # audits npm package
 npx pwnkit-cli ./my-repo    # reviews source code
 npx pwnkit-cli https://github.com/user/repo # clones and reviews
-npx pwnkit-cli https://example.com      # scans web endpoint
 ```
 
 That's it. pwnkit discovers your attack surface, launches targeted attacks, verifies findings, and generates a report — all in under 5 minutes.
 
 ### Auto-Detect
 
-`pwnkit <target>` figures out what you mean without explicit subcommands:
+`pwnkit-cli <target>` figures out what you mean without explicit subcommands:
 
-| Input | What pwnkit does |
+| Input | What pwnkit-cli does |
 |-------|-----------------|
-| `pwnkit express` | Treats it as an npm package name and runs `audit` |
-| `pwnkit ./my-repo` | Detects a local path and runs `review` |
-| `pwnkit https://github.com/user/repo` | Clones the repo and runs `review` |
-| `pwnkit https://example.com` | Detects an HTTP URL and runs `scan` |
+| `pwnkit-cli express` | Treats it as an npm package name and runs `audit` |
+| `pwnkit-cli ./my-repo` | Detects a local path and runs `review` |
+| `pwnkit-cli https://github.com/user/repo` | Clones the repo and runs `review` |
+| `pwnkit-cli https://example.com/api/chat` | Detects an LLM endpoint URL and runs `scan` |
 
 Explicit subcommands (`scan`, `audit`, `review`) still work — auto-detect is just a convenience layer on top.
 
@@ -79,7 +78,7 @@ pwnkit ships five commands — from quick API probes to deep source-level audits
 
 | Command | What It Does | Example |
 |---------|-------------|---------|
-| **`scan`** | Probe LLM endpoints, MCP servers, and AI APIs for vulnerabilities | `npx pwnkit-cli scan --target https://api.example.com/chat` |
+| **`scan`** | Probe LLM endpoints and AI APIs for vulnerabilities | `npx pwnkit-cli scan --target https://api.example.com/chat` |
 | **`audit`** | Install and security-audit any npm package with static analysis + AI review | `npx pwnkit-cli audit express@4.18.2` |
 | **`review`** | Deep source code security review of a local repo or GitHub URL | `npx pwnkit-cli review https://github.com/user/repo` |
 | **`history`** | Browse past scans with status, depth, findings count, and duration | `npx pwnkit-cli history --limit 20` |
@@ -89,17 +88,16 @@ pwnkit ships five commands — from quick API probes to deep source-level audits
 
 pwnkit runs autonomous AI agents in a research-then-verify pipeline. Each agent uses tools (`read_file`, `run_command`, `send_prompt`, `save_finding`) and makes multi-turn decisions — adapting its strategy based on what it learns:
 
-```
- +-----------+   +------------------+   +-----------+
- | RESEARCH | --> | BLIND VERIFY  | --> | REPORT  |
- | (Discover |   | (PoC + path only |   | (Output) |
- | + Attack |   | no reasoning)  |   |      |
- | + PoC)  |   +------------------+   +-----------+
- +-----------+   Runs in parallel     Only confirmed
-  Single agent   per finding —      findings in SARIF,
-  session: recon,  independently      Markdown, and JSON
-  payloads, and   reproduces or      with severity +
-  proof-of-concept kills finding      remediation
+```mermaid
+graph LR
+    A["Research\ndiscover + attack + PoC\nsingle agent session"] --> B["Blind Verify\ngets ONLY PoC + path\nno reasoning, no bias"]
+    B --> C["Report\nSARIF, Markdown, JSON\nonly confirmed findings"]
+    B -->|can't reproduce| D["Killed"]
+
+    style A fill:#1a1a2e,stroke:#DC2626,color:#fff
+    style B fill:#1a1a2e,stroke:#3B82F6,color:#fff
+    style C fill:#1a1a2e,stroke:#8B5CF6,color:#fff
+    style D fill:#1a1a2e,stroke:#6B7280,color:#6B7280
 ```
 
 | Agent | Role | What It Does |
@@ -114,12 +112,10 @@ The **blind verification is the differentiator.** The verify agent can't be bias
 
 | Target | Command | How |
 |--------|---------|-----|
-| **LLM Endpoints** — ChatGPT, Claude, Llama APIs, custom chatbots | `scan --target <url>` | HTTP probing + multi-turn agent attacks |
-| **MCP Servers** — Tool schemas, input validation, authorization | `scan --target <url> --mode mcp` | Connects to server, enumerates tools, tests each |
-| **Web Apps & APIs** — AI-powered copilots, agents, RAG pipelines | `scan --target <url> --mode deep --repo ./src` | API probing + source code analysis |
-| **Web Pentesting** — SQLi, XSS, SSRF, auth bypass, IDOR | `scan --target <url> --mode web` | Full autonomous web pentest, agents adapt per finding |
-| **npm Packages** — Dependency supply chain, malicious code | `audit <package>` | Installs in sandbox, runs semgrep + AI code review |
-| **Git Repositories** — Source-level security review | `review <path-or-url>` | Deep analysis with Claude Code, Codex, or Gemini CLI |
+| **LLM Endpoints** — ChatGPT, Claude, Llama APIs, custom chatbots | `pwnkit-cli scan --target <url>` | HTTP probing + multi-turn agent attacks |
+| **npm Packages** — Dependency supply chain, malicious code | `pwnkit-cli audit <package>` | Installs in sandbox, runs semgrep + AI code review |
+| **Git Repositories** — Source-level security review | `pwnkit-cli review <path-or-url>` | Deep analysis with Claude Code, Codex, or Gemini CLI |
+| **Auto-detect** — Give it anything | `pwnkit-cli <target>` | URL, package name, or path — pwnkit-cli figures it out |
 
 ## Example Output
 
@@ -152,20 +148,19 @@ npx pwnkit-cli scan --target https://api.example.com/chat --depth quick
 # Deep audit before launch
 npx pwnkit-cli scan --target https://api.example.com/chat --depth deep
 
-# Source + API scan with Claude Code
-npx pwnkit-cli scan --target https://api.example.com/chat --runtime claude --mode deep --repo ./src
-
-# MCP server audit
-npx pwnkit-cli scan --target https://mcp-server.example.com --mode mcp --runtime claude
-
-# Full web pentest (SQLi, XSS, SSRF, auth bypass, IDOR)
-npx pwnkit-cli scan --target https://example.com --mode web --runtime claude
+# Deep scan with Claude Code CLI
+npx pwnkit-cli scan --target https://api.example.com/chat --depth deep --runtime claude
 
 # Audit an npm package
 npx pwnkit-cli audit react --depth deep --runtime claude
 
 # Review a GitHub repo
 npx pwnkit-cli review https://github.com/user/repo --runtime codex --depth deep
+
+# Auto-detect — just give it a target
+npx pwnkit-cli express
+npx pwnkit-cli ./my-repo
+npx pwnkit-cli https://api.example.com
 ```
 
 ## Runtime Modes
@@ -174,23 +169,11 @@ Bring your own agent CLI — pwnkit orchestrates it:
 
 | Runtime | Flag | Best For |
 |---------|------|----------|
-| `api` | `--runtime api` | CI, quick scans — uses OpenRouter by default (`claude-sonnet-4.6`), no dependencies (default) |
-| `claude` | `--runtime claude` | Attack generation, deep analysis — spawns Claude Code CLI |
-| `codex` | `--runtime codex` | Verification, source analysis — spawns Codex CLI |
+| `api` | `--runtime api` | CI, quick scans — uses your API key (OpenRouter, Anthropic, OpenAI). Default |
+| `claude` | `--runtime claude` | Deep analysis — spawns Claude Code CLI with your subscription |
+| `codex` | `--runtime codex` | Source analysis — spawns Codex CLI |
 | `gemini` | `--runtime gemini` | Large context source analysis — spawns Gemini CLI |
-| `` | `--runtime ` | Multi-provider flexibility — spawns CLI |
-| `auto` | `--runtime auto` | Best overall — auto-detects installed runtimes, picks best per stage |
-
-Combined with scan modes:
-
-| Mode | Flag | Description |
-|------|------|-------------|
-| `probe` | `--mode probe` | Send payloads to API, check responses (default) |
-| `deep` | `--mode deep` | API probing + source code audit (requires `--repo`) |
-| `mcp` | `--mode mcp` | Connect to MCP server, enumerate tools, test each for security issues |
-| `web` | `--mode web` | Full web pentesting — SQLi, XSS, SSRF, auth bypass, IDOR |
-
-> `deep`, `mcp`, and `web` modes require a process runtime (`claude`, `codex`, `gemini`, ``, or `auto`).
+| `auto` | `--runtime auto` | Auto-detects installed CLIs, picks best per stage |
 
 ## How It Compares
 
@@ -199,11 +182,9 @@ Combined with scan modes:
 | **Agentic multi-turn pipeline** | Yes — Autonomous agents with tool use | No — Single runner | No — Single runner | No — Rule-based | No — Template runner |
 | **Verification (no false positives)** | Yes — Re-exploits to confirm | No | No | No | No |
 | **LLM endpoint scanning** | Yes — Prompt injection, jailbreaks, exfil | Yes — Red-teaming | Yes — Probes | No | No |
-| **Web pentesting (SQLi, XSS, SSRF, IDOR)** | Yes — `--mode web` | No | No | No | Partial — Templates only |
-| **MCP server security** | Yes — Tool poisoning, schema abuse | No | No | No | No |
 | **npm package audit** | Yes — Semgrep + AI review | No | No | Yes — Rules only | No |
 | **Source code review** | Yes — AI-powered deep analysis | No | No | Yes — Rules only | No |
-| **OWASP LLM Top 10** | Yes — 8/10 covered | Partial | Partial | N/A | N/A |
+| **OWASP LLM Top 10** | Yes — Covered | Partial | Partial | N/A | N/A |
 | **SARIF + GitHub Security tab** | Yes | Yes | No | Yes | Yes |
 | **One command, zero config** | Yes — `npx pwnkit-cli scan` | Needs YAML config | Needs Python setup | Needs rules config | Needs templates |
 | **Open source** | Yes — Apache-2.0 | Yes — (acquired by OpenAI) | Yes — MIT | Yes — LGPL / Paid Pro | Yes — MIT |
@@ -286,14 +267,14 @@ Finding lifecycle: `discovered → verified → confirmed → scored → reporte
 ## Roadmap
 
 - [x] Core autonomous agent pipeline (research, blind verify, report)
-- [x] OWASP LLM Top 10 coverage (8/10)
+- [x] OWASP LLM Top 10 coverage
 - [x] SARIF output + GitHub Action
-- [x] MCP server scanning
 - [x] npm package auditing
 - [x] Source code review (local + GitHub)
 - [x] Multi-runtime support (Claude, Codex, Gemini)
 - [x] Multi-turn agentic attacks (agents adapt payloads based on responses)
-- [x] Web pentesting mode (SQLi, XSS, SSRF, auth bypass, IDOR)
+- [ ] MCP server scanning (tool poisoning, schema abuse)
+- [ ] Web pentesting mode (SQLi, XSS, SSRF, auth bypass, IDOR)
 - [ ] RAG pipeline security (poisoning, extraction)
 - [ ] Agentic workflow testing (multi-tool chains)
 - [ ] VS Code extension
@@ -304,7 +285,7 @@ Finding lifecycle: `discovered → verified → confirmed → scored → reporte
 
 Created by a security researcher with [7 published CVEs](https://doruk.ch/blog) across node-forge, mysql2, uptime-kuma, liquidjs, picomatch, and jspdf.
 
-pwnkit is a general-purpose autonomous pentesting framework. It exists because modern attack surfaces — LLM endpoints, MCP servers, AI-powered web apps — require agents that adapt, not static rules that don't. You can't `nmap` a language model. You can't write a rule for a jailbreak that hasn't been invented yet. And traditional web scanners don't understand context — they miss IDOR in paginated APIs and SSRF buried in AI pipeline callbacks.
+pwnkit is a general-purpose autonomous pentesting framework. It exists because modern attack surfaces — LLM endpoints, npm supply chains, AI-powered codebases — require agents that adapt, not static rules that don't. You can't `nmap` a language model. You can't write a rule for a jailbreak that hasn't been invented yet. Static analysis alone misses logical flaws and semantic vulnerabilities that only an agent tracing data flow can find.
 
 pwnkit uses autonomous agents that think like attackers, adapt their strategy mid-scan, and re-exploit every finding before reporting it. The result: real vulnerabilities, zero noise.
 

package/dist/LICENSE

@@ -0,0 +1,188 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship made available under
+      the License, as indicated by a copyright notice that is included in
+      or attached to the work (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean, as submitted to the Licensor for inclusion
+      in the Work by the copyright owner or by an individual or Legal Entity
+      authorized to submit on behalf of the copyright owner. For the purposes
+      of this definition, "submitted" means any form of electronic, verbal,
+      or written communication sent to the Licensor or its representatives,
+      including but not limited to communication on electronic mailing lists,
+      source code control systems, and issue tracking systems that are managed
+      by, or on behalf of, the Licensor for the purpose of submitting and
+      discussing improvements to the Work, but excluding communication that is
+      conspicuously marked or designated in writing by the copyright owner as
+      "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any Legal Entity on behalf of
+      whom a Contribution has been received by the Licensor and included
+      within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by the combined Work (with their
+      Contribution(s)). If You institute patent litigation against any
+      entity (including a cross-claim or counterclaim in a lawsuit)
+      alleging that the Work or any Contribution embodied within the Work
+      constitutes a patent or copyright infringement, then any patent
+      licenses granted to You under this License for that Work shall
+      terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative
+          Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, You must include a readable copy of the
+          attribution notices contained within such NOTICE file, in
+          at least one of the following places: within a NOTICE text
+          file distributed as part of the Derivative Works; within
+          the Source form or documentation, if provided along with the
+          Derivative Works; or, within a display generated by the
+          Derivative Works, if and wherever such third-party notices
+          normally appear. The contents of the NOTICE file are for
+          informational purposes only and do not modify the License.
+          You may add Your own attribution notices within Derivative
+          Works that You distribute, alongside or in addition to the
+          NOTICE text from the Work, provided that such additional
+          attribution notices cannot be construed as modifying the License.
+
+      You may add Your own license statement for Your modifications and
+      may provide additional grant of rights to use, copy, modify, merge,
+      publish, distribute, sublicense, and/or sell copies of the
+      Contribution.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or reproducing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or exemplary damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or all other
+      commercial damages or losses), even if such Contributor has been
+      advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may offer only
+      conditions consistent with this License.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the syntax of the file. We also recommend
+      that a file or directory "LICENSE" or "COPYING" be included with
+      your work.
+
+   Copyright 2026 Doruk Tan Ozturk (Peak Twilight)
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.