hadriansecurity/openhack

OpenHack is an open-source toolkit from Hadrian, a security company, for doing whitebox source code reviews in a structured way. It is meant to be driven from inside an AI coding assistant such as Claude Code, Codex, or Cursor, although it also ships a regular command-line tool you can run by hand. The job of the AI assistant is to read code, run commands, and ask you for approval. The job of OpenHack is to keep durable state on disk: the cloned source, recon notes, scenario prompts, scenario results, candidate findings, triage decisions, final findings, and logs. The big idea is a checkpointed pipeline that the README calls scenario-first review. A recon step looks at the source and lists the surfaces worth checking, such as routes, inputs, sinks, and boundaries. A router agent groups those surfaces into scoped scenarios. Expert agents then either prove or reject each scenario one at a time. Finally an independent triage agent decides which proven items become real findings. A human approves every transition between phases, so the tool does not run end to end on its own. The quick start has two paths. The easy path is to open the repo in an AI assistant and type a prompt like "Initiate a whitebox pentest on this GitHub URL", and the assistant follows the steps written in AGENTS.md. The manual path is to install the CLI with pip in editable mode from a clone, then run the openhack commands in order: init-run, run-recon, create-scenarios, record-scenario-backlog, render-scenario-prompt, record-scenario-result, render-finding-triage-prompt, record-finding-triage, and summarize-run. The repo lists a small set of expert types it ships with, such as injection and broken-access-control, and an optional Semgrep integration that adds source-pattern hints to recon. The state machine is intentionally narrow: recon item, routing unit, scenario, scenario result, finding candidate, triage decision, finding. The project is MIT licensed and needs Python 3.9 or newer.