[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-1366":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":22,"hasPages":22,"topics":24,"createdAt":10,"pushedAt":10,"updatedAt":25,"readmeContent":26,"aiSummary":27,"trendingCount":15,"starSnapshotCount":15,"syncStatus":28,"lastSyncTime":29,"discoverSource":30},1366,"nano-analyzer","weareaisle\u002Fnano-analyzer","weareaisle","A minimal LLM-powered zero-day vulnerability scanner by AISLE.","https:\u002F\u002Faisle.com",null,"Python",277,53,3,0,7,18,36,21,5.2,"Apache License 2.0",false,"main",[],"2026-06-12 02:00:27","# Nano-analyzer\n\n**A minimal LLM-powered zero-day vulnerability scanner by [AISLE](https:\u002F\u002Faisle.com).**\n\n![aisle-nano-analyzer-diagram](aisle-nano-analyzer.png)\n\n> **Research prototype for demonstration purposes.** This is a simple, single-file harness that is able to detect real zero-day vulnerabilities. Note that it is a prototype, biased towards C\u002FC++ memory safety bugs, and will produce false positives. We are sharing it as-is in the spirit of open research — expect sharp corners.\n\n## What it does\n\nNano-analyzer is a simple single-file Python scanner that sends source code through a three-stage LLM pipeline:\n\n1. **Context generation** — a model writes a security briefing about the file: what it does, where untrusted data flows, which buffers exist and how big they are.\n2. **Vulnerability scan** — the same model, primed with the context, hunts for zero-day bugs function by function and outputs structured findings.\n3. **Skeptical triage** — each finding is challenged over multiple rounds by a skeptical reviewer that can grep the codebase to verify (or refute) defenses. An arbiter makes the final call.\n\nResults are saved as Markdown and JSON files for human review.\n\n## Current limitations\n\nThis is a v0.1 prototype. Please keep the following in mind:\n\n- **C\u002FC++ bias.** The prompts, few-shot examples, and heuristics are heavily tuned for C\u002FC++ memory safety vulnerabilities (buffer overflows, NULL derefs, integer overflows, type confusion). It will scan other languages but is much less effective there.\n- **False positives.** Even with multi-round triage, expect findings that don't hold up on closer inspection. Always verify manually.\n- **False negatives.** The scanner can miss entire vulnerability classes — logic bugs, race conditions, cryptographic issues, authentication bypasses, etc. A clean scan does not mean the code is safe.\n- **Single-file analysis.** Each file is scanned independently. Cross-file vulnerabilities that depend on interactions between compilation units will likely be missed.\n- **LLM-dependent.** Results vary with the model used. Different models will find different things and hallucinate different false positives.\n\n## Setup\n\n### Requirements\n\n- Python 3.8+\n- An OpenAI API key (for OpenAI models) or an OpenRouter API key (for other providers)\n- Optional: [ripgrep](https:\u002F\u002Fgithub.com\u002FBurntSushi\u002Fripgrep) (`rg`) for triage grep lookups\n- Optional: [Google codesearch](https:\u002F\u002Fgithub.com\u002Fgoogle\u002Fcodesearch) (`csearch`\u002F`cindex`) for faster grep on large repos\n\n### Install\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fweareaisle\u002Fnano-analyzer.git\ncd nano-analyzer\n# No dependency installation needed. Run directly:\npython3 scan.py --help\n```\n\n### API keys\n\nSet your API key as an environment variable:\n\n```bash\n# For OpenAI models (model names without a slash, e.g. \"gpt-5.4-nano\"):\nexport OPENAI_API_KEY=sk-...\n\n# For OpenRouter models (model names with a slash, e.g. \"qwen\u002Fqwen3-32b\"):\nexport OPENROUTER_API_KEY=sk-or-...\n```\n\nThe scanner determines which key to use based on the model name: if it contains a `\u002F`, it routes through OpenRouter; otherwise it uses the OpenAI API directly.\n\n## Usage\n\n### Basic scan\n\n```bash\n# Scan a single file\npython3 scan.py .\u002Fpath\u002Fto\u002Ffile.c\n\n# Scan a directory recursively\npython3 scan.py .\u002Fpath\u002Fto\u002Fsrc\u002F\n```\n\n### Common options\n\n```bash\n# Use a different model\npython3 scan.py .\u002Fsrc --model gpt-5.4\n\n# Control parallelism\npython3 scan.py .\u002Fsrc --parallel 30\n\n# Point triage grep at the full repo root (useful when scanning a subdirectory)\npython3 scan.py .\u002Flib\u002Fcrypto\u002F --repo-dir .\u002F\n\n# Only surface high-confidence findings\npython3 scan.py .\u002Fsrc --min-confidence 0.7\n\n# More triage rounds for higher accuracy (default: 5)\npython3 scan.py .\u002Fsrc --triage-rounds 7\n```\n\n### All flags\n\n| Flag | Default | Description |\n|------|---------|-------------|\n| `path` | *(required)* | File or directory to scan |\n| `--model` | `gpt-5.4-nano` | Model for all stages (context, scan, triage) |\n| `--parallel` | `50` | Max concurrent scan API calls |\n| `--triage-threshold` | `medium` | Triage findings at or above this severity |\n| `--triage-rounds` | `5` | Triage rounds per finding |\n| `--triage-parallel` | `50` | Max concurrent triage API calls |\n| `--max-connections` | `parallel + triage-parallel` | Total API call cap |\n| `--min-confidence` | `0.0` | Only show findings above this confidence (0.0–1.0) |\n| `--project` | directory name | Project name used in triage prompts |\n| `--repo-dir` | auto | Repo root for grep lookups (auto: parent dir for files, scan dir for folders) |\n| `--output-dir` | `~\u002Fnano-analyzer-results\u002F\u003Ctimestamp>\u002F` | Where to save results |\n| `--max-chars` | `200,000` | Skip files larger than this |\n| `--verbose-triage` | off | Show per-round triage progress |\n\n## Output\n\nResults are saved to `~\u002Fnano-analyzer-results\u002F\u003Ctimestamp>\u002F` (or `--output-dir`):\n\n```\n\u003Ctimestamp>\u002F\n├── summary.json              # machine-readable scan summary\n├── summary.md                # human-readable scan summary\n├── \u003Cfilename>.md             # raw scanner output per file\n├── \u003Cfilename>.context.md     # context briefing per file\n├── \u003Cfilename>.json           # full result data per file\n├── triages\u002F                  # detailed triage reasoning\n│   └── T0001_\u003Cfile>_\u003Ctitle>.md\n├── findings\u002F                 # findings that survived triage\n│   └── VULN-001_\u003Cfile>.md\n├── triage.json               # all triage verdicts\n└── triage_survivors.md       # summary of validated findings\n```\n\n## How triage works\n\nWhen a scan finds a medium-or-above severity issue, the triage pipeline kicks in:\n\n1. A skeptical reviewer examines the finding against the actual code and can **grep the codebase** to verify or refute claimed defenses.\n2. This repeats for multiple rounds (default: 5), with each reviewer seeing prior arguments and encouraged to find *new* evidence rather than rehash old points.\n3. A final **arbiter** reads all rounds and makes a VALID\u002FINVALID call.\n4. The confidence score (e.g. 80% \\[VVIVV→V\\]) reflects the fraction of rounds that said VALID.\n\nFindings that survive triage are written to the `findings\u002F` directory with full reasoning chains.\n\n## Disclaimer\n\nThis tool is a research prototype. It is not a replacement for professional security audits, manual code review, or established static analysis tools. Do not rely on it as your sole security assessment. Use at your own risk.\n\n## License\n\nApache License 2.0\n","Nano-analyzer 是由 AISLE 开发的一个基于大语言模型的极简零日漏洞扫描工具。其核心功能是通过三阶段的大语言模型流水线对源代码进行分析：首先生成上下文，接着扫描漏洞，最后进行多轮质疑审查以提高准确性。技术特点包括使用 Python 编写、单文件结构以及对 C\u002FC++ 内存安全漏洞的高度优化。适用于需要快速初步评估软件安全性的研究或开发场景，尤其在探索潜在内存安全问题时较为有效。需要注意的是，作为原型版本，它存在一定的误报率和漏报风险，并且主要针对 C\u002FC++ 代码优化，对于其他编程语言的支持有限。",2,"2026-06-11 02:43:19","CREATED_QUERY"]