A new AI tool named Vulnhuntr has been introduced, revolutionizing the way vulnerabilities are discovered in open-source projects.
This innovative tool leverages the power of large language models (LLMs) to find and explain complex, multi-step vulnerabilities, including remotely exploitable 0-day vulnerabilities, with unprecedented efficiency and accuracy.
Developed by Protect AI, Vulnhuntr has already made significant strides in uncovering vulnerabilities in popular projects with over 10,000 GitHub stars.
Vulnhuntr to Detect 0-days
In just a few hours of runtime, it has discovered more than a dozen 0-day vulnerabilities, including full-blown Remote Code Execution (RCE) vulnerabilities. These discoveries include vulnerabilities in projects such as gpt_academic, ComfyUI, FastChat, and Ragflow.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide (PDF)
The key to Vulnhuntr’s success lies in its ability to break down code into small, manageable chunks rather than overwhelming the LLM with multiple whole files.
This approach allows it to perform surgical strikes on the codebase, significantly decreasing false positives and false negatives.
By analyzing and reanalyzing code in a loop, Vulnhuntr maps out the complete path from user input to server output, providing detailed final analyses, proof-of-concept exploits, and confidence ratings for each vulnerability.
The tool focuses on a specific set of high-risk vulnerabilities, including LFI, AFO, RCE, XSS, SQLi, SSRF, and IDOR.
Vulnhuntr’s advanced prompt engineering techniques, including best practices prompt engineering, XML-based prompts, chain of thought prompting, and prefilled responses, guide the LLM through a series of logical steps to produce detailed reports on potential vulnerabilities, protect AI said.
This approach has shown extremely accurate results in narrowing down entire projects’ worth of code to just a few simple functions that bug hunters should focus on when looking for vulnerabilities.
While Vulnhuntr has limitations, such as currently only supporting Python and focusing exclusively on impactful, remotely exploitable vulnerabilities, its potential is vast.
The tool’s ability to create and logically understand the entire call chain of user input makes it a dramatic improvement over current generation static code analyzers.
The future of vulnerability hunting looks promising with Vulnhuntr. As LLMs continue to evolve, it is likely that context windows will expand to multi-million or even infinite tokens, making static code parsing less necessary.
However, even with infinite context windows, feeding the call chain code from user input to server output by manually parsing the code via static analysis will greatly limit false negatives and false positives in vulnerability hunting.
For those interested in testing out Vulnhuntr, the tool is available at https://huntr.com, an AI bug bounty program helping secure the exploding open-source AI ecosystem. Users can get paid to use Vulnhuntr to help secure the AI ecosystem.
Vulnhuntr represents a significant leap forward in the field of vulnerability discovery. Its innovative approach and advanced prompt engineering techniques make it a powerful tool for finding and explaining complex, multi-step vulnerabilities.
As the AI ecosystem continues to grow, tools like Vulnhuntr will play a crucial role in securing it. This tool can be downloaded from GitHub.
Key Features of Vulnhuntr:
- Advanced Prompt Engineering: Guides the LLM through a series of logical steps to produce detailed reports on potential vulnerabilities.
- LLM-Powered Call Chain Search: Analyzes and reanalyzes code in a loop to map out the complete path from user input to server output.
- Static Code Parsing: Uses a Python static analyzer to find relevant snippets of code, reducing false positives and false negatives.
- Support for Python: Currently supports Python, with plans to expand to other languages in the future.
- Focus on Impactful Vulnerabilities: Exclusively focuses on remotely exploitable vulnerabilities, including RCE, LFI, SSRF, XSS, IDOR, and SQLi.
How to Use Vulnhuntr:
- Basic Usage: Run
vulnhuntr.py -r /path/to/target/repo
to automatically analyze files that parse remote user input. - Targeted Usage: Run
vulnhuntr.py -r /path/to/target/repo -a subfolder/file.py
to analyze specific files that parse remote user input or perform server functionality.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here