README.md

metadata

title: Vulnerability Scanner
emoji: 🏢
colorFrom: gray
colorTo: blue
sdk: gradio
sdk_version: 5.47.0
app_file: app.py
pinned: false
license: mit

🛡️ AI-Powered GitHub Vulnerability Scanner

An advanced security analysis tool that leverages cutting-edge AI agents and Model Context Protocol (MCP) tools to perform comprehensive security analysis of GitHub repositories and individual files. This intelligent scanner provides detailed vulnerability assessments with actionable remediation guidance.

✨ Key Features

• 🤖 AI-Powered Detection: Uses advanced language models to understand code context and identify complex security issues
• � Dumal Analysis Mode: Analyze entire repositories or focus on specific files
• � Deeap Code Analysis: Scans for common security vulnerabilities including SQL injection, XSS, command injection, and more
• 📊 Comprehensive Reports: Generates detailed security reports with severity levels, line numbers, and remediation suggestions
• 🌐 Modern Web Interface: Enhanced Gradio interface with improved user experience
• 🔑 Secure API Integration: User-provided Hugging Face tokens for secure AI model access
• 🔗 GitHub Integration: Direct integration with GitHub repositories via MCP tools

🎯 Vulnerability Detection Capabilities

The scanner identifies various security vulnerabilities including:

• Command Injection - OS command execution flaws (os.system, exec, eval)
• Input Validation Issues - Unvalidated user inputs and missing parameter checks
• Error Handling Flaws - Unhandled exceptions and information disclosure
• Hardcoded Secrets - API keys, passwords, database credentials
• Unsafe Operations - File operations and deserialization without validation
• SQL Injection - Database query vulnerabilities
• Cross-Site Scripting (XSS) - Web application security issues
• Path Traversal - File system access vulnerabilities

🚀 Getting Started

Prerequisites

• Python 3.11+
• Hugging Face API Token (free account required)

Usage

1. Get a Hugging Face API Key:

   • Visit Hugging Face Settings
   • Create a free account if needed
   • Generate a new API token

2. Configure the Scanner:

   • Enter your Hugging Face API key in the provided field
   • The key is used securely and never stored

3. Start Analysis:

   • Paste a GitHub repository URL or specific file URL in the chat interface
   • Wait for the AI agent to analyze and generate a security report

🛠️ Technical Architecture

• Frontend: Enhanced Gradio web interface with modern theming
• AI Engine: Hugging Face Inference API with smolagents framework
• GitHub Integration: Custom MCP server for GitHub API access
• URL Parsing: Smart GitHub URL parser supporting both repositories and individual files
• Analysis Engine: Context-aware vulnerability detection with line-by-line analysis
• Report Generation: Structured security assessment with severity classification

📋 Dependencies

• gradio[oauth,mcp] - Web interface framework with MCP support
• smolagents - AI agent framework for intelligent code analysis
• requests - HTTP client library
• fastapi & uvicorn - API framework and server
• mcp - Model Context Protocol client
• pydantic - Data validation

🔒 Security & Privacy

• API Key Security: Your Hugging Face tokens are used securely and never stored
• Public Repository Access: Analyzes only publicly accessible GitHub repositories
• Responsible Use: Designed for legitimate security research and vulnerability assessment
• No Data Storage: Analysis results are not stored or logged

⚠️ Important Disclaimer

This tool is designed for legitimate security research and vulnerability assessment purposes only.

Do NOT use this scanner for:

• Malicious activities
• Unauthorized access attempts
• Any illegal purposes
• Scanning repositories without proper authorization

Always ensure you have proper authorization before scanning repositories that don't belong to you. The results should be used as a starting point for security analysis, not as a definitive security assessment.