Rogue: AI-Driven Web App Scanner Leveraging OpenAI For Analysis

Faizan Ahmad, a security expert at Meta, launched Rogue on GitHub under the GPL-3.0 license.

This Python-based tool uses OpenAI models such as o4-mini, o3-mini, and o1-preview to find web vulnerabilities more effectively than older scanners.

Rogue acts like a human tester by studying app behavior and creating custom attacks. It needs Python 3.8+, an OpenAI key, and Playwright for browser tasks.​

Old tools check fixed lists of flaws and give many false alerts. Rogue builds test plans from app details, pulls known issues from CISA’s Exploited Vulnerabilities List, and checks for exploits to reduce errors.

Its proxy watches all traffic while the Scanner interacts with pages. Reports include summaries, severity levels, steps to repeat flaws, proof, impacts, and fixes.

Modular Design For Smart Scans

Rogue splits work into parts: Agent runs the show, Planner makes LLM test plans, Scanner grabs data via Playwright, Proxy tracks network flow, Reporter checks results, and Tools run exploits.

Users pick plans with -p 10 for quick checks or -p -1 for full coverage with CVE smarts. Set iterations via -i 5 for fast scans or -i 20 for deep probes.

Turn on -e to follow new URLs, or -s to map subdomains for bigger sites. o4-mini suits basic jobs, o3-mini boosts logic, and o1-preview handles tough apps.

Community Buzz and Next Steps

The repo gained 317 stars and 33 forks since June 2025. Security pros share tips on X and LinkedIn.

Todos cover Claude support, vision tools, HackerOne tests, and API scans.

Always get permission before scans to stay ethical rogue shifts pentesting to AI smarts, aiding bug hunts and audits.

​