Autonomous Security Testing

Donna

Grab 'em by the balls

13 AI agents working around the clock to find every vulnerability before attackers do. Continuous pentesting with a real-time web dashboard.

Watch Presentation View on GitHub

Features

Why Donna?

Donna isn't just a one-shot scanner — it's a full pentesting platform that runs while you sleep.

Donna Sentinel

Continuous scanning via Temporal cron workflows. Watches git repos, detects changes, runs incremental pentests automatically.

Web Dashboard

Real-time Astro-based dashboard with workflow list, live agent logs, findings panel, and severity tracking.

Finding Lifecycle

Tracks findings across scans (new → confirmed → resolved) with persistent baselines. Nothing slips through.

Smart Deduplication

Normalizes, classifies, and merges duplicate findings using CVSS 3.1, CWE classification, and endpoint canonicalization.

Exploitation Feedback

Iterative refinement loop — failed exploits feed context back into retry attempts for better coverage.

Slack / Discord Alerts

Webhook notifications on new or resolved findings. Stay informed without watching the dashboard.

Live Streaming

Real-time agent turn streaming via heartbeat-based TurnBuffer, viewable live in the dashboard.

Security Hardening

CSRF protection, rate limiting, security headers, input validation, and scoped Docker permissions built in.

How It Works

The Pentesting Pipeline

Four phases, fully automated, backed by durable Temporal workflows that survive crashes and auto-retry on failure.

1

Reconnaissance

Port scanning, tech detection, OSINT gathering, attack surface enumeration

2

Analysis

Vulnerability scanning, weakness identification, attack vector mapping

3

Exploitation

PoC validation, payload crafting, privilege escalation, evidence collection

4

Reporting

Structured findings with severity, evidence, and remediation steps

Get Started

Up and running in minutes

Clone, configure, and run your first pentest.

# 1. Clone and configure
git clone https://github.com/schlunsen/donna.git
cd donna
cp .env.example .env   # Add your ANTHROPIC_API_KEY

# 2. Place your target repo
git clone https://github.com/your-org/your-app.git ./repos/your-app

# 3. Run a pentest
./donna start URL=https://your-app.com REPO=your-app

# 4. Open the dashboard
just dashboard-ui    # http://localhost:4321

Secure your infrastructure.
Automatically.

13 AI agents. Temporal orchestration. Full reports. Open source.

Get Started Watch Presentation