Every capability of your autonomous auditor.
unpwnd doesn’t pattern-match. It reads your repository the way a senior security engineer would — list, grep, open, confirm — and only reports a vulnerability once it can trace the data flow from an untrusted source to a dangerous sink.
Built like an attacker. Reports like an engineer.
Agentic AI auditor
A reasoning agent explores your repo with read-only tools — list_dir, grep, read_file — confirming every data flow itself. No rules, no signatures.
Source→sink tracing
Every finding ships an ordered trace — entry point to sink — with file, line, snippet, and a note at each hop.
OWASP & CWE
Hunts the OWASP Top 10 (2021) and the CWE families behind them — injection, access control, crypto, SSRF, secrets.
Paste-ready fixes
Each finding carries a self-contained fix prompt — hand it straight to your coding agent or paste it into a PR.
Read-only & ephemeral
Clones are read-only and thrown away after the audit. No write scope, no network, no shell — the auditor can only look.
Severity triage
Findings are ranked critical → high → medium → low by impact × exploitability, so you fix what matters first.
Set your own cadence
Point it at a repo once, then choose a per-project audit cadence — weekly or bi-weekly — with a next-scan indicator on every repo.
Findings you can file.
Every finding is tagged with a CWE id and its OWASP category — ready for your tracker, your compliance evidence, and your auditors.
See what it finds in your code.
Connect a repository and get a traced, fixable security audit back in minutes.