Skip to content

Rogue Cheat Sheet

An intelligent web vulnerability scanner agent powered by Large Language Models - Think like a human penetration tester with AI-driven security testing.

Quick Start

Installation

bash
# Clone the repository
git clone https://github.com/faizann24/rogue
cd rogue

# Install dependencies
pip install -r requirements.txt

# Set up OpenAI API key
export OPENAI_API_KEY='your-openai-key-here'

# Verify installation
python run.py --help

Basic Usage

bash
# Basic scan of a single URL
python run.py -u https://example.com

# Quick security assessment
python run.py -u https://target.com -p 5 -i 3

# Advanced scan with subdomain enumeration
python run.py -u https://example.com -e -s -m o3-mini -i 10

Command Line Options

Required Parameters

bash
# Target URL to test (required)
python run.py -u https://example.com
python run.py --url https://example.com

Security Testing Configuration

bash
# Number of security test plans per page
python run.py -u https://target.com -p 10      # 10 specific plans
python run.py -u https://target.com -p -1      # Unlimited plans (15-25+)

# Maximum iterations per security plan
python run.py -u https://target.com -i 5       # Quick scan
python run.py -u https://target.com -i 10      # Standard scan
python run.py -u https://target.com -i 20      # Deep scan

# LLM model selection
python run.py -u https://target.com -m o4-mini     # Default, fast
python run.py -u https://target.com -m o3-mini     # Enhanced reasoning
python run.py -u https://target.com -m o1-preview  # Advanced analysis

Scope and Discovery Options

bash
# Test discovered URLs recursively
python run.py -u https://target.com -e

# Enumerate and test subdomains
python run.py -u https://target.com -s

# Combine scope expansion options
python run.py -u https://target.com -e -s

# Custom output directory
python run.py -u https://target.com -o my_scan_results

Testing Strategies

Quick Security Assessment

bash
# Fast scan with focused plans
python run.py -u https://target.com -p 5 -i 3

# Quick subdomain check
python run.py -u https://target.com -s -p 3 -i 2

# Rapid reconnaissance
python run.py -u https://target.com -e -p 5 -i 3

Standard Security Audit

bash
# Balanced depth and speed
python run.py -u https://target.com -p 10 -i 8

# Standard with subdomain enumeration
python run.py -u https://target.com -s -p 10 -i 8

# Standard with URL expansion
python run.py -u https://target.com -e -p 10 -i 10

Comprehensive Security Testing

bash
# Unlimited plans with thorough testing
python run.py -u https://target.com -p -1 -i 10 -e -s

# Deep analysis with maximum iterations
python run.py -u https://target.com -p 20 -i 15 -e -m o1-preview

# Full scope comprehensive audit
python run.py -u https://target.com -p -1 -i 12 -e -s -m o3-mini

Targeted Vulnerability Research

bash
# Maximum depth analysis
python run.py -u https://target.com -p -1 -i 20 -m o1-preview

# Technology-specific testing
python run.py -u https://target.com -p 15 -i 12 -e

# Bug bounty hunting setup
python run.py -u https://target.com -p -1 -i 15 -e -s -m o3-mini

LLM Model Selection

o4-mini (Default)

bash
# Fast and cost-effective scanning
python run.py -u https://target.com -m o4-mini

# Good for standard web applications
python run.py -u https://target.com -m o4-mini -p 10 -i 8

# Balanced performance and accuracy
python run.py -u https://target.com -m o4-mini -e -s

o3-mini (Enhanced)

bash
# Enhanced reasoning capabilities
python run.py -u https://target.com -m o3-mini

# Better for complex applications
python run.py -u https://target.com -m o3-mini -p 15 -i 10

# Improved payload generation
python run.py -u https://target.com -m o3-mini -p -1 -i 12

o1-preview (Advanced)

bash
# Advanced analytical capabilities
python run.py -u https://target.com -m o1-preview

# Maximum accuracy and depth
python run.py -u https://target.com -m o1-preview -p 20 -i 15

# Sophisticated target analysis
python run.py -u https://target.com -m o1-preview -p -1 -i 20 -e -s

Advanced Usage Patterns

Subdomain Security Assessment

bash
# Discover and test all subdomains
python run.py -u https://target.com -s -p 10 -i 7

# Comprehensive subdomain analysis
python run.py -u https://target.com -s -p -1 -i 10 -m o3-mini

# Quick subdomain reconnaissance
python run.py -u https://target.com -s -p 5 -i 3

URL Discovery and Testing

bash
# Recursive URL testing
python run.py -u https://target.com -e -p 12 -i 8

# Deep URL exploration
python run.py -u https://target.com -e -p -1 -i 15

# Combined discovery approach
python run.py -u https://target.com -e -s -p 15 -i 10

Custom Output Management

bash
# Organize results by target and date
python run.py -u https://target.com -o "results/target_$(date +%Y%m%d)"

# Custom directory structure
python run.py -u https://target.com -o "scans/$(basename $URL)_scan"

# Multiple target organization
python run.py -u https://target.com -o "audits/comprehensive_$(date +%Y%m%d_%H%M)"

Environment Setup

API Key Configuration

bash
# Set OpenAI API key (required)
export OPENAI_API_KEY='sk-your-api-key-here'

# Verify API key is set
echo $OPENAI_API_KEY

# Alternative: Create .env file
echo "OPENAI_API_KEY=sk-your-api-key-here" > .env

# Persistent configuration
echo 'export OPENAI_API_KEY="sk-your-api-key-here"' >> ~/.bashrc
source ~/.bashrc

System Dependencies

bash
# Ubuntu/Debian
sudo apt-get update
sudo apt-get install python3 python3-pip

# Install Playwright dependencies
playwright install

# CentOS/RHEL
sudo yum install python3 python3-pip

# macOS (with Homebrew)
brew install python3
pip3 install playwright
playwright install

Security Testing Modes

Plan Generation Strategies

bash
# Limited Plans - Specific number of focused tests
python run.py -u https://target.com -p 5    # 5 targeted tests
python run.py -u https://target.com -p 10   # 10 focused plans
python run.py -u https://target.com -p 15   # 15 comprehensive plans

# Unlimited Plans - Maximum coverage with CVE intelligence
python run.py -u https://target.com -p -1   # 15-25+ plans with CVE data

Iteration Depth Control

bash
# Quick Scan (3-5 iterations)
python run.py -u https://target.com -i 3    # Surface-level testing
python run.py -u https://target.com -i 5    # Fast vulnerability discovery

# Standard Scan (8-12 iterations)
python run.py -u https://target.com -i 8    # Balanced approach
python run.py -u https://target.com -i 10   # Recommended depth
python run.py -u https://target.com -i 12   # Thorough validation

# Deep Scan (15-20 iterations)
python run.py -u https://target.com -i 15   # Exhaustive testing
python run.py -u https://target.com -i 20   # Maximum exploitation attempts

Output and Reporting

Result Analysis

bash
# Check generated reports
ls security_results/
cat security_results/report.txt
cat security_results/report.md

# View detailed findings
less security_results/detailed_findings.txt

# Copy results to another location
cp -r security_results/ /path/to/reports/$(date +%Y%m%d)

Report Structure

bash
# Each scan generates:
# - Executive summary
# - Detailed findings with severity ratings
# - Technical details and reproduction steps
# - Evidence and impact analysis
# - Remediation recommendations

Common Use Cases

Web Application Security Testing

bash
# Standard web app assessment
python run.py -u https://webapp.com -p 10 -i 8

# E-commerce platform testing
python run.py -u https://shop.com -p 15 -i 10 -e

# API endpoint testing
python run.py -u https://api.service.com -p 12 -i 8

Bug Bounty Hunting

bash
# Comprehensive bug bounty scan
python run.py -u https://target.com -p -1 -i 15 -e -s -m o3-mini

# Quick reconnaissance for multiple targets
for url in $(cat targets.txt); do
    python run.py -u "$url" -p 5 -i 3 -o "bounty_$(basename $url)"
done

# Deep analysis of promising targets
python run.py -u https://target.com -p 20 -i 18 -e -s -m o1-preview

Penetration Testing

bash
# Initial vulnerability assessment
python run.py -u https://target.com -p 12 -i 10 -e -s

# Focused exploitation testing
python run.py -u https://target.com -p -1 -i 20 -m o1-preview

# Comprehensive penetration test
python run.py -u https://target.com -p -1 -i 15 -e -s -m o3-mini

Troubleshooting

Common Issues

bash
# API key not set
export OPENAI_API_KEY='your-key-here'

# Missing dependencies
pip install -r requirements.txt
playwright install

# Permission issues
chmod +x run.py
sudo chown $USER:$USER -R rogue/

# Python version issues
python3 --version  # Should be 3.8+
pip3 install -r requirements.txt

Debug and Monitoring

bash
# Enable verbose output
python run.py -u https://target.com --verbose

# Monitor network traffic
python run.py -u https://target.com --debug-proxy

# Check system compatibility
python3 -c "import playwright; print('Playwright OK')"
python3 -c "import openai; print('OpenAI OK')"

Performance Optimization

Efficient Scanning

bash
# Use faster models for initial screening
python run.py -u https://target.com -m o4-mini -p 5 -i 3

# Optimize for speed
python run.py -u https://target.com -p 8 -i 5

# Balance speed and thoroughness
python run.py -u https://target.com -m o3-mini -p 10 -i 8

Resource Management

bash
# Limit iterations for large applications
python run.py -u https://target.com -i 10

# Manage API costs
python run.py -u https://target.com -m o4-mini -p 8

# Batch processing multiple targets
for target in $(cat targets.txt); do
    python run.py -u "$target" -p 5 -i 5 -o "batch_$(date +%H%M%S)"
    sleep 30  # Rate limiting
done

Integration Examples

CI/CD Pipeline

bash
# GitHub Actions integration
name: Security Scan
run: |
  export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }}
  python run.py -u ${{ env.TARGET_URL }} -p 8 -i 5
  
# Jenkins integration
sh '''
export OPENAI_API_KEY=${OPENAI_API_KEY}
python run.py -u ${TARGET_URL} -p 10 -i 8 -o "jenkins_${BUILD_NUMBER}"
'''

Automated Security Testing

bash
# Daily security scans
#!/bin/bash
export OPENAI_API_KEY="your-key-here"
python run.py -u https://production.com -p 8 -i 6 -o "daily_$(date +%Y%m%d)"

# Weekly comprehensive audit
python run.py -u https://production.com -p -1 -i 12 -e -s -o "weekly_$(date +%Y%m%d)"

Best Practices

Effective Usage

bash
# Start with quick assessment
python run.py -u https://target.com -p 5 -i 3

# Progress to standard scan
python run.py -u https://target.com -p 10 -i 8

# Deep dive on interesting findings
python run.py -u https://target.com -p -1 -i 15 -m o1-preview

# Always include scope expansion for thorough testing
python run.py -u https://target.com -e -s

Security and Ethics

bash
# Always obtain proper authorization before testing
# Use responsibly and ethically
# Follow security testing best practices
# Be mindful of potential impact on target systems
# Document all findings properly
# Report vulnerabilities through appropriate channels

Repository: https://github.com/faizann24/rogue
License: GPL-3.0
Language: Python
Stars: 324+ | Forks: 33+