bountyyfi/lonkero
Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.
appseccve-scanningcybersecurityhackersoffensive-securitypentestingpentesting-toolsrustsecuritysecurity-automationsecurity-toolsvulnerability-assessmentvulnerability-scannerswafweb-application-securityweb-pentestweb-securitywebscannerwebsecurityxss
First Claude commit: Dec 11, 2025Last Claude commit: 1mo agoDiscovered: Mar 24, 2026
Recent Claude Commits
deps: bump clap 4.5.59→4.5.60, tempfile 3.15→3.25, deadpool-redis 0.22→0.23
4c9b00d1mo agoauthor_emailfix: replace current_exe/args with cross-platform which crate for binary resolution
16645461mo agoauthor_emailchore: upgrade rand from 0.9 to 0.10
3e6dbb21mo agoauthor_emailfix: prevent UTF-8 boundary panics on multi-byte chars and replace current_exe
6a52d6f1mo agoauthor_emailRevert to working fetch pattern - remove AbortController and hardware_id
223a2332mo agoauthor_emailFix license_type case mismatch between server and extension
e4a09262mo agoauthor_emailFix license validation by sending null hardware_id from extension
b338d472mo agoauthor_emailFix browser extension CSP violation and improve license error handling
502dee22mo agoauthor_emailFix browser extension license activation hanging on "Validating..."
cd4da3e2mo agoauthor_emailFix UTF-8 string slicing panics across entire codebase
49a7d022mo agoauthor_emailUpdate CLI banner version from v3.6 to v3.7
da1299b2mo agoauthor_emailUpdate Cargo.lock to match CLI version 3.7.0
69478982mo agoauthor_emailFix UTF-8 string slicing panics in sqli_enhanced scanner
42810882mo agoauthor_emailFix broken XSS, framework scanners and CMS scan handler
1afd6852mo agoauthor_emailFix false positives in command injection, XXE, and SSRF scanners (round 10)
3da103c2mo agoauthor_emailStrengthen remaining root:/bin/ passwd detection patterns (round 9b)
1f698cb2mo agoauthor_emailFix false positives across 14 scanners (round 9)
2948f352mo agoauthor_emailImprove SPA soft-404 detection in file_upload_vulnerabilities
54925392mo agoauthor_emailFix remaining high-impact false positives (round 8)
42138df2mo agoauthor_emailFix false positives across 14 scanners (round 7)
9e3436d2mo agoauthor_emailFix false positives across 5 more scanners (round 6)
7a5e7272mo agoauthor_emailFix false positives across 7 more scanners (round 5)
26abd8a2mo agoauthor_emailFix additional false positives across 5 scanners (round 4)
6bbc18f2mo agoauthor_emailFix false positives across 11 more scanners (round 3)
bd0654e2mo agoauthor_emailFix additional false positives across 11 more scanner modules
141260e2mo agoauthor_emailFix false positives across all scanner modules (free + paid tiers)
8507c7e2mo agoauthor_emailFix false positives across all scanner modules (free + paid)
e2aa00f2mo agoauthor_emailAdd waf_nuke.py techniques: confirmed XSS/SQLi + insane mode
cf190d62mo agoauthor_emailAdd WAF Bypass button with 220+ bypass techniques
2a695ec2mo agoauthor_emailRemove stray git merge conflict marker from system prompt
25e2cab2mo agoauthor_emailfeat(ai): unlimited session length via proactive context compaction
d8ee4f72mo agoauthor_emailfeat(ai): implement categories 1-7 across all 6 AI module files
0c842612mo agoauthor_emailfeat: integrate Anthropic server-side web search for live CVE/exploit intel
a502e562mo agoauthor_emailfeat: handle user input instantly during scans and LLM thinking
35e40132mo agoauthor_emailfix: ensure license errors are visible when run as subprocess
c5e42242mo agoauthor_emailfix: add preflight check to catch broken scanner before LLM call
abe10082mo agoauthor_emailfix: bail immediately on fatal scanner errors instead of waiting for LLM
23f8b472mo agoauthor_emailfix: keep ScanToken unchanged, use side channel for license holder
3347afb2mo agoauthor_emailfeat: show license holder in AI banner (Enterprise Edition — Bountyy Oy)
e45410e2mo agoauthor_emailfix: mask license key in debug logs to prevent leaking
cca93062mo agoauthor_emailfix: show clear license errors instead of raw exit codes
75b361e2mo agoauthor_emailfix: user can actually interact during scans now (tokio::select!)
6790e9d2mo agoauthor_emailfix: remove spinner that eats typed text, fix license key, smarter scans
7b5a1dd2mo agoauthor_emailfix: spinner no longer erases typed text, user can chat during scans
fbebe082mo agoauthor_emailfeat: non-blocking auto mode with live chat, better error messages
115871f2mo agoauthor_emailfeat: streaming LLM output, progress spinners, and license tier in AI banner
663fea02mo agoauthor_emaildocs: add AI Testing (Bring Your Own Keys) to README feature highlights
e0912452mo agoauthor_emailfix: session summary severity counts and postMessage false positives on Next.js
d5eb8592mo agoauthor_emailfeat: add GhostCSS defenses to prevent prompt injection via CSS-hidden content
89acead2mo agoauthor_emailfeat: implement SMAC-L1 sanitization to prevent prompt injection via scan targets
aae34b12mo agoauthor_email