Summary

Shannon is an AI-powered penetration testing tool designed to autonomously discover and exploit vulnerabilities in web applications. It addresses the critical security gap between infrequent manual penetration tests by providing continuous, on-demand white-box analysis. This allows development teams to identify and fix exploitable flaws before deployment, enabling them to ship code with greater confidence and security.

How It Works

Shannon emulates a human penetration tester using a sophisticated multi-agent architecture. It combines deep white-box source code analysis with black-box dynamic exploitation across four distinct phases: reconnaissance, vulnerability analysis, exploitation, and reporting. Specialized AI agents analyze the application's codebase and infrastructure, then perform live, browser-based attacks to confirm hypothesized vulnerabilities with concrete proof-of-concept exploits, minimizing false positives.

Quick Start & Requirements

• Installation: Primarily deployed via Docker.
• Prerequisites: Requires a Claude Console account with credits or an Anthropic API key, and Docker installed. The tool operates in a white-box capacity, necessitating access to the target application's source code.
• Links: Website: https://keygraph.io, Discord: https://discord.gg/aWY8rRUCxc.

Highlighted Details

• Achieved a 96.15% success rate on the XBOW Benchmark, identifying actual exploits.
• Fully autonomous operation handles complex authentication (2FA, Google Sign-in) and browser navigation without intervention.
• Delivers pentester-grade reports featuring reproducible, copy-and-paste Proof-of-Concepts for actionable findings.
• Covers critical OWASP vulnerabilities including Injection, XSS, SSRF, and Broken Authentication/Authorization.
• Leverages code-aware analysis to guide dynamic exploitation and integrates tools like Nmap and Subfinder.
• Parallel processing accelerates analysis and exploitation phases.

Maintenance & Community

• Community: Active community support via Discord (https://discord.gg/aWY8rRUCxc). Bug reporting via GitHub Issues and feature suggestions via GitHub Discussions.
• Stay Connected: Follow on Twitter (@KeygraphHQ) and LinkedIn (Keygraph). Visit the website at keygraph.io.

Licensing & Compatibility

• Shannon Lite: Released under the GNU Affero General Public License v3.0 (AGPL-3.0). This license permits free internal use and private modification but requires open-sourcing modifications if the software is offered as a public or managed service.
• Compatibility: Designed for white-box testing, requiring source code access. AGPL-3.0 has copyleft implications for service providers.

Limitations & Caveats

Shannon is strictly white-box and requires source code access. Its exploitation agents actively modify targets, making it unsuitable for production environments. While engineered to minimize false positives, human oversight is recommended for LLM-generated reports. Shannon Lite focuses on actively exploitable vulnerabilities and may not cover all security risks, such as vulnerable third-party libraries; Shannon Pro offers more comprehensive analysis. A full run can take 1-1.5 hours and incur costs (~$50 USD with Claude 4.5 Sonnet).