Rook

Autonomous security research agent - a single Go binary for vulnerability research and bug hunting, powered by ChatBotKit.

1

Get Rook

Install with Go, or download a prebuilt binary for your platform from the releases page.

go install github.com/chatbotkit/rook/cmd/rook@latest

Prebuilt binaries: github.com/chatbotkit/rook/releases

2

Set your API key

Rook authenticates with your ChatBotKit API secret. Export it (or place it in a .env file).

export CHATBOTKIT_API_SECRET="your-api-key"
3

Run it

Give Rook a task and an explicit scope. It works through the problem autonomously — recon, analysis, verification — and reports back.

rook --scope "repo: ./server, no network" \
  "Audit the HTTP handlers in ./server for injection and auth bypass bugs"
Authorized use only. Rook is an offensive-security tool. Only run it against systems and code you own or are explicitly authorized to test. Always pass an explicit --scope.
View on GitHub