Vulnerability Analysis

Vulnhuntr – Unleashing LLMs For Advanced Security Vulnerability Detection In Codebases

Vulnhuntr leverages the power of LLMs to automatically create and analyze entire code call chains starting from remote user input and ending at server output for detection of complex, multi-step, security-bypassing vulnerabilities that go far beyond what traditional static code analysis tools are capable of performing.

See all the details including the Vulnhuntr output for all the 0-days here: Protect AI Vulnhuntr Blog

Vulnerabilities Found

RepositoryStarsVulnerabilities
ComfyUI64kXSS
FastChat50kSSRF
Ragflow35kRCE
REDACTED29kRCE, IDOR
REDACTED20kSSRF
Ragflow16kRCE
REDACTED19kAFO
REDACTED12kAFO, IDOR

Limitations

  • Only Python codebases are supported.
  • Can only identify the following vulnerability classes:
    • Local file include (LFI)
    • Arbitrary file overwrite (AFO)
    • Remote code execution (RCE)
    • Cross site scripting (XSS)
    • SQL Injection (SQLI)
    • Server side request forgery (SSRF)
    • Insecure Direct Object Reference (IDOR)

Installation

Important

Vulnhuntr strictly requires Python 3.10 because of a number of bugs in Jedi which it uses to parse Python code. It will not work reliably if installed with any other versions of Python.

We recommend using pipx or Docker to easily install and run Vulnhuntr.

Using Docker:

docker build -t vulnhuntr https://github.com/protectai/vulnhuntr.git#main

Using pipx:

pipx install git+https://github.com/protectai/vulnhuntr.git

Alternatively you can install directly from source using poetry:

git clone https://github.com/protectai/vulnhuntr
cd vulnhuntr && poetry install

Usage

This tool is designed to analyze a GitHub repository for potential remotely exploitable vulnerabilities. The tool requires an API key for the LLM service (GPT or Claude) and the URL of the GitHub repository or the path to a local folder.

Command Line Interface

usage: vulnhuntr.py [-h] -r ROOT [-a ANALYZE] [-l {claude,gpt}] [-v]

Analyze a GitHub project for vulnerabilities. Export your ANTHROPIC_API_KEY before running.

options:
  -h, --help            show this help message and exit
  -r ROOT, --root ROOT  Path to the root directory of the project
  -a ANALYZE, --analyze ANALYZE
                        Specific path or file within the project to analyze
  -l {claude,gpt}, --llm {claude,gpt}
                        LLM client to use (default: claude)
  -v, --verbosity       Increase output verbosity (-v for INFO, -vv for DEBUG)

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtools
4 months ago

Recent Posts

Starship : Revolutionizing Terminal Experiences Across Shells

Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…

14 hours ago

Lemmy : A Decentralized Link Aggregator And Forum For The Fediverse

Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…

14 hours ago

Massive UX Improvements, Custom Disassemblers, And MSVC Support In ImHex v1.37.0

The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…

15 hours ago

Ghauri : A Powerful SQL Injection Detection And Exploitation Tool

Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…

18 hours ago

Writing Tools : Revolutionizing The Art Of Writing

Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…

18 hours ago

PatchWerk : A Tool For Cleaning NTDLL Syscall Stubs

PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…

2 days ago