Vulnerability Analysis

Vulnhuntr – Unleashing LLMs For Advanced Security Vulnerability Detection In Codebases

Vulnhuntr leverages the power of LLMs to automatically create and analyze entire code call chains starting from remote user input and ending at server output for detection of complex, multi-step, security-bypassing vulnerabilities that go far beyond what traditional static code analysis tools are capable of performing.

See all the details including the Vulnhuntr output for all the 0-days here: Protect AI Vulnhuntr Blog

Vulnerabilities Found

RepositoryStarsVulnerabilities
ComfyUI64kXSS
FastChat50kSSRF
Ragflow35kRCE
REDACTED29kRCE, IDOR
REDACTED20kSSRF
Ragflow16kRCE
REDACTED19kAFO
REDACTED12kAFO, IDOR

Limitations

  • Only Python codebases are supported.
  • Can only identify the following vulnerability classes:
    • Local file include (LFI)
    • Arbitrary file overwrite (AFO)
    • Remote code execution (RCE)
    • Cross site scripting (XSS)
    • SQL Injection (SQLI)
    • Server side request forgery (SSRF)
    • Insecure Direct Object Reference (IDOR)

Installation

Important

Vulnhuntr strictly requires Python 3.10 because of a number of bugs in Jedi which it uses to parse Python code. It will not work reliably if installed with any other versions of Python.

We recommend using pipx or Docker to easily install and run Vulnhuntr.

Using Docker:

docker build -t vulnhuntr https://github.com/protectai/vulnhuntr.git#main

Using pipx:

pipx install git+https://github.com/protectai/vulnhuntr.git

Alternatively you can install directly from source using poetry:

git clone https://github.com/protectai/vulnhuntr
cd vulnhuntr && poetry install

Usage

This tool is designed to analyze a GitHub repository for potential remotely exploitable vulnerabilities. The tool requires an API key for the LLM service (GPT or Claude) and the URL of the GitHub repository or the path to a local folder.

Command Line Interface

usage: vulnhuntr.py [-h] -r ROOT [-a ANALYZE] [-l {claude,gpt}] [-v]

Analyze a GitHub project for vulnerabilities. Export your ANTHROPIC_API_KEY before running.

options:
  -h, --help            show this help message and exit
  -r ROOT, --root ROOT  Path to the root directory of the project
  -a ANALYZE, --analyze ANALYZE
                        Specific path or file within the project to analyze
  -l {claude,gpt}, --llm {claude,gpt}
                        LLM client to use (default: claude)
  -v, --verbosity       Increase output verbosity (-v for INFO, -vv for DEBUG)

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

WhatsMyName App – Find Anyone Across 640+ Platforms

Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…

1 week ago

Analyzing Directory Size Linux Tools Explained

Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…

1 week ago

Understanding Disk Usage with du Command

Efficient disk space management is vital in Linux, especially for system administrators who manage servers…

1 week ago

How to Check Directory Size in Linux

Knowing how to check directory sizes in Linux is essential for managing disk space and…

1 week ago

Essential Commands for Linux User Listing

Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…

1 week ago

Command-Line Techniques for Listing Linux Users

Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…

2 weeks ago