AI writes the code.
Nightfang hacks it.

Open-source agentic harness for autonomous security research.

Agents that read code, craft attacks, and re-exploit to kill false positives · Built from 7 real CVEs in packages with 40M+ downloads


npx nightfang scan --target https://your-app.com/api/chat

View on GitHub

Nightfang scanning a target and finding vulnerabilities

Terminal

$ npx nightfang scan --target https://demo.app/api/chat

nightfang v0.1.0

Target: https://demo.app/api/chat

▸ Discover Found 3 endpoints, 2 MCP tools, system prompt extracted

▸ Attack Ran 47 test cases across 6 categories

▸ Verify Confirmed 4 of 7 findings (3 false positives eliminated)

▸ Report Written to ./nightfang-report/

4 verified vulnerabilities found.

ID	Finding	Risk	Conf
NF-001	Direct prompt injection	HIGH	99%
NF-002	System prompt extraction	MED	95%
NF-003	MCP tool SSRF via fetch_url	HIGH	97%
NF-004	PII leak in chat context	HIGH	92%

One toolkit. Five attack surfaces.

From LLM endpoints to npm packages to git repos — nightfang finds what scanners miss.

LLM Endpoints

ChatGPT, Claude, Llama APIs, custom chatbots

MCP Servers

Tool schemas, validation, auth, poisoning

npm Packages

Supply chain, malicious code, dependency risk

Source Code

Local repos, GitHub URLs, deep AI audit

Web Apps

AI copilots, RAG pipelines, agent APIs

Five commands. Full coverage.

Each command is purpose-built for a different attack surface. Zero config, instant results.

scan

Probe LLM endpoints & MCP servers

Discovers vulnerabilities in AI endpoints with 47+ test cases across prompt injection, jailbreaks, tool poisoning, data exfiltration, and more. Supports probe, deep, and MCP modes.

--mode probe|deep|mcp --depth quick|default|deep --agentic

npx nightfang scan --target <url>

audit

Audit npm packages for malicious code

Installs a package in a sandbox, runs semgrep static analysis plus AI-powered code review. Catches supply chain attacks, backdoors, and dependency vulnerabilities.

--version <ver> --depth quick|default|deep

npx nightfang audit <package>

review

Deep security audit of source code

Security-focused code review of local repos or GitHub URLs. Multiple AI runtimes analyze your entire codebase and output SARIF, Markdown, and JSON reports.

npx nightfang review <repo>

findings

Query and inspect verified findings

Filter findings by severity, category, and status. Inspect individual findings with full evidence chains and proof artifacts. Track the lifecycle from discovered to confirmed.

list --severity critical show NF-001

npx nightfang findings list

history

Browse past scan results

Query the local SQLite database for previous scans. See status, depth, findings count, and duration for every run. Track your security posture over time.

--limit 20 --db-path ./custom.db

npx nightfang history

One command, zero config

No YAML files. No Python environments. Just npx nightfang scan and you're running.

Zero false positives

Every finding is re-exploited with proof before it hits the report. No more triaging 200 "possible prompt injections."

$0.05 per CI scan

Quick scans in under a minute. Deep audits for $1. Cheaper than one hour of manual pentesting.

LLM agnostic

Works with any model — Claude, GPT, Ollama, Gemini, or your own fine-tune. Swap providers without changing a single config line.

Autonomous agents. One pipeline.

Each agent is specialized for a phase of the security audit. They work in sequence, building on each other's output.

DISCOVER
Recon
→ATTACK
Offense
→VERIFY
Validate
→REPORT
Output

01 · Discover

Map the attack surface

Maps endpoints, extracts system prompts, detects models, enumerates tools.

• API mapping
• System prompt extraction
• Model fingerprinting

02 · Attack

Agentic multi-turn attacks

AI agent crafts and adapts payloads across injection, jailbreaks, exfiltration, tool poisoning.

• Adaptive payloads
• Multi-turn conversations
• Response-aware pivoting

03 · Verify

Re-exploit. Kill false positives.

Every finding gets independently reproduced. If it can't be reproduced, it's dropped.

• Independent re-exploitation
• Proof artifacts
• Confidence scoring

04 · Report

SARIF, JSON, Markdown

Plugs into GitHub Security tab, CI pipelines, and human review. Severity, remediation, full evidence.

• GitHub Security tab
• CI/CD integration
• Remediation guidance

What it tests for

30+ agentic attack scenarios across 7 categories. Every finding verified with a working exploit.

Prompt Injection

Direct, indirect, multi-turn, encoding bypass

System Prompt Extraction

5 techniques including completion traps

Jailbreak Resistance

DAN, base64 encoding, multilingual, few-shot

Data Exfiltration

PII leakage, credential extraction

MCP / Tool Security

Tool enumeration, unauthorized calls, SSRF

CLI

npm Package Audit

Dependency vulnerabilities, supply chain

CLI

Source Code Review

AI-powered deep analysis with semgrep

How it compares

Independent. Open source. No vendor lock-in.

Feature	Nightfang	promptfoo (acquired by OpenAI)	garak	nuclei	Semgrep
Autonomous multi-agent	Agentic pipeline	—	—	—	—
Verification (no false positives)	Re-exploits	—	—	—	—
LLM endpoint scanning	✓	✓	✓	—	—
MCP server security	✓	—	—	—	—
npm package audit	✓	—	—	—	Rules
Source code review	AI-powered	—	—	—	Rules
Web/API scanning	✓	—	—	✓	—
AI attack coverage	30+ agentic	Partial	Partial	—	—
Zero config	npx	YAML	Python	Templates	Config
Independent	✓	Acquired	✓	✓	VC-backed
Open source	MIT	OpenAI-owned	OSS	MIT	LGPL

Drops into your CI/CD

Findings show up directly in GitHub's Security tab.

.github/workflows/nightfang.yml

name: AI Security Scan
on: [push, pull_request]

jobs:
  nightfang:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Nightfang
        uses: peaktwilight/nightfang/action@v1
        with:
          target: $${{ secrets.STAGING_API_URL }}
      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: nightfang-report/report.sarif

Nightfang reviews its own source code

Every 6 hours via GitHub Actions

Nightfang runs nightfang review . on its own repository. The same agentic pipeline that found 7 CVEs — pointed at itself. If it finds something, you'll see it here.

View CI runs

Add this badge to your repo — it links back to nightfang.dev:

[![nightfang](https://nightfang.dev/badge/YOUR_ORG/YOUR_REPO)](https://nightfang.dev)

Built from real security research

Nightfang started as an internal framework. It found 7 CVEs in packages with 40M+ weekly downloads before I open-sourced it.

node-forge 32M/week mysql2 5M/week Uptime Kuma 86K stars LiquidJS CVE jsPDF 2 CVEs picomatch CVE

Full CVE writeups

Stop guessing.
Start proving.

Five commands. Real vulnerabilities. Proof of exploitability.


npx nightfang scan --target <url>

Star on GitHub

AI writes the code.Nightfang hacks it.