Vulnhuntr is an AI-powered tool for discovering zero-day, remotely exploitable vulnerabilities in Python codebases. It targets security researchers and developers by automating the detection of complex, multi-step vulnerabilities that traditional static analysis tools often miss, providing detailed reports and proof-of-concept exploits.

How It Works

Vulnhuntr employs Large Language Models (LLMs) to trace call chains from user input to server output. It performs an initial analysis of files, then iteratively requests contextual information (functions, classes) from other project files to build a complete understanding of potential vulnerability paths. This approach allows it to identify intricate vulnerabilities that span multiple code components.

Quick Start & Requirements

• Installation: Recommended via pipx install git+https://github.com/protectai/vulnhuntr.git --python python3.10 or Docker.
• Prerequisites: Python 3.10 is strictly required. LLM API keys (Anthropic, OpenAI, or Ollama) are necessary.
• Setup: Minimal setup time if Python 3.10 and LLM API keys are available.
• Docs: Protect AI Vulnhuntr Blog

Highlighted Details

• Claims to have discovered multiple zero-day vulnerabilities in popular open-source projects like Langflow, FastChat, and LLaVA.
• Supports multiple LLM providers including Claude, OpenAI (GPT), and Ollama.
• Generates detailed reports including reasoning, confidence scores, and proof-of-concept exploits.
• Focuses on identifying specific vulnerability classes: LFI, AFO, RCE, XSS, SQLI, SSRF, IDOR.

Maintenance & Community

• Developed by Dan McInerney and Marcello Salvati from Protect AI.
• Community interaction details (Discord/Slack) are not explicitly mentioned in the README.

Licensing & Compatibility

• The README does not explicitly state a license. Compatibility for commercial use or closed-source linking is not specified.

Limitations & Caveats

Currently, Vulnhuntr only supports Python codebases and has not achieved success with open-source models for Ollama due to output structuring issues. The tool can incur significant LLM costs if not monitored.