KILLER
Break your software before attackers do.
An open-source security testing framework for Rust, in early development.This site documents the project's goals and planned design — most of it isn't built yet.
Rust · Apache-2.0 · no release yet
What Killer aims to be
Killer is a planned security testing framework for Rust projects. The goal is a single tool that analyzes a codebase, runs adversarial tests against it, and reports exploitable findings. It is at an early stage — this page describes the intended design, not shipped software.
The repository is initialized (Rust, Apache-2.0) but does not yet contain an implementation. There is no release, no published crate, and no CLI to install today.
Analyze
Build a security-focused model of a Rust codebase and its dependencies.
Attack
Actively test that model — fuzzing and exploit scenarios, not just linting.
Harden
Report findings with enough context to fix them, and re-check over time.
The CLI we're
designing.
The intended workflow is a single command that analyzes a project and runs security checks against it. The terminal here is a mockup of that experience — it is not implemented, and the output is an illustrative example, not real results.
Write security tests,
not just bug reports.
A proposed domain-specific language for defining attack scenarios and reliability tests. This is an early draft of the syntax to illustrate the idea — the language is not implemented, and the design will change.
How we intend to structure it
This is the intended design, not a built system. The plan: source flows into a single security model that a scanner, the .klr runtime, and an attack engine all read and write — so a finding in one lens can inform the others, then roll up into reports. Component boundaries will likely change as it's implemented.
What's planned — and where it stands
An honest view of the work. Nothing below is implemented yet; the status shows how far along the design is, not shipped functionality. This will be updated as the repository grows.
- PlannedCore CLI
A `killer` command-line entry point that can scan a project directory.
- PlannedStatic analysis
Parse Rust sources into a security-focused model of the codebase.
- PlannedVulnerability rules
A rule engine matching known unsafe patterns and advisories.
- In design.klr language
A small DSL for authoring attack scenarios and reliability tests.
- In designAttack simulation
Active fuzzing and exploit-chain testing driven by the rule set.
- Not startedCI integration
Run in pipelines and fail builds on newly introduced critical findings.
Current state & how to follow
Killer isn't released yet, so there's nothing to install or run today. Rather than document commands that don't exist, here's exactly where the project stands and how to track it.
Early, open, and looking for input
Killer is open source under the Apache-2.0 license. It's at the very start, so the most useful contributions right now are ideas: what a Rust security testing tool should do, and how the .klr language should feel. If that interests you, the repository is the place to start.