Vulnhuntr leverages the power of LLMs to automatically create and analyze entire code call chains starting from remote user input and ending at server output for detection of complex, multi-step, security-bypassing vulnerabilities that go far beyond what traditional static code analysis tools are capable of performing.
See all the details including the Vulnhuntr output for all the 0-days here: Protect AI Vulnhuntr Blog
Repository | Stars | Vulnerabilities |
---|---|---|
ComfyUI | 64k | XSS |
FastChat | 50k | SSRF |
Ragflow | 35k | RCE |
REDACTED | 29k | RCE, IDOR |
REDACTED | 20k | SSRF |
Ragflow | 16k | RCE |
REDACTED | 19k | AFO |
REDACTED | 12k | AFO, IDOR |
Important
Vulnhuntr strictly requires Python 3.10 because of a number of bugs in Jedi which it uses to parse Python code. It will not work reliably if installed with any other versions of Python.
We recommend using pipx or Docker to easily install and run Vulnhuntr.
Using Docker:
docker build -t vulnhuntr https://github.com/protectai/vulnhuntr.git#main
Using pipx:
pipx install git+https://github.com/protectai/vulnhuntr.git
Alternatively you can install directly from source using poetry:
git clone https://github.com/protectai/vulnhuntr
cd vulnhuntr && poetry install
This tool is designed to analyze a GitHub repository for potential remotely exploitable vulnerabilities. The tool requires an API key for the LLM service (GPT or Claude) and the URL of the GitHub repository or the path to a local folder.
usage: vulnhuntr.py [-h] -r ROOT [-a ANALYZE] [-l {claude,gpt}] [-v]
Analyze a GitHub project for vulnerabilities. Export your ANTHROPIC_API_KEY before running.
options:
-h, --help show this help message and exit
-r ROOT, --root ROOT Path to the root directory of the project
-a ANALYZE, --analyze ANALYZE
Specific path or file within the project to analyze
-l {claude,gpt}, --llm {claude,gpt}
LLM client to use (default: claude)
-v, --verbosity Increase output verbosity (-v for INFO, -vv for DEBUG)
For more information click here.
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…