Lonkero is a professional-grade, Rust-based web security scanner designed for penetration testing, aiming to provide faster, more accurate, and modular assessments. It targets security professionals by offering advanced features that reduce false positives and increase efficiency compared to traditional scanners. The core benefit lies in its intelligent, context-aware approach, leveraging machine learning and novel detection techniques to identify vulnerabilities with higher confidence.

How It Works

Lonkero employs an "Intelligent Mode" that automatically detects the target's technology stack, deduplicates endpoints, and scores parameters by risk to prioritize testing. Its approach is distinguished by a proof-based XSS scanner that relies purely on HTTP analysis, eliminating browser dependencies and significantly increasing speed. Furthermore, the OOBZero engine enables blind SQL injection detection without requiring external callback infrastructure, using a combination of statistical inference and deterministic confirmation. Machine learning is integrated for auto-learning from scan results to continuously reduce false positives, with an opt-in federated learning option for community-driven model improvement.

Quick Start & Requirements

• Installation: Install via cargo install lonkero, download pre-built binaries from GitHub Releases, or build from source.
• Prerequisites: Rust 1.85+, OpenSSL development libraries. Debian/Ubuntu systems require build-essential pkg-config libssl-dev. A valid license key is needed for premium features.
• Links: Official Website: https://lonkero.bountyy.fi/en, Documentation: github.com/bountyyfi/lonkero.

Highlighted Details

• Features 126+ advanced security scanners across various categories including Injection, Authentication, API Security, and Frameworks.
• Offers ML Auto-Learning for continuous improvement and reduced false positives, with optional federated learning.
• Includes a Proof-Based XSS Scanner that operates without browser dependencies, achieving high speed and accuracy.
• The OOBZero Engine provides zero-infrastructure blind SQL injection detection.
• Intelligent Mode uses smart parameter filtering and context-aware scanning for up to 80% faster scans.
• Detects README Invisible Prompt Injection attacks targeting LLM security.

Maintenance & Community

The project is developed by Bountyy Oy. While specific community channels like Discord or Slack are not detailed, CI/CD integration examples for GitHub Actions and GitLab CI are provided, indicating a focus on developer workflows.

Licensing & Compatibility

Lonkero is proprietary software. Commercial use requires a valid license, obtainable via the official website or direct contact.

Limitations & Caveats

A license key is mandatory for accessing premium detection techniques and advanced features. The proprietary license restricts free commercial adoption.