Vulnhuntr: Open-source tool to identify remotely exploitable vulnerabilities

Vulnhuntr is an open-source tool that finds remotely exploitable vulnerabilities. It uses LLMs and static code analysis to trace how data moves through an application, from user input to server output. This helps it spot complex, multi-step vulnerabilities that traditional tools often miss.

“Vulnhuntr is basically one of the first LLM agents, before people were even talking about LLM agents. The core challenge is that you can’t just feed an entire codebase to an LLM. The context window is too limited, and the more irrelevant code you include, the more likely it is to miss real vulnerabilities or start hallucinating,” Dan McInerney, Threat Researcher for Protect AI and Vulnhuntr developer, told Help Net Security.

“We built an engine that lets the LLM read each file in a project to see if it handles remote user input like GET or POST parameters. If it does, the LLM traces where that input flows, even across files, by requesting the next class, function, or variable involved. Our engine finds that code, adds it to the LLM’s context, and the process repeats until the full call chain is mapped. Then the LLM analyzes the combined code for specific vulnerabilities like XSS, SQLi, or LFI using one tailored prompt per vuln type. That structure cut down hallucinations and helped the LLM reason through bypasses and even write full exploits. When we launched Vulnhuntr, we disclosed over a dozen 0-days in major open source projects, well before tools like Google’s Big Sleep,” McInerney explained.

Vulnhuntr is available for free on GitHub.

Must read:

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!