ZeroHuntAI is an advanced, modular, and extensible source code vulnerability scanner designed to detect exploits and security weaknesses in local directories or GitHub repositories. Leveraging static code analysis, pattern matching, and AI-driven risk scoring, ZeroHuntAI empowers developers and security researchers to identify and mitigate threats like RCE, SQL Injection, XSS, and more.
Key Features
- Multi-Mode Scanning:
- Local Scanner: Recursively analyzes .py, .php, .js, .java, .c, .cpp, .go, and more.
- GitHub Scanner: Clones and scans repositories directly from URLs.
- Buffer Overflow, SQL Injection, Command Injection, Path Traversal, XSS, Authentication Flaws, Logic Bugs, and more.
- Extracts secrets from .env and configuration files.
- AST-based parsing for deep code insights.
- Regex pattern matching for risky functions (e.g., eval(), system(), mysqli_query()).
- Contextual vulnerability detection and data flow analysis.
- AI Risk Scoring:
- Mock LLM evaluation (placeholder) to classify risks as High, Medium, or Low.
- Future-ready for integration with models like GPT-4 or LLaMA.
- Exploitation Simulation:
- Runs simulated exploits (e.g., SQLi, XSS) in an isolated Docker environment.
- User Experience:
- CLI with colored output (via rich or colorama).
- Web dashboard for interactive report browsing.
- Exploitation Simulation Engine:
- Simulates exploits in a Docker sandbox and reports success (
) or failure (
). - Data Flow & Taint Analysis:
- Tracks variables from input to execution using tools like Bandit or Semgrep.
- Auto PoC Generator:
- Generates Python/Bash exploit scripts and PDF reports for each vulnerability.
- API Endpoint Analysis:
- Extracts and tests endpoints for IDOR, SSRF, and Auth Bypass.
- Interactive Call Graph:
- Visualizes function relationships and data flow in an HTML graph.
- Highlights exploitable paths in red.
- Call Graph
- Finds API keys, tokens, and sensitive data in code or configs.
- Integrates with CVE feeds to cross-check findings.
- Generates random payloads to test for Buffer Overflows and Logic Bugs.
- Auto Patch Generator:
- Suggests secure code fixes for detected issues.