Skip to content

AutoSecScan v0.1.0

Latest

Choose a tag to compare

@jhammant jhammant released this 03 Jul 15:23

LLM-assisted, self-hosted security scanner for continuous automated pen-testing of your own assets — free & open source.

Highlights

  • Unified scanning: network/host (nmap, nuclei) + code/deps/secrets/IaC (semgrep, trivy, gitleaks, osv-scanner) in one run.
  • LLM triage: false-positive filtering, severity re-ranking, plain-English explanations, concrete fixes, exec summary. Robust on local/weak models.
  • Agentic mode (--agent): the LLM manages the pen-test — discovers, follows the evidence, can install tools and write its own sandboxed probes.
  • Pluggable LLMs: Ollama, LM Studio (incl. abliterated/reasoning), Claude Code Router, Anthropic, aiondemand, any OpenAI endpoint — by size tier & flavor.
  • Continuous: per-target state (alerts only on new findings) + Slack/Discord webhooks; cron & git-hook installers.
  • Reports: JSON, HTML, PDF, SARIF, NDJSON.
  • Privacy: secrets redacted before any hosted LLM; `local_only` keeps everything on-box.

Install

See the README for the full tour. 79 tests, CI-verified, MIT.