Rogue is an AI-powered web vulnerability scanner designed for security professionals and researchers. It leverages Large Language Models (LLMs) to mimic human penetration testing by intelligently discovering, generating test cases for, and validating web application vulnerabilities, aiming to reduce false positives and provide detailed reports.

How It Works

Rogue employs a modular architecture with an Agent orchestrating the process. A Planner component, supporting OpenAI and Anthropic Claude models, generates intelligent testing strategies. A Scanner handles web interaction and data collection, while a Proxy monitors traffic. Findings are validated and reported by dedicated components, with optional subdomain enumeration and recursive URL testing. This LLM-driven approach allows for context-aware testing and advanced payload generation beyond traditional pattern-based scanners.

Quick Start & Requirements

• Install: Clone the repository and install dependencies with pip install -r requirements.txt.
• Prerequisites: Python 3.8+, OpenAI API key, Anthropic API key (optional), Playwright.
• Setup: Set API keys via environment variables (e.g., export OPENAI_API_KEY='your-openai-key-here').
• Usage: Basic scan: python run.py -u https://example.com. Advanced scan with subdomain enumeration: python run.py -u https://example.com -e -s.
• Docs: https://github.com/faizann24/rogue

Highlighted Details

• Supports OpenAI (e.g., gpt-4o) and Anthropic Claude (e.g., claude-3-5-haiku-20241022) models.
• Features automated exploit verification to minimize false positives.
• Includes subdomain enumeration and traffic monitoring via a built-in proxy.
• Generates comprehensive reports with executive summaries, detailed findings, and remediation recommendations.

Maintenance & Community

The project is in early release with active calls for contributions. Issues can be opened in the repository, and maintainers can be contacted at faizann288@gmail.com.

Licensing & Compatibility

Licensed under GPL3. This license may impose copyleft restrictions, potentially requiring derivative works to also be open-sourced under GPL3, which could affect commercial or closed-source integration.

Limitations & Caveats

This is an early release with many features still in development, including planned integration of vision API capabilities and more sophisticated planning algorithms. The GPL3 license may present compatibility challenges for certain commercial use cases.