A minimal, LLM-powered scanner designed to detect zero-day vulnerabilities, particularly C/C++ memory safety bugs. It serves as a research prototype for engineers and researchers seeking a quick, automated first pass at identifying potential security flaws, offering a novel approach to vulnerability discovery and automated triage.

How It Works

Nano-analyzer employs a three-stage LLM pipeline within a single Python script. First, a context generation stage creates a security briefing for each source file, detailing its purpose, data flow, and buffer information. Second, the LLM scans the code function-by-function, using the generated context to identify potential zero-day vulnerabilities and outputting structured findings. Finally, a skeptical triage stage challenges each finding over multiple rounds, using code analysis (via grep or csearch) to verify or refute claims, with an arbiter making the final determination. This approach aims for automated, LLM-driven vulnerability detection with a built-in verification mechanism.

Quick Start & Requirements

• Install: Clone the repository (git clone https://github.com/weareaisle/nano-analyzer.git) and navigate into the directory (cd nano-analyzer). No pip installation is required.
• Prerequisites:
  • Python 3.8+
  • An API key for either OpenAI (OPENAI_API_KEY) or OpenRouter (OPENROUTER_API_KEY).
  • Optional: ripgrep (rg) for enhanced triage grep performance.
  • Optional: Google codesearch (csearch/cindex) for faster analysis on large codebases.
• Run: Execute directly using python3 scan.py <path_to_file_or_directory>. Use python3 scan.py --help for a full list of options.
• Links: GitHub Repository

Highlighted Details

• LLM-powered zero-day vulnerability scanner, with a strong bias towards C/C++ memory safety issues (e.g., buffer overflows, NULL dereferences).
• Features an automated, multi-round skeptical triage process to validate findings against the codebase.
• Outputs results in both human-readable Markdown and machine-readable JSON formats, including detailed triage reasoning.
• Configurable via command-line flags for model selection, parallelism, confidence thresholds, and triage depth.

Maintenance & Community

This project is presented as a research prototype shared "as-is" for open research. The README does not detail specific maintenance schedules, active contributors, or community support channels like Discord or Slack.

Licensing & Compatibility

• License: Apache License 2.0.
• Compatibility: The Apache 2.0 license is permissive and generally compatible with commercial use and linking within closed-source projects.

Limitations & Caveats

As a v0.1 prototype, users should "expect sharp corners." The scanner is heavily tuned for C/C++ memory safety and is less effective on other languages. It is prone to both false positives and false negatives, potentially missing entire classes of vulnerabilities (e.g., logic bugs, race conditions, cryptographic issues). Analysis is limited to single files, missing cross-compilation-unit vulnerabilities. Scan results are dependent on the LLM used, and the tool is explicitly not a replacement for professional security audits or established static analysis tools.