★ Chaos Monkeys

How it works.

Chaos Monkeys is QA-as-a-service with teeth. Drop a target URL or connect a repo; a crew of specialist hunters probes for bugs, files bounty bills with severity + repro + evidence, and hands you LLM-ready fix prompts. You see free teaser scans first, then pay only for the reports you want.

The crew

Eight live black-box hunters work the wire. 4-LOM reads source. Gunslinger and Cloud are paid add-ons. Silverback runs the room. Click any card to expand its bio.

Han
Han
smoke tests + brute force, finds the obvious-but-overlooked
Shoots first, asks later.
Han is the cocky one. Boots up with a one-liner curl and walks out with three CRITs while the rest of the crew is still reading docs. Specializes in the dumb-fast probes most teams skip: bare /admin, exposed .git, default creds, /.env in the wrong place. If your prod has a soft underbelly, Han finds it before lunch.
Tools: curl, common-path probes, shell-meta injection, vibe-based intuition Style: fast, loud, occasionally wrong but never quiet
Boba
Boba
systematic recon, methodical endpoint enumeration
Methodical. Inevitable.
Boba sweeps the entire attack surface before he fires a single probe. Every endpoint mapped, every query parameter cataloged, every header sniffed. Where Han charges, Boba surveys. The slow burn that finds the things hiding in plain sight: a stale staging URL leaked in a JS bundle, a deprecated /v1 path still online, an API doc that lists more endpoints than the live app advertises.
Tools: whatweb, wayback machine, JS source maps, curl with patience Style: patient, relentless, never satisfied with the first answer
Mando
Mando
auth & session — tokens, JWTs, OAuth, fixation
This is the way.
Mando lives in the auth boundary. Token lifetimes too long? JWT signature unverified? OAuth state parameter missing? Session fixation possible? Refresh tokens stored where they shouldn't be? He's already filed the bill. The auth flow is a creed; he tests every step.
Tools: jwt.io, Burp Repeater, OAuth flow tracer, PKCE verifier Style: stoic, principled, trusts nothing without verification
Cad
Cad
injection — SQL, NoSQL, XSS, SSRF, command
Every input is a vector.
Cad is the injection specialist. Bossan native who reads the wire and finds the boundary where user input becomes backend trust. SQL, NoSQL, XSS, SSRF, command injection, template injection, server-side request forgery, prototype pollution. If a string crosses a parser, Cad has tried fifty ways to break it.
Tools: sqlmap, polyglot payloads, ssrf canary, command-meta corpus Style: precise, surgical, owns the input layer
Predator
Predator
performance & DoS, slow queries, race conditions
Latency assassin.
Predator stalks the response time. ReDoS, slow loris, unbounded result sets, N+1 queries, missing pagination, recursive payloads, billion-laughs, zip bombs. Pushes systems until they buckle, then files the bill that says exactly which knob to turn.
Tools: wrk, siege, evil regex corpus, nested payload generator Style: patient, watching, strikes at the bottleneck
Bossk
Bossk
business logic — IDORs, priv-esc, workflow bypass
Reads the rules to break them.
Bossk is the rule-breaker who reads every rule first. IDORs (insecure direct object references), privilege escalation between roles, workflow bypasses, race-condition double-spends, negative-number cart attacks, missing authorization checks on state transitions. The bugs that don't show up in scanners because they require understanding what the app is supposed to do.
Tools: multi-account replay, state-machine fuzzing, manual session swap Style: deliberate, scheming, finds intent gaps
IG-88
IG-88
API contracts — schema mismatches, type confusion, malformed payloads
Cold. Methodical. Schema-aware.
IG-88 is the assassin droid of the type system. Sends every malformed payload imaginable: wrong types, extra fields, missing required fields, null injection, prototype pollution via JSON, integer overflow, unicode normalization tricks. Crashes happen because someone trusted req.body without validating shape.
Tools: schema fuzzers, AFL-style mutation, hand-crafted edge cases Style: robotic, exhaustive, no shortcuts
Aurra
Aurra
latency & async — race conditions, timing, idempotency failures
Time is the attack surface.
Aurra hunts the gap between actions. Race conditions on payment confirmation. Idempotency keys that aren't actually idempotent. Double-submissions that produce two records. Timing attacks on token comparison. Webhook replays. The bugs that only manifest when two requests arrive 50ms apart on different load-balanced instances.
Tools: concurrent request generator, timing oracle harness, webhook replay Style: patient, precise, lives in the milliseconds
4-LOM
4-LOM
static analysis — auth holes, hardcoded secrets, injection sinks, dependency CVEs
Reads every line. Skips nothing.
4-LOM is the protocol-droid hunter. Where the rest of the crew kicks the front door, 4-LOM walks straight into the source tree. Clones your repo into a sealed sandbox, parses every file in every language it knows (TS, JS, Go, Python, Rust, Ruby, Java, PHP), traces dataflow from request handlers down to sinks, and surfaces the bugs that black-box probing can't see: auth checks that are never reached, secrets baked into commits, SQL strings concatenated with user input, dependencies sitting on five-year-old CVEs. Methodical, patient, opinionated. Files bills with file:line precision so the fix-prompt can write the patch directly. Repo-only mode runs ONLY 4-LOM for $99 flat. As a live-hunt add-on, pairs SAST with the black-box crew for $99 extra.
Tools: repo clone via App / PAT, tree-sitter AST, semgrep rulesets, LLM dataflow trace, dep-CVE crosscheck Style: droid-precise, line-numbered citations, never speculates beyond what the code says
Gunslinger
Gunslinger
active testing — Metasploit, nmap, ffuf, dirbust
Boots on the ground.
Gunslinger is the active-testing tier. Runs in a hardened sandbox with iptables egress locked to your verified target. Wields Metasploit's auxiliary scanner suite, nmap, nikto, whatweb, and ffuf with a 30k-path SecLists wordlist. Finds what passive scanners miss: actual response analysis, version-CVE matching, real path discovery. Requires the active-testing add-on ($499) and verified target ownership.
Tools: Metasploit Framework, nmap -sT, nikto, ffuf raft-medium-30k Style: decisive, paid, only deployed when you authorize active probes
Cloud
Cloud
cloud config — AWS IAM, S3, security groups, prowler audit
Looks at the keys before the locks.
Cloud sits at the AWS console-level. Decrypts your read-only IAM credentials inside a hardened sandbox, runs prowler across IAM, S3, EC2, RDS, KMS, CloudTrail, GuardDuty, and config — then triages the firehose with an LLM and writes verified bills only on the findings that actually exploit. Surfaces the misconfigs you can't see from the outside: world-readable buckets, root keys still active, security groups pinholed for debugging two years ago. Requires verified read-only AWS credentials and explicit consent.
Tools: prowler v4, aws CLI (read-only), LLM triage, config drift diff Style: encyclopedic, careful, never writes when read suffices
Silverback
Silverback
the fixer, books the room and writes the impact report
Right monke. Right target. No excuses.
Silverback runs the operation. He doesn't hunt. He picks up the phone, calls the right hunter, books the job, then watches every bill land in real time. Tailored suit, cigar, gold pinky ring, board of mug shots behind him with red pins for live targets. Talks like a fixer because he is one. The crew brings bugs; Silverback brings the story. When the hunt wraps, he chains your unlocked findings into 1 to 3 attack paths in a $1499 impact report (entry, exploit, pivot, final state) with a chain-breaker recommendation the engineering lead can ship that afternoon. Bug counts get filed. Attack narratives get circulated up the chain. That is where the budget is.
Tools: bill watcher, exploit-path synthesis, monkey-voice orchestration, chain-breaker triage Style: clipped, gravelly, no-bullshit fixer; Chaos. Control. Profit.

The three modes

🎯

Live target

Free teasers · $249 per unlock

We treat your app like an attacker would. No source code access. Just probes from the wire across all eight live hunters. Free teaser scans surface what's interesting; you pay $249 to read a single monkey's full bill, or grab bundles (3 / $599 · 5 / $899 · 8 / $1,499). Hunt-specific unlock-all is $999.

Best for: production apps, public APIs, anything where you only have HTTP access.
📖

Repo-only

$99 flat

Connect a GitHub App, paste a PAT, or drop a public GitHub URL. 4-LOM clones your source, walks the AST with semgrep + LLM dataflow, and writes findings with file:line precision. One report, $99 flat. No live target needed.

Best for: pre-deployment audits, scanning open-source code, "can you check my repo before I ship?"
🔁

Live + repo

Live unlocks + $99 4-LOM addon

Run the live crew AND 4-LOM in parallel. 4-LOM's source-tree findings become "leads" for the live monkeys via the directed-turn pipeline. Mando validates auth-bypasses from the wire, Cad validates injection sinks, and so on. Both black-box and white-box coverage on the same target.

Best for: pre-launch hardening, anything where you want maximum coverage.

The unlock model

Every hunt starts with free teaser scans. Each monkey takes 60 to 90 seconds, surfaces the single most interesting issue they spot, and writes a public-safe one-liner: severity + a teaser sentence that hints at the surface without giving the exploit away.

You see the teaser before paying. If a monkey's teaser is interesting, you pay $249 (or use a bundle credit) to unlock that monkey's full bill: title, severity, repro, evidence, paired LLM-ready fix prompt. If it's not interesting, you skip it. You only pay for the reports you actually want.

Why this works: customers see what's coming before paying. Reduces the "I paid and got nothing" friction that haunts most pentest engagements. The teasers give you signal; the paid bills give you the patch.

Apply-as-PR

Every paid bill comes with a paired fix prompt — framework-agnostic for live monkeys, file:line-cited for 4-LOM. Three ways to apply:

Privacy + safety

Ready?

Drop a URL or connect a repo. Free teasers in about 8 minutes.

Sign in to start a hunt → View pricing