AutoSecScan performs active security scanning (port scans, vulnerability probes, and — when enabled — active tools and model-written probes). Running it against systems you do not own or lack explicit, written authorization to test is illegal in most jurisdictions (e.g. the U.S. Computer Fraud and Abuse Act, the U.K. Computer Misuse Act, and equivalents worldwide).
By using this software you attest that you are authorized to scan every target you point it at. The authors accept no liability for misuse. The tool is built to make misuse hard:
- Hard allowlist — nothing outside
authorization.authorized_hosts/authorized_reposis ever scanned. Unlisted targets are refused before any packet is sent. - Per-run attestation — every run requires
--i-have-permission(or an interactive confirmation). - No global override — there is intentionally no "scan anything" switch, and agent-proposed targets are re-checked against the allowlist every step.
- Local LLMs (Ollama, LM Studio) keep all scan data on your machine.
- Hosted LLMs (Anthropic, remote aiondemand, OpenAI): findings — which can
contain secrets — are redacted before being sent (
llm.redact_secrets, on by default). Setllm.local_only: trueto refuse hosted providers entirely. - Reports contain sensitive findings; they are written
0600. Store them accordingly and set a retention policy.
--allow-codegenlets the LLM write and run code. It is sandboxed in Docker (isolated filesystem, capped resources) by default; thesubprocesssandbox is UNSANDBOXED and should only be used in a throwaway VM. Do not enable codegen for multi-tenant or untrusted deployments.--allow-toolsruns additional tools (e.g. sqlmap) that perform more active testing; scope them to targets you own.
Please report security issues privately to the maintainers rather than via a public issue. Include reproduction steps and impact.