Recently, at the No Hat security conference held in Italy, Protect AI, based in West Asia, announced the launch of an open-source tool named Vulnhuntr. The purpose of this tool is clear: to assist developers in identifying zero-day vulnerabilities in Python code through Anthropic's Claude AI model.
Vulnhuntr operates differently from traditional static code analysis tools. Instead of simply submitting code snippets for AI analysis, the tool automatically identifies project files that may handle remote user input.
Subsequently, Claude AI conducts in-depth analysis on these potential vulnerabilities. Throughout this process, Claude continuously requests functions, classes, and variables within the code to trace the entire call chain from user input to server output. This method effectively reduces the rates of false positives and false negatives, as it can read through the entire call chain rather than just analyzing small code snippets.
After optimizing with best practices for using Claude AI, Vulnhuntr's performance has significantly improved. Although it also supports OpenAI's GPT-4, the results are not as good as those from Claude. McInerney mentioned that Vulnhuntr has already identified over a dozen zero-day vulnerabilities in some large open-source Python projects that were previously undiscovered or unreported by the project maintainers.
Currently, Vulnhuntr focuses on seven types of remotely exploitable vulnerabilities, including arbitrary file overwriting, file, server-side request forgery, cross-site scripting, direct object references, SQL injection, and remote code execution. The tool scans projects that have garnered tens of thousands of stars on GitHub.
However, Vulnhuntr has some limitations; it currently supports only Python code and relies on Python static analyzers. When analyzing code, the AI generates a confidence score to help users judge the validity of vulnerabilities. Although the tool has made significant progress in detecting zero-day vulnerabilities, McInerney also pointed out that the results generated by AI may not always be consistent, so multiple runs may be necessary.
Vulnhuntr is expected to be released on GitHub, and Protect AI encourages more vulnerability hunters to use this tool for testing in open-source projects.
Key Points:
🌟 Vulnhuntr is an open-source tool that helps developers discover zero-day vulnerabilities in Python code using Claude AI.
🛠️ The tool's approach differs from static analysis, tracing the complete call chain from user input to server output.
🚀 Vulnhuntr has identified zero-day vulnerabilities in multiple large open-source projects and will be released on GitHub for developer use.