Open-source
agentic security
research automation

Four autonomous AI agents scan your endpoints, audit your packages, and review your code — then prove every finding is exploitable.


npx nightfang scan --target https://your-app.com/api/chat

View on GitHub

Nightfang scanning a target and finding vulnerabilities

Terminal

$ npx nightfang scan --target https://demo.app/api/chat

nightfang v0.1.0

Target: https://demo.app/api/chat

▸ Discover Found 3 endpoints, 2 MCP tools, system prompt extracted

▸ Attack Ran 47 test cases across 6 categories

▸ Verify Confirmed 4 of 7 findings (3 false positives eliminated)

▸ Report Written to ./nightfang-report/

4 verified vulnerabilities found.

ID	Finding	Risk	Conf
NF-001	Direct prompt injection	HIGH	99%
NF-002	System prompt extraction	MED	95%
NF-003	MCP tool SSRF via fetch_url	HIGH	97%
NF-004	PII leak in chat context	HIGH	92%

One toolkit. Five attack surfaces.

From LLM endpoints to npm packages to git repos — nightfang finds what scanners miss.

LLM Endpoints

ChatGPT, Claude, Llama APIs, custom chatbots

MCP Servers

Tool schemas, validation, auth, poisoning

npm Packages

Supply chain, malicious code, dependency risk

Source Code

Local repos, GitHub URLs, deep AI audit

Web Apps

AI copilots, RAG pipelines, agent APIs

Five commands. Full coverage.

Each command is purpose-built for a different attack surface. Zero config, instant results.

scan

Probe LLM endpoints & MCP servers

Discovers vulnerabilities in AI endpoints with 47+ test cases across prompt injection, jailbreaks, tool poisoning, data exfiltration, and more. Supports probe, deep, and MCP modes.

--mode probe|deep|mcp --depth quick|default|deep --agentic

npx nightfang scan --target <url>

audit

Audit npm packages for malicious code

Installs a package in a sandbox, runs semgrep static analysis plus AI-powered code review. Catches supply chain attacks, backdoors, and dependency vulnerabilities.

--version <ver> --depth quick|default|deep

npx nightfang audit <package>

review

Deep security audit of source code

Security-focused code review of local repos or GitHub URLs. Multiple AI runtimes analyze your entire codebase and output SARIF, Markdown, and JSON reports.

npx nightfang review <repo>

findings

Query and inspect verified findings

Filter findings by severity, category, and status. Inspect individual findings with full evidence chains and proof artifacts. Track the lifecycle from discovered to confirmed.

list --severity critical show NF-001

npx nightfang findings list

history

Browse past scan results

Query the local SQLite database for previous scans. See status, depth, findings count, and duration for every run. Track your security posture over time.

--limit 20 --db-path ./custom.db

npx nightfang history

One command, zero config

No YAML files. No Python environments. Just npx nightfang scan and you're running.

Zero false positives

Every finding is re-exploited with proof before it hits the report. No more triaging 200 "possible prompt injections."

$0.05 per CI scan

Quick scans in under a minute. Deep audits for $1. Cheaper than one hour of manual pentesting.

LLM agnostic

Works with any model — Claude, GPT, Ollama, Gemini, or your own fine-tune. Swap providers without changing a single config line.

Four agents. One pipeline.

Each agent is specialized for a phase of the security audit. They work in sequence, building on each other's output.

DISCOVER
Recon
→ATTACK
Offense
→VERIFY
Validate
→REPORT
Output

01 · Discover

Map the attack surface

Crawls every endpoint, extracts system prompts, enumerates MCP tool schemas, identifies auth flows and model configurations. Builds a complete target map before any attack begins.

• API surface mapping
• System prompt extraction
• MCP tool enumeration
• Auth flow detection
• Model fingerprinting

02 · Attack

42+ templates, multi-turn

Runs injection, jailbreaks, tool poisoning, data exfiltration, and more. Adapts attack strategy based on target responses. Multi-turn conversations to bypass defenses that block single-shot attempts.

• 42+ attack templates
• Adaptive multi-turn
• AI attack coverage
• Response-aware pivoting
• Encoding bypass chains

03 · Verify

Re-exploit. Kill false positives.

Every finding gets re-exploited independently to confirm it's real. Captures full proof artifacts — request/response pairs, extracted data, reproduction steps. If it can't be proven, it doesn't make the report.

• Independent re-exploitation
• Proof artifact capture
• Confidence scoring
• Reproduction steps
• Evidence chains

04 · Report

SARIF, JSON, Markdown

SARIF for GitHub Security tab integration. JSON for CI/CD pipelines and automation. Markdown for human review. Every format includes severity, remediation guidance, and full proof of exploit.

• SARIF → GitHub Security tab
• JSON → CI/CD pipelines
• Markdown → human review
• Remediation guidance
• Severity classification

What it tests for

30+ attack templates across 7 categories. Every finding verified with a working exploit.

Prompt Injection

Direct, indirect, multi-turn, encoding bypass

System Prompt Extraction

5 techniques including completion traps

Jailbreak Resistance

DAN, base64 encoding, multilingual, few-shot

Data Exfiltration

PII leakage, credential extraction

MCP / Tool Security

Tool enumeration, unauthorized calls, SSRF

CLI

npm Package Audit

Dependency vulnerabilities, supply chain

CLI

Source Code Review

AI-powered deep analysis with semgrep

How it compares

Independent. Open source. No vendor lock-in.

Feature	Nightfang	promptfoo (acquired by OpenAI)	garak	nuclei	Semgrep
Autonomous multi-agent	4 agents	—	—	—	—
Verification (no false positives)	Re-exploits	—	—	—	—
LLM endpoint scanning	✓	✓	✓	—	—
MCP server security	✓	—	—	—	—
npm package audit	✓	—	—	—	Rules
Source code review	AI-powered	—	—	—	Rules
Web/API scanning	✓	—	—	✓	—
AI attack coverage	30+ templates	Partial	Partial	—	—
Zero config	npx	YAML	Python	Templates	Config
Independent	✓	Acquired	✓	✓	VC-backed
Open source	MIT	OpenAI-owned	OSS	MIT	LGPL

Drops into your CI/CD

Findings show up directly in GitHub's Security tab.

.github/workflows/nightfang.yml

name: AI Security Scan
on: [push, pull_request]

jobs:
  nightfang:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Nightfang
        uses: peaktwilight/nightfang/action@v1
        with:
          target: $${{ secrets.STAGING_API_URL }}
      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: nightfang-report/report.sarif

Nightfang scans itself

Every 6 hours via GitHub Actions

Nightfang audits its own dependencies using its own audit pipeline. Real scan, real results, no staging.

Add this badge to your repo:

[![nightfang](https://nightfang.dev/badge/YOUR_ORG/YOUR_REPO)](https://github.com/YOUR_ORG/YOUR_REPO/actions)

Stage	Status	Details
Install	Completed	Dependencies audited
npm audit	Completed	Advisories checked
Semgrep	Completed	Static analysis done
AI analysis	Completed	Source code reviewed via OpenRouter

View live results

Built from real security research

Nightfang started as an internal framework. It found 7 CVEs in packages with 40M+ weekly downloads before I open-sourced it.

node-forge 32M/week mysql2 5M/week Uptime Kuma 86K stars LiquidJS CVE jsPDF 2 CVEs picomatch CVE

Full CVE writeups

Stop guessing.
Start proving.

Five commands. Real vulnerabilities. Proof of exploitability.


npx nightfang scan --target <url>

Star on GitHub

Open-sourceagentic securityresearch automation