top | item 47118146

Show HN: Panther – a cross-platform cybersecurity scripting language

2 points| CzaxTanmay | 8 days ago

Hi HN,

I’ve been building Panther, a cross-platform scripting language designed specifically for cybersecurity workflows and automation.

Panther focuses on making common security tasks simple, readable, and fast without relying on complex shell pipelines or large scripting setups.

The language runtime is written in Go, and Panther currently runs on Windows and Linux, with a dedicated VS Code extension for development.

Why Panther?

Cybersecurity workflows often require combining multiple tools and languages:

Bash scripts

Python utilities

CLI scanners

manual command chaining

Panther explores a different approach — a domain-specific scripting language with built-in security capabilities and a clean syntax designed for automation and learning and real world cybersecurity programming.

Key Features --

Cross-platform (Windows & Linux)

Built in Go for speed and reliability

VS Code extension with language support

60+ cybersecurity-based commands

16 core language keywords

Simple and readable syntax

Fast execution

Designed for ethical and legal security testing

Example Code

Compute("Hello");

Phone_Info("+CountryCodeMobileNumber");

name = Accept("Hello, enter your name: ");

Print("Hello " + name);

(Compute() can also be used as output instead of Print().)

The goal is to make scripts easy to read while keeping security workflows concise.

Architecture --

Execution engine: native interpreter

Editor support: VS Code extension

Built-in commands: cybersecurity-focused primitives

Project Goals

Simplify cybersecurity automation

Provide a beginner-friendly entry into security scripting

Reduce dependence on complex multi-tool setups

Create a focused DSL for ethical security workflows.

Learn Panther through it's GitHub README.

Feedback Welcome

I’d really appreciate feedback on:

Language design

Command structure

Developer experience

Real-world security use cases

GitHub:

https://github.com/CzaxStudio/Panther

Website --

https://pantherlang.pages.dev/

Thanks for reading — feedback is very welcome.

3 comments

with|8 days ago

Haha, it's ironic this is a language (or regex line parser) for cybersecurity experts and itself has several security issues...

1) Ships pre-compiled binaries with no source code, tells you to wget && chmod +x && sudo mv it into PATH. No checksums, no signatures. For a security tool.

2) Every command is parsed via regex (^Dns_Lookup$(.+)$;$) wit zero input sanitization and captured groups go straight into net.Dial, HTTP requests

3) URL_Status(), HTTP_Headers(), WebFingerprint() are trivial SSRF vectors, point them at http://169.254.169.254/ and have fun.

4) Secretly sends your targets to third-party APIs (ipapi.co, ipinfo.io, crt.sh, pwnedpasswords.com) with no disclosure or user consent

verdverm|8 days ago

ns;nt (https://blog.kinglycrow.com/no-skill-no-taste/)

CzaxTanmay|4 days ago

Thanks for pointing out. I will fix it.