KILLER
GitHub
Early development · not yet released

KILLER

Break your software before attackers do.

An open-source security testing framework for Rust, in early development.This site documents the project's goals and planned design — most of it isn't built yet.

Rust · Apache-2.0 · no release yet

Overview

What Killer aims to be

Killer is a planned security testing framework for Rust projects. The goal is a single tool that analyzes a codebase, runs adversarial tests against it, and reports exploitable findings. It is at an early stage — this page describes the intended design, not shipped software.

!
Current status: Early development · not yet released

The repository is initialized (Rust, Apache-2.0) but does not yet contain an implementation. There is no release, no published crate, and no CLI to install today.

Follow on GitHub →

Analyze

Build a security-focused model of a Rust codebase and its dependencies.

Attack

Actively test that model — fuzzing and exploit scenarios, not just linting.

Harden

Report findings with enough context to fix them, and re-check over time.

Design preview

The CLI we're
designing.

The intended workflow is a single command that analyzes a project and runs security checks against it. The terminal here is a mockup of that experience — it is not implemented, and the output is an illustrative example, not real results.

Planned: whole-project analysis
Planned: active checks, not just linting
Planned: pass / fail results with severity
killer — ~/my-project
MOCKUP
$
Analyzing project...
Sources parsed
Dependency graph built
Running security checks...
Authentication
Brute-force protection
Session replay (example finding)
API surface
Injection checks
Rate-limit checks
# illustrative output — not a real run
security/login.klrDRAFT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
suite "Authentication" {
attack login {
endpoint "/api/login"
fuzz credentials
expect {
unauthorized_access false
token_leak false
}
severity critical
}
}
Proposed design · .klr

Write security tests,
not just bug reports.

A proposed domain-specific language for defining attack scenarios and reliability tests. This is an early draft of the syntax to illustrate the idea — the language is not implemented, and the design will change.

Draft grammar
A first sketch of the syntax, shown here.
Explained
Hover a keyword to see the intent.
Planned: executable
Scenarios are meant to run as real attacks.
Planned architecture

How we intend to structure it

This is the intended design, not a built system. The plan: source flows into a single security model that a scanner, the .klr runtime, and an attack engine all read and write — so a finding in one lens can inform the others, then roll up into reports. Component boundaries will likely change as it's implemented.

KILLERAnalysis CoreScannerKLR RuntimeAttack EngineSecurity GraphReports
Scanner
AST + data-flow
KLR Runtime
Executes .klr
Attack Engine
Exploit + fuzz
Reports
CI + dashboards
Roadmap

What's planned — and where it stands

An honest view of the work. Nothing below is implemented yet; the status shows how far along the design is, not shipped functionality. This will be updated as the repository grows.

  • Core CLI

    A `killer` command-line entry point that can scan a project directory.

    Planned
  • Static analysis

    Parse Rust sources into a security-focused model of the codebase.

    Planned
  • Vulnerability rules

    A rule engine matching known unsafe patterns and advisories.

    Planned
  • .klr language

    A small DSL for authoring attack scenarios and reliability tests.

    In design
  • Attack simulation

    Active fuzzing and exploit-chain testing driven by the rule set.

    In design
  • CI integration

    Run in pipelines and fail builds on newly introduced critical findings.

    Not started
Status labels reflect design progress only. Track actual commits in the repository.
Documentation

Current state & how to follow

Killer isn't released yet, so there's nothing to install or run today. Rather than document commands that don't exist, here's exactly where the project stands and how to track it.

Project status
RepositoryInitialized
LanguageRust
LicenseApache-2.0
ReleaseNone yet
Published crateNot published
CLINot implemented
Planned installationNOT AVAILABLE YET
# once a release is published, the intended install is:
$ cargo install killer
# today this command does nothing — no crate is published.
Open source

Early, open, and looking for input

Killer is open source under the Apache-2.0 license. It's at the very start, so the most useful contributions right now are ideas: what a Rust security testing tool should do, and how the .klr language should feel. If that interests you, the repository is the place to start.

Rust
Language
Apache-2.0
License
Open
Source
Early
Stage