Releases: vichhka-git/opencode-shannon-plugin
v0.3.0: The Intelligence Update
This release introduces 'Human-Tier' skills including Business Logic Auditing, Cloud/CI/CD Reconnaissance, and Schema-Aware API Fuzzing. It also streamlines the plugin by merging correlation logic into the reporting tool and adding strict usage guards for raw execution.
Bug Fix (v0.3.0 re-release)
- Fixed broken tool factories (
shannon-api-fuzzer,shannon-cloud-recon,shannon-logic-audit) that imported non-existent types (Tool,ToolExecuteContext,ToolExecuteOutput) — rewritten to use the canonicaltool()factory pattern from@opencode-ai/plugin - Updated
src/index.tsimports to match corrected factory function names - Added
AGENTS.mdwith comprehensive build commands, code style, and conventions
v0.2.2: Oh-My-OpenCode Alignment
This release aligns the Shannon Plugin with the Oh-My-OpenCode orchestration framework, enabling multi-agent security workflows between Sisyphus, Oracle, and Librarian.
v0.2.1 - Added gowitness & BrowserBruter
What's New in v0.2.1
🔧 New Tools in Docker Image
| Tool | Purpose | Stars |
|---|---|---|
| gowitness | Batch web screenshots with gallery UI, Nmap/Nessus result integration | 4.2k ⭐ |
| BrowserBruter | Browser-based form fuzzing — bypasses encrypted HTTP bodies, captchas, client-side validation | 334 ⭐ |
Why These Tools?
gowitness provides:
- Fast batch screenshots of multiple URLs
- Built-in gallery web UI for reviewing results
- Direct integration with Nmap/Nessus scan outputs
- Technology fingerprinting (via Wappalyzer)
BrowserBruter fills a critical gap:
- Fuzzes forms at the browser level — no need to break encryption
- Bypasses client-side validation and captchas
- Works when HTTP proxy tools (Burp, ZAP, sqlmap) fail due to encrypted request bodies
- MCP integration for AI-powered fuzzing
Usage Examples
# gowitness - screenshot all URLs from nmap scan
gowitness scan nmap -f nmap-results.xml --write-db
# BrowserBruter - fuzz login form with payloads
browserbruter --target https://example.com/login --payloads payloads/sqli.txtFull Changelog: v0.2.0...v0.2.1
v0.2.0 - Enhanced Security Testing & Oh-My-OpenCode Integration
What's New in v0.2.0
🚀 Oh-My-OpenCode Integration
Shannon now integrates seamlessly with Oh-My-OpenCode for multi-agent penetration testing:
- Parallel reconnaissance with background agents
- Automatic escalation to Oracle for complex findings
- Session continuity across testing phases
- Use the magic
ulw:prefix for relentless autonomous testing
🛠️ New Security Testing Tools
| Tool | Description |
|---|---|
shannon-auth-session |
Session management and auth token handling |
shannon-correlate |
Cross-reference findings across scan phases |
shannon-js-analyze |
JavaScript bundle analysis for hidden endpoints |
shannon-rate-limit |
Rate limiting and brute force detection |
📚 New Skills
- api-security.md - API security testing methodology
- pentest-spa.md - SPA/JavaScript application testing guide
📖 Documentation Improvements
- Added "Why Use Latest Models?" section - explains how frontier models improve vulnerability detection
- Added "Model Selection Guide" - recommendations for different use cases
- Added frontier and budget-friendly configuration examples
- Enhanced IDOR testing with better response handling
🔧 Improvements
- Improved IDOR testing tool with better cross-user validation
- Enhanced pentest methodology skill with comprehensive OWASP coverage
- Updated system prompts for clearer tool guidance
Full Changelog: v0.1.0...v0.2.0
v0.1.0 — Initial release (blackbox skill only)
Initial public release. Provides blackbox scanning skill: reconnaissance, vulnerability discovery and reporting. Includes Docker image builder and user-level installer (scripts/install-global.sh).