KunLun-M is an open-source static white-box code analysis tool designed for automated vulnerability detection. It targets security researchers and developers, offering semantic scanning for PHP and JavaScript, with AI agent integration for streamlined workflows and enhanced accuracy.

How It Works

The system performs semantic analysis on PHP and JavaScript codebases to identify significant security issues and vulnerabilities. Its core innovation lies in seamless integration with AI agents like Codex and Claude Code, enabling one-click scanning and rapid iteration. This approach prioritizes accuracy and tooling experience for researchers over simply maximizing threat discovery.

Quick Start & Requirements

Requires Python 3.10+ (3.13+ recommended). Installation involves pip install -r requirements.txt, followed by python kunlun.py init for database setup and python kunlun.py config load to ingest rules. Docker installation is also supported. Usage includes CLI scanning (python kunlun.py scan -t <path>), reporting in JSON, Markdown, or HTML, and a web dashboard (python kunlun.py web). AI agent integration instructions are provided for automated setup.

Highlighted Details

• AI Agent Integration: Supports OpenClaw, Codex, Claude Code, Hermes for automated scanning.
• Language Support: Semantic analysis for PHP, JavaScript; basic scanning for Chrome extensions, Solidity.
• Reporting: Exports scan results in JSON, Markdown, and HTML formats.
• CI/CD Ready: Includes ci_scan.py for automated pipeline integration and gating.
• Extensible: Features a plugin system and supports custom rules and "tamper" scripts.

Maintenance & Community

Positioned as a long-term maintained open-source tool, it's part of the 404Team StarLink Project. Key contributors include LoRexxar (Core) and Vidar-Team, among others. Community interaction is facilitated through the StarLink initiative.

Licensing & Compatibility

The project's README does not explicitly state a software license, which may impact commercial use or derivative works.

Limitations & Caveats

While the core kernel is stable, the project's underlying philosophy is noted as less advanced compared to current trends, with development now leveraging AI for rapid iteration. Support is primarily focused on PHP and JavaScript semantic analysis.