Show HN: Enter your domain and my open-source agent will hack it
github.comI built an open-source AI agent for security testing to find and fix vulnerabilities in your code.
I’ve noticed how bad security vulnerabilities have gotten with everyone shipping AI code slop, so I wanted to build something that allows for vibe-coding at full speed without compromising security.
Traditional security tools aren’t effective, and manual pen-testing can’t keep up with the rapidly growing AI code
This tool runs your code dynamically, finds vulnerabilities, and validates them through actual exploitation.
You can either run it against your codebase or enter your (or someone else’s) domain to scan for vulnerabilities.
Good luck, have fun, hack responsibly!
this is pretty insane stuff tbh, just found SQL injection vulnerabilities in one of my vibe coded projects!
very cool, just hacked my own site and found IDOR vulnerabilities.
ahmedallam3 A bit of a segue so bear with me. I just realized that a lot of people have a set it up once mindset. (Their API keys are probably being used without their consent and stored in multiple databases somewhere).
There is real niche here, and I'd swear to that. A ton of poorly made sites are flooding the internet.
(By poorly made, I mean Vibe Coded.)
I use AI much more now than I ever did in the last year as I have come to refine my process. (Not having it take the steering; I like a front seat buddy holding the map ha ha.)
Platforms that allow this to be done as easy as your usestrix `LLM_API_KEY: ="your-api-key", --target project-vibe-badges` can help keep this new dev/tech semi-power users, ride the AI wave with human-in-the-loop/safeties-on approach.
Sites can start earning badges; ai-slop-proof, proudly-vibe-coded, ...
Unsolicited advice:
│└── Dey well; Be well