Appearance
Rogue Cheat Sheet
An intelligent web vulnerability scanner agent powered by Large Language Models - Think like a human penetration tester with AI-driven security testing.
Quick Start
Installation
bash
# Clone the repository
git clone https://github.com/faizann24/rogue
cd rogue
# Install dependencies
pip install -r requirements.txt
# Set up OpenAI API key
export OPENAI_API_KEY='your-openai-key-here'
# Verify installation
python run.py --help
Basic Usage
bash
# Basic scan of a single URL
python run.py -u https://example.com
# Quick security assessment
python run.py -u https://target.com -p 5 -i 3
# Advanced scan with subdomain enumeration
python run.py -u https://example.com -e -s -m o3-mini -i 10
Command Line Options
Required Parameters
bash
# Target URL to test (required)
python run.py -u https://example.com
python run.py --url https://example.com
Security Testing Configuration
bash
# Number of security test plans per page
python run.py -u https://target.com -p 10 # 10 specific plans
python run.py -u https://target.com -p -1 # Unlimited plans (15-25+)
# Maximum iterations per security plan
python run.py -u https://target.com -i 5 # Quick scan
python run.py -u https://target.com -i 10 # Standard scan
python run.py -u https://target.com -i 20 # Deep scan
# LLM model selection
python run.py -u https://target.com -m o4-mini # Default, fast
python run.py -u https://target.com -m o3-mini # Enhanced reasoning
python run.py -u https://target.com -m o1-preview # Advanced analysis
Scope and Discovery Options
bash
# Test discovered URLs recursively
python run.py -u https://target.com -e
# Enumerate and test subdomains
python run.py -u https://target.com -s
# Combine scope expansion options
python run.py -u https://target.com -e -s
# Custom output directory
python run.py -u https://target.com -o my_scan_results
Testing Strategies
Quick Security Assessment
bash
# Fast scan with focused plans
python run.py -u https://target.com -p 5 -i 3
# Quick subdomain check
python run.py -u https://target.com -s -p 3 -i 2
# Rapid reconnaissance
python run.py -u https://target.com -e -p 5 -i 3
Standard Security Audit
bash
# Balanced depth and speed
python run.py -u https://target.com -p 10 -i 8
# Standard with subdomain enumeration
python run.py -u https://target.com -s -p 10 -i 8
# Standard with URL expansion
python run.py -u https://target.com -e -p 10 -i 10
Comprehensive Security Testing
bash
# Unlimited plans with thorough testing
python run.py -u https://target.com -p -1 -i 10 -e -s
# Deep analysis with maximum iterations
python run.py -u https://target.com -p 20 -i 15 -e -m o1-preview
# Full scope comprehensive audit
python run.py -u https://target.com -p -1 -i 12 -e -s -m o3-mini
Targeted Vulnerability Research
bash
# Maximum depth analysis
python run.py -u https://target.com -p -1 -i 20 -m o1-preview
# Technology-specific testing
python run.py -u https://target.com -p 15 -i 12 -e
# Bug bounty hunting setup
python run.py -u https://target.com -p -1 -i 15 -e -s -m o3-mini
LLM Model Selection
o4-mini (Default)
bash
# Fast and cost-effective scanning
python run.py -u https://target.com -m o4-mini
# Good for standard web applications
python run.py -u https://target.com -m o4-mini -p 10 -i 8
# Balanced performance and accuracy
python run.py -u https://target.com -m o4-mini -e -s
o3-mini (Enhanced)
bash
# Enhanced reasoning capabilities
python run.py -u https://target.com -m o3-mini
# Better for complex applications
python run.py -u https://target.com -m o3-mini -p 15 -i 10
# Improved payload generation
python run.py -u https://target.com -m o3-mini -p -1 -i 12
o1-preview (Advanced)
bash
# Advanced analytical capabilities
python run.py -u https://target.com -m o1-preview
# Maximum accuracy and depth
python run.py -u https://target.com -m o1-preview -p 20 -i 15
# Sophisticated target analysis
python run.py -u https://target.com -m o1-preview -p -1 -i 20 -e -s
Advanced Usage Patterns
Subdomain Security Assessment
bash
# Discover and test all subdomains
python run.py -u https://target.com -s -p 10 -i 7
# Comprehensive subdomain analysis
python run.py -u https://target.com -s -p -1 -i 10 -m o3-mini
# Quick subdomain reconnaissance
python run.py -u https://target.com -s -p 5 -i 3
URL Discovery and Testing
bash
# Recursive URL testing
python run.py -u https://target.com -e -p 12 -i 8
# Deep URL exploration
python run.py -u https://target.com -e -p -1 -i 15
# Combined discovery approach
python run.py -u https://target.com -e -s -p 15 -i 10
Custom Output Management
bash
# Organize results by target and date
python run.py -u https://target.com -o "results/target_$(date +%Y%m%d)"
# Custom directory structure
python run.py -u https://target.com -o "scans/$(basename $URL)_scan"
# Multiple target organization
python run.py -u https://target.com -o "audits/comprehensive_$(date +%Y%m%d_%H%M)"
Environment Setup
API Key Configuration
bash
# Set OpenAI API key (required)
export OPENAI_API_KEY='sk-your-api-key-here'
# Verify API key is set
echo $OPENAI_API_KEY
# Alternative: Create .env file
echo "OPENAI_API_KEY=sk-your-api-key-here" > .env
# Persistent configuration
echo 'export OPENAI_API_KEY="sk-your-api-key-here"' >> ~/.bashrc
source ~/.bashrc
System Dependencies
bash
# Ubuntu/Debian
sudo apt-get update
sudo apt-get install python3 python3-pip
# Install Playwright dependencies
playwright install
# CentOS/RHEL
sudo yum install python3 python3-pip
# macOS (with Homebrew)
brew install python3
pip3 install playwright
playwright install
Security Testing Modes
Plan Generation Strategies
bash
# Limited Plans - Specific number of focused tests
python run.py -u https://target.com -p 5 # 5 targeted tests
python run.py -u https://target.com -p 10 # 10 focused plans
python run.py -u https://target.com -p 15 # 15 comprehensive plans
# Unlimited Plans - Maximum coverage with CVE intelligence
python run.py -u https://target.com -p -1 # 15-25+ plans with CVE data
Iteration Depth Control
bash
# Quick Scan (3-5 iterations)
python run.py -u https://target.com -i 3 # Surface-level testing
python run.py -u https://target.com -i 5 # Fast vulnerability discovery
# Standard Scan (8-12 iterations)
python run.py -u https://target.com -i 8 # Balanced approach
python run.py -u https://target.com -i 10 # Recommended depth
python run.py -u https://target.com -i 12 # Thorough validation
# Deep Scan (15-20 iterations)
python run.py -u https://target.com -i 15 # Exhaustive testing
python run.py -u https://target.com -i 20 # Maximum exploitation attempts
Output and Reporting
Result Analysis
bash
# Check generated reports
ls security_results/
cat security_results/report.txt
cat security_results/report.md
# View detailed findings
less security_results/detailed_findings.txt
# Copy results to another location
cp -r security_results/ /path/to/reports/$(date +%Y%m%d)
Report Structure
bash
# Each scan generates:
# - Executive summary
# - Detailed findings with severity ratings
# - Technical details and reproduction steps
# - Evidence and impact analysis
# - Remediation recommendations
Common Use Cases
Web Application Security Testing
bash
# Standard web app assessment
python run.py -u https://webapp.com -p 10 -i 8
# E-commerce platform testing
python run.py -u https://shop.com -p 15 -i 10 -e
# API endpoint testing
python run.py -u https://api.service.com -p 12 -i 8
Bug Bounty Hunting
bash
# Comprehensive bug bounty scan
python run.py -u https://target.com -p -1 -i 15 -e -s -m o3-mini
# Quick reconnaissance for multiple targets
for url in $(cat targets.txt); do
python run.py -u "$url" -p 5 -i 3 -o "bounty_$(basename $url)"
done
# Deep analysis of promising targets
python run.py -u https://target.com -p 20 -i 18 -e -s -m o1-preview
Penetration Testing
bash
# Initial vulnerability assessment
python run.py -u https://target.com -p 12 -i 10 -e -s
# Focused exploitation testing
python run.py -u https://target.com -p -1 -i 20 -m o1-preview
# Comprehensive penetration test
python run.py -u https://target.com -p -1 -i 15 -e -s -m o3-mini
Troubleshooting
Common Issues
bash
# API key not set
export OPENAI_API_KEY='your-key-here'
# Missing dependencies
pip install -r requirements.txt
playwright install
# Permission issues
chmod +x run.py
sudo chown $USER:$USER -R rogue/
# Python version issues
python3 --version # Should be 3.8+
pip3 install -r requirements.txt
Debug and Monitoring
bash
# Enable verbose output
python run.py -u https://target.com --verbose
# Monitor network traffic
python run.py -u https://target.com --debug-proxy
# Check system compatibility
python3 -c "import playwright; print('Playwright OK')"
python3 -c "import openai; print('OpenAI OK')"
Performance Optimization
Efficient Scanning
bash
# Use faster models for initial screening
python run.py -u https://target.com -m o4-mini -p 5 -i 3
# Optimize for speed
python run.py -u https://target.com -p 8 -i 5
# Balance speed and thoroughness
python run.py -u https://target.com -m o3-mini -p 10 -i 8
Resource Management
bash
# Limit iterations for large applications
python run.py -u https://target.com -i 10
# Manage API costs
python run.py -u https://target.com -m o4-mini -p 8
# Batch processing multiple targets
for target in $(cat targets.txt); do
python run.py -u "$target" -p 5 -i 5 -o "batch_$(date +%H%M%S)"
sleep 30 # Rate limiting
done
Integration Examples
CI/CD Pipeline
bash
# GitHub Actions integration
name: Security Scan
run: |
export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }}
python run.py -u ${{ env.TARGET_URL }} -p 8 -i 5
# Jenkins integration
sh '''
export OPENAI_API_KEY=${OPENAI_API_KEY}
python run.py -u ${TARGET_URL} -p 10 -i 8 -o "jenkins_${BUILD_NUMBER}"
'''
Automated Security Testing
bash
# Daily security scans
#!/bin/bash
export OPENAI_API_KEY="your-key-here"
python run.py -u https://production.com -p 8 -i 6 -o "daily_$(date +%Y%m%d)"
# Weekly comprehensive audit
python run.py -u https://production.com -p -1 -i 12 -e -s -o "weekly_$(date +%Y%m%d)"
Best Practices
Effective Usage
bash
# Start with quick assessment
python run.py -u https://target.com -p 5 -i 3
# Progress to standard scan
python run.py -u https://target.com -p 10 -i 8
# Deep dive on interesting findings
python run.py -u https://target.com -p -1 -i 15 -m o1-preview
# Always include scope expansion for thorough testing
python run.py -u https://target.com -e -s
Security and Ethics
bash
# Always obtain proper authorization before testing
# Use responsibly and ethically
# Follow security testing best practices
# Be mindful of potential impact on target systems
# Document all findings properly
# Report vulnerabilities through appropriate channels
Repository: https://github.com/faizann24/rogue
License: GPL-3.0
Language: Python
Stars: 324+ | Forks: 33+