Let autonomous AI agents hack you before attackers do.
Fully autonomous agentic pentesting for web apps, AI/LLM apps, package ecosystems, and source code.
-e63946?style=flat-square&labelColor=2b2d42){kind=icon}
-e63946?style=flat-square&labelColor=2b2d42){kind=icon}
-e63946?style=flat-square&labelColor=2b2d42){kind=icon}
Docs · Website · Blog · Benchmark · Triage
curl -fsSL https://raw.githubusercontent.com/0sec-labs/pwnkit/main/install.sh | bashDrops a standalone pwnkit binary into ~/.pwnkit/bin (~74 MB, linux-x64 / linux-arm64 / darwin-arm64 / windows-x64). Pin a version with PWNKIT_VERSION=vX.Y.Z, change the install dir with PWNKIT_INSTALL_DIR=….
Alternatives:
# Node ≥20 (npm bundle, command name is pwnkit-cli)
npx pwnkit-cli scan --target https://example.com
# Docker (Playwright + sqlmap/wpscan/nmap/nikto/gobuster/ffuf/hydra/john preinstalled)
docker run --rm -e OPENROUTER_API_KEY=$KEY \
ghcr.io/0sec-labs/pwnkit:latest scan --target https://example.comIntel Mac users have no prebuilt binary — install Bun and build from source.
# AI / LLM endpoint
pwnkit scan --target https://example.com/api/chat
# Web app (optionally with source for white-box)
pwnkit scan --target https://example.com --mode web
pwnkit scan --target https://example.com --repo ./source
# Audit a package, review source, ingest kernel crashes
pwnkit audit lodash
pwnkit review ./my-app
pwnkit ingest ./kernel-crashes --verify --output json
pwnkit ingest --reproducer ./poc.c --kernel-tree ./linux --config kasan --output json
pwnkit ingest ./kernel-crashes --review-subsystem --tree ./linux --output json
# Kernel-advisory variant hunting with foxguard rules
pwnkit kernel variant-hunt --tree ./linux --rules ./foxguard/rules/kernel/dirty-frag-class
# Auto-detect
pwnkit https://example.comscan, audit, review, ingest, kernel, and h1 cover detection. dashboard, history, findings, and triage cover review. Full reference: docs.pwnkit.com/commands.
- Shell-first web pentesting. The agent uses
bash, writes scripts, and chains tools like a human pentester instead of being trapped in a small HTTP-tool DSL. - Blind verification. Findings are independently re-exploited before they are reported.
- Public benchmark transparency. Raw artifacts and per-challenge breakdowns under
packages/benchmark/results.
- uses: 0sec-labs/pwnkit@main
with:
mode: review
path: .
format: sarif
env:
OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}Getting Started · Commands · Configuration · Recipes · Architecture · Triage · Benchmark · Adversarial evals
git clone https://github.com/0sec-labs/pwnkit.git
cd pwnkit && pnpm install && pnpm lint && pnpm testWhen running from a source checkout, rebuild after every pull before invoking the ignored bundle:
pnpm run build
node dist/pwnkit.js --helpdist/pwnkit.js embeds the git commit it was built from and exits if it no longer matches the checkout HEAD; this prevents clean-looking source trees from running stale ignored code.
See CONTRIBUTING.md.
Open-source adversarial security for the agentic AI era: