Rename Hightower to Trebuchet in README.md
This commit is contained in:
@@ -1,19 +1,19 @@
|
|||||||
<div align="center">
|
<div align="center">
|
||||||
|
|
||||||
# Hightower — AI Pentester
|
# Trebuchet — AI Pentester
|
||||||
|
|
||||||
Hightower is a fork of [Shannon](https://github.com/KeygraphHQ/shannon) by Keygraph, wrapped with a REST API and Kubernetes tooling for cluster-based deployments.
|
Trebuchet is a fork of [Shannon](https://github.com/KeygraphHQ/shannon) by Keygraph, wrapped with a REST API and Kubernetes tooling for cluster-based deployments.
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
## What is Hightower?
|
## What is Trebuchet?
|
||||||
|
|
||||||
Hightower is an API-driven AI pentester built on top of Shannon's autonomous penetration testing engine. It performs white-box security testing of web applications and APIs by combining source code analysis with live exploitation.
|
Trebuchet is an API-driven AI pentester built on top of Shannon's autonomous penetration testing engine. It performs white-box security testing of web applications and APIs by combining source code analysis with live exploitation.
|
||||||
|
|
||||||
Unlike the upstream Shannon CLI, Hightower is designed to run as a service on Kubernetes — scans are triggered via REST API, orchestrated by Temporal, and executed in ephemeral worker pods.
|
Unlike the upstream Shannon CLI, Trebuchet is designed to run as a service on Kubernetes — scans are triggered via REST API, orchestrated by Temporal, and executed in ephemeral worker pods.
|
||||||
|
|
||||||
> [!IMPORTANT]
|
> [!IMPORTANT]
|
||||||
> **White-box only.** Hightower expects access to your application's source code and repository layout.
|
> **White-box only.** Trebuchet expects access to your application's source code and repository layout.
|
||||||
|
|
||||||
## Features
|
## Features
|
||||||
|
|
||||||
@@ -26,7 +26,7 @@ Unlike the upstream Shannon CLI, Hightower is designed to run as a service on Ku
|
|||||||
|
|
||||||
## Architecture
|
## Architecture
|
||||||
|
|
||||||
Hightower uses a multi-agent architecture that combines white-box source code analysis with dynamic exploitation across five phases:
|
Trebuchet uses a multi-agent architecture that combines white-box source code analysis with dynamic exploitation across five phases:
|
||||||
|
|
||||||
```
|
```
|
||||||
+----------------------+
|
+----------------------+
|
||||||
@@ -88,11 +88,11 @@ Shannon Lite scored **96.15% (100/104 exploits)** on a hint-free, source-aware v
|
|||||||
## Disclaimers
|
## Disclaimers
|
||||||
|
|
||||||
> [!WARNING]
|
> [!WARNING]
|
||||||
> **DO NOT run Hightower on production environments.**
|
> **DO NOT run Trebuchet on production environments.**
|
||||||
> It actively executes attacks to confirm vulnerabilities. Use only on sandboxed, staging, or local development environments.
|
> It actively executes attacks to confirm vulnerabilities. Use only on sandboxed, staging, or local development environments.
|
||||||
|
|
||||||
> [!CAUTION]
|
> [!CAUTION]
|
||||||
> **You must have explicit, written authorization** from the owner of the target system before running Hightower. Unauthorized scanning is illegal.
|
> **You must have explicit, written authorization** from the owner of the target system before running Trebuchet. Unauthorized scanning is illegal.
|
||||||
|
|
||||||
- **Verification is Required**: Human oversight is essential to validate all reported findings. LLMs can still generate hallucinated content.
|
- **Verification is Required**: Human oversight is essential to validate all reported findings. LLMs can still generate hallucinated content.
|
||||||
- **Targeted Vulnerabilities**: Broken Authentication & Authorization, Injection, XSS, SSRF.
|
- **Targeted Vulnerabilities**: Broken Authentication & Authorization, Injection, XSS, SSRF.
|
||||||
|
|||||||
Reference in New Issue
Block a user