shannon-ai-pentester

Skill by ara.so — Daily 2026 Skills collection. Shannon is an autonomous, white-box AI pentester for web applications and APIs. It reads your source code to identify attack vectors, then executes real exploits (SQLi, XSS, SSRF, auth bypass, authorization flaws) against a live running application — only reporting vulnerabilities with a working proof-of-concept. Shannon builds containers, starts the workflow in the background, and returns a workflow ID. Workspaces allow you to pause and resume long-running pentests: Reports are written to the workspace directory (default: ./workspaces/ / ): The report includes: Shannon currently tests for: - Reconnaissance — Nmap, Subfinder, WhatWeb, and Schemathesis scan the target - Code Analysis — Shannon reads your repository to map attack surfaces - Parallel Exploitation — Concurrent agents attempt live exploits across all vulnerability categories - Report Generation — Only confirmed, reproducible findings with copy-paste PoCs are included - Docker (required — Shannon runs entirely in containers) - An Anthropic API key, Claude Code OAuth token, AWS Bedrock credentials, or Google Vertex AI credentials - Vulnerability title and CVSS-style severity - Affected endpoint and parameter - Root cause with source code reference - Step-by-step reproduction instructions - Copy-paste curl/HTTP PoC - Only test applications you own or have explicit...