[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-72425":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":16,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":23,"hasPages":21,"topics":24,"createdAt":10,"pushedAt":10,"updatedAt":30,"readmeContent":31,"aiSummary":32,"trendingCount":16,"starSnapshotCount":16,"syncStatus":33,"lastSyncTime":34,"discoverSource":35},72425,"vulnhuntr","protectai\u002Fvulnhuntr","protectai","Zero shot vulnerability discovery using LLMs","",null,"Python",2676,309,34,11,0,5,21,44.07,"GNU Affero General Public License v3.0",false,"main",true,[25,26,27,28,29],"ai","llm","security","static-analysis","vulnerability-detection","2026-06-11 04:05:11","\u003Cdiv align=\"center\">\n\n  \u003Cimg width=\"250\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Fd1153ab4-df29-4955-ad49-1be7fad18bb3\" alt=\"Vulnhuntr Logo\">\n\nA tool to identify remotely exploitable vulnerabilities using LLMs and static code analysis.\n\n**World's first autonomous AI-discovered 0day vulnerabilities**\n\n\u003C\u002Fdiv>\n\n## Description\nVulnhuntr leverages the power of LLMs to automatically create and analyze entire code call chains starting from remote user input and ending at server output for detection of complex, multi-step, security-bypassing vulnerabilities that go far beyond what traditional static code analysis tools are capable of performing. See all the details including the Vulnhuntr output for all the 0-days here: [Protect AI Vulnhuntr Blog](https:\u002F\u002Fprotectai.com\u002Fthreat-research\u002Fvulnhuntr-first-0-day-vulnerabilities)\n\n## Vulnerabilities Found\n\n> [!TIP]\n> Found a vulnerability using Vulnhuntr? Submit a report to [huntr.com](https:\u002F\u002Fhuntr.com) to get $$ and submit a PR to add it to the list below!\n\n> [!NOTE]\n> This table is just a sample of the vulnerabilities found so far. We will unredact as responsible disclosure periods end.\n\n| Repository | Stars | Vulnerabilities |\n| - | - | - |\n| [gpt_academic](https:\u002F\u002Fgithub.com\u002Fbinary-husky\u002Fgpt_academic) | 67k | [LFI](https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2024-10100), [XSS](https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2024-10101) |\n| [ComfyUI](https:\u002F\u002Fgithub.com\u002Fcomfyanonymous\u002FComfyUI) | 66k | [XSS](https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2024-10099) |\n| [Langflow](https:\u002F\u002Fgithub.com\u002Flangflow-ai\u002Flangflow) | 46k | RCE, IDOR |\n| [FastChat](https:\u002F\u002Fgithub.com\u002Flm-sys\u002FFastChat) | 37k | [SSRF](https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2024-10044) | \n| [Ragflow](https:\u002F\u002Fgithub.com\u002Finfiniflow\u002Fragflow) | 31k | [RCE](https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2024-10131) |\n| [LLaVA](https:\u002F\u002Fgithub.com\u002Fhaotian-liu\u002FLLaVA) | 21k | [SSRF](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2024-9309) |\n| [gpt-researcher](https:\u002F\u002Fgithub.com\u002Fassafelovic\u002Fgpt-researcher) | 17k | [AFO](https:\u002F\u002Fgithub.com\u002Fassafelovic\u002Fgpt-researcher\u002Fpull\u002F935) |\n| [Letta](https:\u002F\u002Fgithub.com\u002Fletta-ai\u002Fletta) | 14k | [AFO](https:\u002F\u002Fgithub.com\u002Fletta-ai\u002Fletta\u002Fpull\u002F2067) | \n\n## Limitations\n\n- Only Python codebases are supported.\n- Can only identify the following vulnerability classes:\n  - Local file include (LFI)\n  - Arbitrary file overwrite (AFO)\n  - Remote code execution (RCE)\n  - Cross site scripting (XSS)\n  - SQL Injection (SQLI)\n  - Server side request forgery (SSRF)\n  - Insecure Direct Object Reference (IDOR)\n\n## Installation\n\n> [!IMPORTANT]\n> Vulnhuntr strictly requires Python 3.10 because of a number of bugs in Jedi which it uses to parse Python code. It will not work reliably if installed with any other versions of Python.\n\nWe recommend using [pipx](https:\u002F\u002Fgithub.com\u002Fpypa\u002Fpipx) or Docker to easily install and run Vulnhuntr.\n\nUsing Docker:\n```bash\ndocker build -t vulnhuntr https:\u002F\u002Fgithub.com\u002Fprotectai\u002Fvulnhuntr.git#main\n```\n\nUsing pipx:\n```bash\npipx install git+https:\u002F\u002Fgithub.com\u002Fprotectai\u002Fvulnhuntr.git --python python3.10\n```\n\nAlternatively you can install directly from source using poetry:\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fprotectai\u002Fvulnhuntr\ncd vulnhuntr && poetry install\n```\n\n## Usage\n\nThis tool is designed to analyze a GitHub repository for potential remotely exploitable vulnerabilities. The tool requires an API key and the local path to a GitHub repository. You may also optionally specify a custom endpoint for the LLM service.\n\n> [!CAUTION]\n> Always set spending limits or closely monitor costs with the LLM provider you use. This tool has the potential to rack up hefty bills as it tries to fit as much code in the LLMs context window as possible. \n\n> [!TIP]\n> We recommend using Claude for the LLM. Through testing we have had better results with it over GPT.\n\n### Command Line Interface\n\n```\nusage: vulnhuntr [-h] -r ROOT [-a ANALYZE] [-l {claude,gpt,ollama}] [-v]\n\nAnalyze a GitHub project for vulnerabilities. Export your ANTHROPIC_API_KEY\u002FOPENAI_API_KEY before running.\n\noptions:\n  -h, --help            show this help message and exit\n  -r ROOT, --root ROOT  Path to the root directory of the project\n  -a ANALYZE, --analyze ANALYZE\n                        Specific path or file within the project to analyze\n  -l {claude,gpt,ollama}, --llm {claude,gpt,ollama}\n                        LLM client to use (default: claude)\n  -v, --verbosity       Increase output verbosity (-v for INFO, -vv for DEBUG)\n```\n### Examples\nFrom a pipx install, analyze the entire repository using Claude:\n\n```bash\nexport ANTHROPIC_API_KEY=\"sk-1234\"\nvulnhuntr -r \u002Fpath\u002Fto\u002Ftarget\u002Frepo\u002F\n```\n\n> [!TIP]\n> We recommend giving Vulnhuntr specific files that handle remote user input and scan them individually.\n\nFrom a pipx install, analyze the `\u002Fpath\u002Fto\u002Ftarget\u002Frepo\u002Fserver.py` file using GPT-4o. Can also specify a subdirectory instead of a file:\n\n```bash\nexport OPENAI_API_KEY=\"sk-1234\"\nvulnhuntr -r \u002Fpath\u002Fto\u002Ftarget\u002Frepo\u002F -a server.py -l gpt \n```\n\nFrom a docker installation, run using Claude and a custom endpoint to analyze \u002Flocal\u002Fpath\u002Fto\u002Ftarget\u002Frepo\u002Frepo-subfolder\u002Ftarget-file.py:\n\n```bash\ndocker run --rm -e ANTHROPIC_API_KEY=sk-1234 -e ANTHROPIC_BASE_URL=https:\u002F\u002Flocalhost:1234\u002Fapi -v \u002Flocal\u002Fpath\u002Fto\u002Ftarget\u002Frepo:\u002Frepo vulnhuntr:latest -r \u002Frepo -a repo-subfolder\u002Ftarget-file.py\n```\n\n*Experimental*\n\nOllama is included as an option, however we haven't had success with the open source models structuring their output correctly.\n\n```bash\nexport OLLAMA_BASE_URL=http:\u002F\u002Flocalhost:11434\u002Fapi\u002Fgenerate\nexport OLLAMA_MODEL=llama3.2\nvulnhuntr -r \u002Fpath\u002Fto\u002Ftarget\u002Frepo\u002F -a server.py -l ollama\n``` \n\n## Logic Flow\n![VulnHuntr logic](https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F7757b053-36ff-425e-ab3d-ab0100c81d49)\n- LLM summarizes the README and includes this in the system prompt\n- LLM does initial analysis on an entire file and reports any potential vulnerabilities\n- Vulnhuntr then gives the LLM a vulnerability-specific prompt for secondary analysis\n- Each time the LLM analyzes the code, it requests additional context functions\u002Fclasses\u002Fvariables from other files in the project\n- It continues doing this until the entire call chain from user input to server processing is complete then gives a final analysis\n- The final analysis consists of it's reasoning, a proof of concept exploit, and a confidence score\n\n>[!TIP]\n> Generally confidence scores \u003C 7 mean there's unlikely a vulnerability. Confidence scores of 7 mean it should be investigated, and confidence scores of 8+ mean it is very likely to be a valid vulnerability.\n\n## Output\n\nThe tool generates a detailed report of the vulnerabilities found in the analyzed files. The report includes:\n\n- Initial assessment results for each file.\n- Secondary assessment results with context functions and class references.\n- Confidence scores for vulnerabilities found.\n- Logs of the analysis process.\n- PoC exploit\n\nBelow is an example of a Vulnhuntr report describing a 0-day remote code execution vulnerability in [Ragflow](https:\u002F\u002Fgithub.com\u002Finfiniflow\u002Fragflow) (now fixed):\n\n```\nscratchpad:\n  1. Analyzing the add_llm function in llm_app.py. 2. Identified user input used as keys to access dictionaries: EmbeddingModel, ChatModel, RerankModel,\nCvModel, and TTSModel. 3. These dictionaries contain class references, which are instantiated with user-supplied parameters. 4. The factory variable is \ndirectly used from user input (req['llm_factory']) without proper validation. 5. The llm_name is also derived from user input in most cases. 6. The \ninstantiation of these classes occurs in try-except blocks, but exceptions are only used for error messages, not preventing execution. 7. The api_key \nand other sensitive information are passed directly to these instantiated classes. 8. There's no comprehensive input validation or sanitization for the \nfactory or llm_name variables. 9. The vulnerability is in a route decorated with @login_required, indicating it's accessible to authenticated users. 10.\nReviewing the EmbeddingModel, ChatModel, RerankModel, CvModel, and TTSModel dictionaries to understand their contents and potential for exploitation.\n----------------------------------------\n\nanalysis:\n  The add_llm function in llm_app.py contains a critical Remote Code Execution (RCE) vulnerability. The function uses user-supplied input \n(req['llm_factory'] and req['llm_name']) to dynamically instantiate classes from the EmbeddingModel, ChatModel, RerankModel, CvModel, and TTSModel \ndictionaries. This pattern of using user input as a key to access and instantiate classes is inherently dangerous, as it allows an attacker to \npotentially execute arbitrary code. The vulnerability is exacerbated by the lack of comprehensive input validation or sanitization on these \nuser-supplied values. While there are some checks for specific factory types, they are not exhaustive and can be bypassed. An attacker could potentially\nprovide a malicious value for 'llm_factory' that, when used as an index to these model dictionaries, results in the execution of arbitrary code. The \nvulnerability is particularly severe because it occurs in a route decorated with @login_required, suggesting it's accessible to authenticated users, \nwhich might give a false sense of security.\n----------------------------------------\n\npoc:\n  POST \u002Fadd_llm HTTP\u002F1.1\n  Host: target.com\n  Content-Type: application\u002Fjson\n  Authorization: Bearer \u003Cvalid_token>\n  \n  {\n      \"llm_factory\": \"__import__('os').system\",\n      \"llm_name\": \"id\",\n      \"model_type\": \"EMBEDDING\",\n      \"api_key\": \"dummy_key\"\n  }\n  \n  This payload attempts to exploit the vulnerability by setting 'llm_factory' to a string that, when evaluated, imports the os module and calls system. \nThe 'llm_name' is set to 'id', which would be executed as a system command if the exploit is successful.\n----------------------------------------\n\nconfidence_score:\n  8\n----------------------------------------\n\nvulnerability_types:\n  - RCE\n----------------------------------------\n```\n\n## Logging\n\nThe tool logs the analysis process and results in a file named `vulhuntr.log`. This file contains detailed information about each step of the analysis, including the initial and secondary assessments.\n\n\n## Authors\n\n- Dan McInerney: dan@protectai.com, [@DanHMcinerney](https:\u002F\u002Fx.com\u002FDanHMcInerney)\n- Marcello Salvati: marcello@protectai.com, [@byt3bl33d3r](https:\u002F\u002Fx.com\u002Fbyt3bl33d3r)\n","Vulnhuntr 是一个利用大语言模型（LLM）和静态代码分析技术来识别远程可利用漏洞的工具。其核心功能在于能够自动创建并分析从远程用户输入到服务器输出的整个代码调用链，从而检测出复杂且多步骤的安全绕过漏洞，这些漏洞是传统静态分析工具难以发现的。该项目特别适用于Python代码库中的安全审计工作，能够有效识别包括本地文件包含、任意文件覆盖、远程代码执行等在内的多种类型的安全漏洞。由于采用了先进的AI技术，Vulnhuntr在零日漏洞发现方面展现出了显著的优势。",2,"2026-06-11 03:42:01","high_star"]