Skip to content

tr4m0ryp/shor

Repository files navigation

Shor

Readme coming soon.

Shor is an autonomous offensive-security engine for web apps: a multi-agent pipeline — recon, source-grounded vulnerability analysis, adversarial screening, and live exploitation — that proves every finding by replaying its PoC. Built to break web apps the way a real attacker would, and surface only validated, exploitable bugs.

Memory

Shor learns. A two-tier retrieval memory (RAG) grounds every analysis in prior work — a per-project tier that remembers what's been found in a target, and a shared knowledge tier pre-seeded with distilled attack-technique research (MITRE CAPEC + recent web-security writeups) — so the engine starts with ideas instead of blank and sharpens with every scan.

Tooling

Shor's agents don't just reason — they wield 30+ real offensive-security tools, exposed to the model as invokable skills. So recon, exploitation, and static analysis run on the same industry tooling a human pentester reaches for:

  • Recon: nmap · naabu · httpx · katana · ffuf · arjun · paramspider · subfinder · dnsx · gau · waybackurls · kxss · wafw00f · nuclei
  • Exploitation: sqlmap · commix · nosqli · xsstrike · dalfox · ssrfmap · sstimap · jwt_tool · hydra · interactsh-client · playwright
  • Static analysis: semgrep · gitleaks · trufflehog · osv-scanner · trivy

Acknowledgements

Shor's discovery-and-verification pipeline ports ideas from Anthropic's defending-code reference harness, and its agent design follows Anthropic's Building Effective Agents patterns. It also builds on prior work in autonomous, validated penetration testing:

  • Anthropic — Defending code reference harness — the discovery + verification pipeline Shor is based on (repo, Claude Code security).
  • Anthropic — Building Effective Agents — the orchestrator-workers and evaluator–optimizer patterns the pipeline is built on.
  • XBOW — validated, safe-PoC findings and its public challenge benchmark.
  • PentestGPT — LLM-driven specialist-sub-agent pentest orchestration.
  • Shannon — open-source autonomous web-pentest agent.
  • Strix and HexStrike AI — additional prior art in agentic penetration testing.

License

Shor is source-available, licensed under the PolyForm Noncommercial License 1.0.0not an OSI open-source license.

  • You may use, modify, fork, and share Shor freely for any noncommercial purpose, as long as you keep the copyright and Required Notice: lines (see NOTICE) and credit "Based on Shor by Keygraph, Inc."
  • You may not sell it, bundle it into a paid product, or run it as a paid/hosted service without a commercial license.

Copyright (c) 2025-2026 Keygraph, Inc. Commercial licensing enquiries: see NOTICE. Contributions are accepted under the Contributor License Agreement.

About

Autonomous web-app pentest engine — a multi-agent pipeline wielding 30+ offensive-security tools as skills, PoC-validated findings. Built on Anthropic's defending-code harness + Building Effective Agents.

Topics

Resources

License

Stars

4 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors