Source Code Auditor

White-box zero-day hunting via multi-stage SAST and LLM-assisted analysis.

What It Does

Clones target repositories, runs Kali-integrated SAST tools (semgrep, gitleaks, trivy), generates vulnerability hypotheses using LLM analysis of code patterns, validates candidates against real exploitability criteria, and dispatches exploit agents for confirmed findings. Applies CVSS v3.1 scoring, CWE classification, and MITRE ATT&CK technique mapping.

Pipeline

1. Repository Acquisition — clone, submodule resolution, dependency graph construction
2. SAST Pre-Scanning — semgrep (multi-language rules), gitleaks (secret detection), trivy (dependency vulns)
3. Hypothesis Generation — LLM analyzes SAST output + code patterns to propose exploitation hypotheses
4. Candidate Validation — code flow tracing, reachability analysis, preconditions verification
5. Exploit Dispatch — confirmed candidates routed to exploitation or webapp-exploit-hunter agents
6. Reporting — CVSS v3.1 scoring, CWE classification, MITRE ATT&CK T-code mapping

When to Use

Use when you have source code access to a target application. Trigger via /source-code-auditor <repo-url>. Use --quick for SAST-only pass, --deep for full hypothesis generation and validation, and --validate <target-url> to test candidates against a live target.

Usage

RedTeamScript(skill="source-code-auditor", script="audit", args="--repo https://github.com/target/repo --mode deep --validate https://target.com")

Related

• Crypto Auditor
• Exploitation
• AI Threat Testing