NYX

Nyx Agent

Live pentests for dev apps. It reads the repo, checks the local target, and keeps proof with the run.

GitHub Commercial use
  • Local target
  • Live checks
  • Stored proof
  • Opt-in destructive mode

From code to proof.

Point Nyx Agent at a repo and a local URL. It launches or watches the app, runs Nyx, explores routes, and verifies selected findings against the running target.

Step Output
Scan Static findings from nyx.
Explore Routes, forms, auth state, and API shape.
Verify Requests, responses, traces, and run history.
Triage Confirmed issues with status and evidence.

CLI first.

Use the dashboard when you want to watch the run or inspect proof.

nyx-agent scan ./apps/web --target-url http://127.0.0.1:3000
nyx-agent serve
GitHub Docs

Open source, with commercial terms available.

Nyx Agent is AGPLv3-or-later. Commercial licenses, paid support, onboarding, private policy packs, and enterprise terms are available.

Sponsor Contact