Shannon runs live pentests against your web app by reading your source code to find attack surfaces, then actually executing exploits like SQLi, XSS, SSRF, and auth bypasses against the running application. It only reports vulnerabilities it can reproduce with working proof-of-concept code. The whole thing runs in Docker containers and spins up parallel agents that test different vulnerability classes simultaneously. You point it at a URL and repo path, and it generates a report with copy-paste curl commands for every confirmed finding. Good for CI pipelines or pre-deployment audits when you want more than static analysis but don't have time for manual testing. Supports resumable workspaces and handles 2FA automatically if you pass TOTP secrets.
npx skills add https://github.com/aradotso/trending-skills --skill shannon-ai-pentester