Description: Open-source pentest platform with a multi-AI agent, real-time findings stream, and PDF reports. Your data never leaves your server.
llobster (codename lobsteks) is an open-source web security scanner built for teams who want AI-assisted penetration testing without sending their data to someone else's cloud.
You point it at a target you're authorized to test. The AI agent figures out the rest.
What it does
- Crawls your target and finds forms, parameters, and endpoints
- Uses an AI agent to decide what to test next — XSS, SQLi, open ports, subdomains
- Streams every finding to your browser in real time via WebSocket
- Generates a structured PDF report when done
- Keeps everything — scan history, findings, AI keys — on your server
Pick your AI, mix and match
Works with Claude, GPT-4o, Gemini, Groq, Mistral, Ollama (local/offline), OpenRouter, or any OpenAI-compatible endpoint.
You can even split roles per scan — fast free Groq for orchestration, Claude for deep analysis:
@groq scan subdomains, @claude analyze SQL findings
For authorized testing only — your own systems or targets with explicit written permission.