Vulnerability Analysis

Vulnhuntr – Unleashing LLMs For Advanced Security Vulnerability Detection In Codebases

Vulnhuntr leverages the power of LLMs to automatically create and analyze entire code call chains starting from remote user input and ending at server output for detection of complex, multi-step, security-bypassing vulnerabilities that go far beyond what traditional static code analysis tools are capable of performing.

See all the details including the Vulnhuntr output for all the 0-days here: Protect AI Vulnhuntr Blog

Vulnerabilities Found

RepositoryStarsVulnerabilities
ComfyUI64kXSS
FastChat50kSSRF
Ragflow35kRCE
REDACTED29kRCE, IDOR
REDACTED20kSSRF
Ragflow16kRCE
REDACTED19kAFO
REDACTED12kAFO, IDOR

Limitations

  • Only Python codebases are supported.
  • Can only identify the following vulnerability classes:
    • Local file include (LFI)
    • Arbitrary file overwrite (AFO)
    • Remote code execution (RCE)
    • Cross site scripting (XSS)
    • SQL Injection (SQLI)
    • Server side request forgery (SSRF)
    • Insecure Direct Object Reference (IDOR)

Installation

Important

Vulnhuntr strictly requires Python 3.10 because of a number of bugs in Jedi which it uses to parse Python code. It will not work reliably if installed with any other versions of Python.

We recommend using pipx or Docker to easily install and run Vulnhuntr.

Using Docker:

docker build -t vulnhuntr https://github.com/protectai/vulnhuntr.git#main

Using pipx:

pipx install git+https://github.com/protectai/vulnhuntr.git

Alternatively you can install directly from source using poetry:

git clone https://github.com/protectai/vulnhuntr
cd vulnhuntr && poetry install

Usage

This tool is designed to analyze a GitHub repository for potential remotely exploitable vulnerabilities. The tool requires an API key for the LLM service (GPT or Claude) and the URL of the GitHub repository or the path to a local folder.

Command Line Interface

usage: vulnhuntr.py [-h] -r ROOT [-a ANALYZE] [-l {claude,gpt}] [-v]

Analyze a GitHub project for vulnerabilities. Export your ANTHROPIC_API_KEY before running.

options:
  -h, --help            show this help message and exit
  -r ROOT, --root ROOT  Path to the root directory of the project
  -a ANALYZE, --analyze ANALYZE
                        Specific path or file within the project to analyze
  -l {claude,gpt}, --llm {claude,gpt}
                        LLM client to use (default: claude)
  -v, --verbosity       Increase output verbosity (-v for INFO, -vv for DEBUG)

For more information click here.

Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a Comment
Share
Published by
Tamil S
Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtools
22 mins ago

Recent Posts

LsassReflectDumping – A Deep Dive Into Secure Credential Extraction Techniques

This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe…

3 days ago

CVE-2024-30090 : LPE Proof Of Concept Detailed

In the evolving landscape of cybersecurity, understanding the mechanisms behind vulnerabilities is crucial for both…

3 days ago

Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration

Arena-Hard-Auto-v0.1 (See Paper) is an automatic evaluation tool for instruction-tuned LLMs. It contains 500 challenging…

3 days ago

go-exploitdb : A Comprehensive Guide To Managing Exploit Databases

This is a tool for searching Exploits from some Exploit Databases. Exploits are inserted at…

3 days ago

Awesome LLM AIOps: A Comprehensive Survey Of Incident

A list of awesome academic researches and industrial materials about Large Language Model (LLM) and…

3 days ago

PwnedPasswordsDownloader – Efficient Downloading Of HIBP Password Hashes Using Curl Parallelism

Thanks for HIBP and this downloader. At first I was considering using it, but the…

1 week ago