Ethical Hacking News
Researchers have developed a new tool called Vulnhuntr that uses Large Language Models (LLMs) to identify zero-day vulnerabilities in Python code. The tool has already identified over a dozen zero-day vulnerabilities in large open-source projects, making it a significant breakthrough in the field of vulnerability detection.
Vulnhuntr detects zero-day vulnerabilities in Python code using Large Language Models (LLMs) and has been shown to identify complex, multi-step vulnerabilities missed by traditional static code analyzers. The tool analyzes the entire call chain from user input to server output without blowing its context window, resulting in a significant reduction in false positives and negatives. Vulnhuntr can reveal complex vulnerabilities that might otherwise go unnoticed, such as Arbitrary File Overwrite (AFO) and SQL Injection (SQLi). The tool has already identified over a dozen zero-day vulnerabilities in large, open-source Python projects, including one that was not previously known or reported. Vulnhuntr has limitations, including only working on Python code and relying on access to a Python static analyzer, which may generate false positives. The tool's usage costs around $0.50-$3 per project, depending on the size of the project.
The world of cybersecurity is a complex and ever-evolving landscape, where the threat of vulnerabilities and exploits lurks around every corner. As technology continues to advance at an unprecedented pace, so too do the methods used by malicious actors to breach even the most seemingly secure systems. In recent times, researchers have made significant strides in developing tools that can detect vulnerabilities within software codebases using Large Language Models (LLMs). One such tool, Vulnhuntr, has recently garnered attention for its ability to identify zero-day vulnerabilities in Python code.
Vulnhuntr was announced at the No Hat security conference in Italy on Saturday, marking a significant breakthrough in the field of vulnerability detection. Developed by Protect AI, a Seattle-based research firm, Vulnhuntr utilizes Anthropic's Claude AI model to analyze Python code and detect potential vulnerabilities. This innovative approach enables the tool to identify complex, multi-step vulnerabilities that traditional static code analyzers may miss.
According to Dan McInerney, lead AI threat researcher at Protect AI, who developed the software with colleague Marcello Salvati, Vulnhuntr's unique approach allows it to analyze the entire call chain from user input to server output without blowing its context window. This results in a significant reduction in false positives and negatives compared to current static code analyzers.
"The tool does not simply paste some code from the project and ask for analysis," explained McInerney. "It automatically finds project files that are likely to handle remote user input, Claude analyzes that for potential vulnerabilities, then for each potential vulnerability Claude is given a vulnerability-specific highly optimized prompt and enters a loop." This intelligent request process enables Vulnhuntr to intelligently request functions, classes, and variables from elsewhere in the code continually until it completes the entire call chain without blowing its context window.
In contrast to other tools, which often flag specific functions with known security implications, such as eval(), McInerney claims that Vulnhuntr can reveal complex vulnerabilities that might otherwise go unnoticed. The tool's ability to analyze the entire call chain and its focus on seven types of remotely exploitable vulnerabilities – Arbitrary File Overwrite (AFO), Local File Inclusion (LFI), Server-Side Request Forgery (SSRF), Cross-Site Scripting (XSS), Insecure Direct Object References (IDOR), SQL Injection (SQLi), and Remote Code Execution (RCE) – set it apart from other tools in the market.
Vulnhuntr has already identified more than a dozen zero-day vulnerabilities in large, open-source Python projects. These vulnerabilities were not previously known or reported to their project maintainers, highlighting the tool's potential impact on cybersecurity. Ragflow, one of the projects with vulnerable code spotted less than 90 days ago, is the only project McInerney is aware of that has fixed its identified bug.
However, it is worth noting that Vulnhuntr has some limitations. It only works on Python code at the moment and relies on access to a Python static analyzer. As a result, the tool may generate false positives when scanning projects that incorporate code in other languages. Additionally, since the Claude API isn't free, users of the tool will incur costs for its usage.
"My average use of it is to identify the one or two files in a project that handle remote user input and tell the tool to do analysis on just those couple files," said McInerney. "When used this way, it averages less than $0.50 of token usage. It will automatically find these network-related files as well, but it's a broad search that often sees it scanning 10-20 files instead of the 1-2 that give the best results usually. Depending on project size, scanning all the network-related files will still only cost ~$1-$3."
The release of Vulnhuntr marks a significant milestone in the development of vulnerability detection tools utilizing LLMs. As the threat landscape continues to evolve, it is likely that such tools will become increasingly important in detecting vulnerabilities and identifying potential threats.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/10/20/python_zero_day_tool/
Published: Sun Oct 20 04:14:15 2024 by llama3.2 3B Q4_K_M
