Vulnerability Analysis

Vulnhuntr – Unleashing LLMs For Advanced Security Vulnerability Detection In Codebases

Vulnhuntr leverages the power of LLMs to automatically create and analyze entire code call chains starting from remote user input and ending at server output for detection of complex, multi-step, security-bypassing vulnerabilities that go far beyond what traditional static code analysis tools are capable of performing.

See all the details including the Vulnhuntr output for all the 0-days here: Protect AI Vulnhuntr Blog

Vulnerabilities Found

RepositoryStarsVulnerabilities
ComfyUI64kXSS
FastChat50kSSRF
Ragflow35kRCE
REDACTED29kRCE, IDOR
REDACTED20kSSRF
Ragflow16kRCE
REDACTED19kAFO
REDACTED12kAFO, IDOR

Limitations

  • Only Python codebases are supported.
  • Can only identify the following vulnerability classes:
    • Local file include (LFI)
    • Arbitrary file overwrite (AFO)
    • Remote code execution (RCE)
    • Cross site scripting (XSS)
    • SQL Injection (SQLI)
    • Server side request forgery (SSRF)
    • Insecure Direct Object Reference (IDOR)

Installation

Important

Vulnhuntr strictly requires Python 3.10 because of a number of bugs in Jedi which it uses to parse Python code. It will not work reliably if installed with any other versions of Python.

We recommend using pipx or Docker to easily install and run Vulnhuntr.

Using Docker:

docker build -t vulnhuntr https://github.com/protectai/vulnhuntr.git#main

Using pipx:

pipx install git+https://github.com/protectai/vulnhuntr.git

Alternatively you can install directly from source using poetry:

git clone https://github.com/protectai/vulnhuntr
cd vulnhuntr && poetry install

Usage

This tool is designed to analyze a GitHub repository for potential remotely exploitable vulnerabilities. The tool requires an API key for the LLM service (GPT or Claude) and the URL of the GitHub repository or the path to a local folder.

Command Line Interface

usage: vulnhuntr.py [-h] -r ROOT [-a ANALYZE] [-l {claude,gpt}] [-v]

Analyze a GitHub project for vulnerabilities. Export your ANTHROPIC_API_KEY before running.

options:
  -h, --help            show this help message and exit
  -r ROOT, --root ROOT  Path to the root directory of the project
  -a ANALYZE, --analyze ANALYZE
                        Specific path or file within the project to analyze
  -l {claude,gpt}, --llm {claude,gpt}
                        LLM client to use (default: claude)
  -v, --verbosity       Increase output verbosity (-v for INFO, -vv for DEBUG)

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

1 week ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

1 week ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

1 week ago