Discover and explore top open-source AI tools and projects—updated daily.
openhackaiAgentic security scanner for codebases
Top 92.9% on SourcePulse
OpenHack provides an open-source agentic security scanner and verifier for codebases, offering a transparent alternative to proprietary solutions. It leverages exclusively open-source models to identify high-quality, verified vulnerabilities. This tool is designed for engineers, researchers, and power users seeking a comprehensive and auditable approach to code security analysis, delivering detailed findings with actionable fixes.
How It Works
The project utilizes a sophisticated multi-agent pipeline. It begins with Recon agents that build a deep, model-based understanding of the application and custom context. Specialized Hunter agents then identify potential vulnerabilities across various categories and risk areas. Validation agents review candidate findings for impact and accuracy, followed by Verification agents that perform sandbox and browser-based attacks to confirm exploits in a simulated or real environment.
Quick Start & Requirements
Installation is available via pipx install openhack, uv tool install openhack, or pip install openhack. An initial one-time setup involves logging into an OpenHack account via a browser to obtain an API token and receive free credits. For the advanced sandbox and browser verification features, Docker Desktop (or a compatible Docker daemon) is a mandatory prerequisite. Community support is available via Discord.
Highlighted Details
Maintenance & Community
Contributions are welcomed through GitHub issues and pull requests. A community Discord server is provided for user interaction and support.
Licensing & Compatibility
The project is licensed under the MIT License, which is permissive and generally allows for commercial use and integration into closed-source applications.
Limitations & Caveats
The sandbox and browser verification features are currently in Beta. These advanced verification steps are dependent on a correctly configured Docker environment. The core functionality relies on an OpenHack account login, indicating an integration with an external inference API for LLM operations.
4 weeks ago
Inactive