How It Works

Four phases. Zero manual intervention. Total API domination.

01 Recon

Target Acquisition

WAR-EYE initiates high-speed reconnaissance to map your entire API surface. Subdomain enumeration, port scanning, header analysis, and endpoint discovery—all automated.

  • Subdomain & DNS enumeration
  • Port & service detection
  • Authentication scheme mapping
  • Rate limit fingerprinting 
$ wareye recon --target api.target.com

[SCAN] Initiating reconnaissance...
  ├─ Subdomains: 12 discovered
  ├─ Open ports: 80, 443, 8080
  ├─ Endpoints: 47 mapped
  └─ Auth: JWT detected

✓ Recon complete in 4.2s
02 Fuzz

Black-Box Assault

Stateful, sequence-aware fuzzing powered by LibAFL. WAR-EYE maintains session state, handles authentication tokens, and mutates payloads with coverage-guided precision.

  • Coverage-guided mutation
  • Session/token management
  • Sequence-aware payloads
  • Crash & hang detection 
$ wareye fuzz --campaign wry-8f3a2c

[FUZZ] Loading corpus...
  ├─ Mutations: 15,847 loaded
  ├─ Coverage: 67.2% → 89.1%
  ├─ Execs/sec: 4,231
  └─ Crashes: 3

[CORPUS] New edges discovered
  └─ Saved 23 interesting inputs

✓ Fuzzing session complete
03 Triage

AI-Powered Analysis

LLM agents cluster crashes, deduplicate findings, classify severity, and generate detailed vulnerability reports with root cause analysis.

  • Crash clustering & dedup
  • Severity classification
  • Root cause analysis
  • JSONL report generation 
$ wareye triage --campaign wry-8f3a2c

[AI] Analyzing 3 crashes...

● CRITICAL SQL Injection
  └─ /api/users/{id}
  └─ Payload: ' OR 1=1--

● HIGH Auth Bypass
  └─ /api/admin/config
  └─ Missing role validation

✓ Triage complete. Reports saved.
04 Patch

Remediation Intel

Don't just find bugs—fix them. WAR-EYE generates minimal reproducers (PoCs) and AI-suggested patches ready for your dev team.

  • PoC generation
  • Minimal harness export
  • AI patch suggestions
  • CI/CD integration 
$ wareye patch --vuln VULN-001

[PATCH] Generating remediation...

// Suggested fix for SQL Injection
- query = f"SELECT * FROM users WHERE id={id}"
+ query = "SELECT * FROM users WHERE id=?"
+ cursor.execute(query, (id,))

✓ Patch exported to ./patches/

Autonomous AI Orchestration

LLM agents coordinate the entire campaign. No babysitting. No manual intervention. Just results. 

# campaign.yaml
target: api.example.com
mode: autonomous
agents:
  recon:
    timeout: 300s
    depth: deep
  fuzz:
    corpus: ./corpus/
    coverage_target: 90%
  triage:
    model: gpt-4
    severity_threshold: medium
  patch:
    export_pocs: true
    suggest_fixes: true

See It In Action

Ready to witness autonomous API security?

Request a Demo