Getting Started

pwnkit is a general-purpose autonomous pentesting framework. It scans AI/LLM apps, web applications, REST/OpenAPI APIs, package ecosystems, and source code using an agentic pipeline that discovers, attacks, verifies, and reports — with blind verification to kill false positives.

Installation

From v0.9.0 onwards, pwnkit ships as a self-contained binary with the Bun runtime baked in — no Node, no Bun, no node_modules to fetch:

curl -fsSL https://raw.githubusercontent.com/0sec-labs/pwnkit/main/install.sh | bash

This drops a single binary (~75-130 MB depending on platform) into ~/.pwnkit/bin/pwnkit. Set PWNKIT_INSTALL_DIR=/usr/local/bin to change the location, PWNKIT_VERSION=vX.Y.Z to pin a version.

Supported platforms: macOS arm64, Linux x64, Linux arm64. Windows users: download pwnkit-windows-x64.exe directly from the latest release. Intel Mac users: install Bun and compile from source (scripts/bun-compile.sh).

Why a binary? The full TUI (mission control + live scan view) is built on OpenTUI, which needs Bun’s runtime. Shipping one self-contained binary is simpler than asking users to install Bun first. The npm package (pwnkit-cli) still exists but is now a redirect that prints these install instructions and exits.

Set up an API key

pwnkit needs an LLM provider to power its agentic pipeline. Set one of these environment variables:

# ChatGPT/Codex subscription auth
export PWNKIT_CHATGPT_OAUTH_REFRESH_TOKEN="..."

# Recommended — one key, many models
export OPENROUTER_API_KEY="sk-or-..."

# Or use a direct provider
export ANTHROPIC_API_KEY="sk-ant-..."
export OPENAI_API_KEY="sk-..."

pwnkit checks for credentials in this order: ChatGPT Codex > OpenRouter > Anthropic > Azure OpenAI > OpenAI. For ChatGPT Codex, run codex login and copy the refresh token from ~/.codex/auth.json into PWNKIT_CHATGPT_OAUTH_REFRESH_TOKEN. For Azure, pwnkit needs both a base URL and a deployment/model name in addition to the key. You can set AZURE_OPENAI_BASE_URL, AZURE_OPENAI_MODEL, and AZURE_OPENAI_WIRE_API explicitly, or let pwnkit reuse a valid Azure-backed ~/.codex/config.toml. For the Responses API, the Azure base URL should include /openai/v1. If the selected API runtime is incomplete, pwnkit now stops with a configuration error instead of running a broken scan. If no provider credentials are set, the api runtime will not work, but you can still use source-review CLI runtimes such as --runtime codex or live scanning through --runtime claude if those CLIs are installed and authenticated.

See API Keys for full details on supported providers.

Your first scan

Scan an LLM API

pwnkit scan --target https://your-app.com/api/chat

This discovers the attack surface, launches targeted attacks (prompt injection, jailbreaks, data exfiltration), verifies every finding, and generates a report — typically in under 5 minutes.

Scan a web application

pwnkit scan --target https://your-app.com --mode web

Runs autonomous pentesting against a web application using a shell-first approach. The agent gets bash as its primary tool and uses curl, python3, bash pipelines, and standard pentesting utilities to probe for CORS misconfigurations, exposed files, SSRF, XSS, SQL injection, SSTI, and other traditional web vulnerabilities. See Architecture for why shell-first beats structured tools.

Audit a package ecosystem target

pwnkit audit lodash
pwnkit audit requests --ecosystem pypi
pwnkit audit serde --ecosystem cargo
pwnkit audit alpine:3.20 --ecosystem oci

Installs the target in a sandbox, runs ecosystem-specific prep plus static analysis, and performs an AI-powered code review.

Review a codebase

# Local directory
pwnkit review ./my-app

# GitHub URL (clones automatically)
pwnkit review https://github.com/user/repo

Auto-detect

You can skip the subcommand entirely. pwnkit figures out what to do:

pwnkit-cli express              # audits npm package
pwnkit-cli ./my-repo            # reviews source code
pwnkit-cli https://github.com/user/repo  # clones and reviews
pwnkit-cli https://example.com/api/chat  # scans LLM API
pwnkit-cli https://example.com --mode web  # pentests web app

Scan depth

Control how thorough the scan is:

Depth	Test Cases	Time
quick	~15	~1 min
default	~50	~3 min
deep	~150	~10 min

# Quick scan for CI
pwnkit scan --target https://api.example.com/chat --depth quick

# Deep audit before launch
pwnkit scan --target https://api.example.com/chat --depth deep

Common scenarios

Scan a REST API with an OpenAPI spec

Point pwnkit at an OpenAPI 3.x or Swagger 2.0 document and it will pre-load every endpoint, parameter schema, and auth requirement before attacking — no crawl phase needed.

pwnkit scan \
  --target https://api.example.com \
  --api-spec ./openapi.yaml \
  --mode web

Authenticated scanning (login-protected app)

Use --auth to pass credentials. Four types are supported: bearer, cookie, basic, and header.

# Bearer token (OAuth / JWT)
pwnkit scan --target https://app.example.com \
  --auth '{"type":"bearer","token":"eyJhbGciOi..."}'

# Session cookie
pwnkit scan --target https://app.example.com \
  --auth '{"type":"cookie","value":"session=abc123"}'

# Custom header (API key)
pwnkit scan --target https://api.example.com \
  --auth '{"type":"header","name":"X-API-Key","value":"sk_live_..."}'

# Or load from a file to avoid leaking to shell history
pwnkit scan --target https://app.example.com --auth ./auth.json

Multi-model ensemble via OpenRouter

Set OPENROUTER_API_KEY and pass --model to mix models across runs. OpenRouter gives you access to Claude, GPT-4, Gemini, Llama, DeepSeek, and more with one key.

export OPENROUTER_API_KEY="sk-or-..."

# Use Claude Sonnet for hard targets
pwnkit scan --target https://example.com --mode web \
  --model anthropic/claude-sonnet-4-5

# Cheap and fast for CI
pwnkit scan --target https://example.com --mode web \
  --model deepseek/deepseek-chat --depth quick

Best-of-N strategy racing

Spawn 5 attack agents in parallel and let the fastest one win. Great for hard targets where a linear attack plan gets stuck.

pwnkit scan --target https://example.com --mode web --race

Kali Docker executor

Enable PWNKIT_FEATURE_DOCKER_EXECUTOR=1 to run every bash command inside a containerized pentest environment. By default, pwnkit now pulls the prebuilt GHCR image ghcr.io/0sec-labs/pwnkit:latest, which already includes Node, Playwright/Chromium, and the standard pentest toolset. No host pollution, reproducible tool versions, and much faster startup than bootstrapping raw Kali on every run.

export PWNKIT_FEATURE_DOCKER_EXECUTOR=1
pwnkit scan --target https://example.com --mode web --verbose

Advanced overrides:

# Force a specific image
export PWNKIT_DOCKER_IMAGE=ghcr.io/0sec-labs/pwnkit:latest

# Force apt-based tool bootstrap even on a custom image
export PWNKIT_DOCKER_BOOTSTRAP_TOOLS=1

Use the raw Kali path only when you explicitly want to debug parity:

export PWNKIT_FEATURE_DOCKER_EXECUTOR=1
export PWNKIT_DOCKER_IMAGE=kalilinux/kali-rolling
export PWNKIT_DOCKER_BOOTSTRAP_TOOLS=1

Export findings to GitHub Issues

Push every confirmed finding to a GitHub repo as a labelled issue with evidence and reproduction steps. Requires a GITHUB_TOKEN with repo scope.

export GITHUB_TOKEN="ghp_..."
pwnkit scan --target https://example.com --mode web \
  --export github:myorg/myrepo

Generate an HTML, Markdown, or PDF report

# HTML (auto-opens in browser)
pwnkit scan --target https://example.com --mode web \
  --depth deep \
  --format html

# Markdown (printed to stdout; pipe to a file)
pwnkit scan --target https://example.com --mode web \
  --depth deep \
  --format md > example-pentest.md

# PDF (auto-opens in your default viewer and saves to a temp file)
pwnkit scan --target https://example.com --mode web \
  --depth deep \
  --format pdf

Next steps

• Commands — full reference for every CLI command
• Configuration — runtime modes, feature flags, and options
• Recipes — real-world scan recipes for common scenarios
• Architecture — how the 4-stage pipeline works