Releases: jhammant/AutoSecScan
Releases · jhammant/AutoSecScan
Release list
AutoSecScan v0.1.0
LLM-assisted, self-hosted security scanner for continuous automated pen-testing of your own assets — free & open source.
Highlights
- Unified scanning: network/host (nmap, nuclei) + code/deps/secrets/IaC (semgrep, trivy, gitleaks, osv-scanner) in one run.
- LLM triage: false-positive filtering, severity re-ranking, plain-English explanations, concrete fixes, exec summary. Robust on local/weak models.
- Agentic mode (
--agent): the LLM manages the pen-test — discovers, follows the evidence, can install tools and write its own sandboxed probes. - Pluggable LLMs: Ollama, LM Studio (incl. abliterated/reasoning), Claude Code Router, Anthropic, aiondemand, any OpenAI endpoint — by size tier & flavor.
- Continuous: per-target state (alerts only on new findings) + Slack/Discord webhooks; cron & git-hook installers.
- Reports: JSON, HTML, PDF, SARIF, NDJSON.
- Privacy: secrets redacted before any hosted LLM; `local_only` keeps everything on-box.
Install
- `curl -fsSL https://raw.githubusercontent.com/jhammant/AutoSecScan/main/install.sh | bash`
- `pip install autosecscan` · `docker run --rm ghcr.io/jhammant/autosecscan doctor`
- Claude Code: `/plugin marketplace add jhammant/AutoSecScan` → `/plugin install security-scan@autosecscan`
- CI: `uses: jhammant/AutoSecScan@v0.1.0`
See the README for the full tour. 79 tests, CI-verified, MIT.