The world's first fully automated active security platform.
VulnPilot is a context-aware security assistant that finds, verifies, fixes, and explains vulnerabilities in real time. It combines live web-app testing, source-code analysis, replayable evidence, and AI-assisted remediation in one workflow.
A real-time dashboard streams logs, progress, and findings over WebSockets.
- Multi-stage pipeline:
init -> profile -> recon -> sca -> sast -> logic -> dast -> analysis - Live finding stream with remediation and replay evidence
Turn findings into secure code with one click.
- AI-powered refactoring for local source files
- Secure remediation snippets and developer-facing steps
Import real authenticated traffic and replay it during scanning for deeper pentest coverage.
- HAR import for many requests captured from a browser session
- cURL import for one important authenticated API request
- Replayable evidence with baseline request, mutated request, status delta, and replay cURL
- Bespoke AI fuzzing tied to discovered parameters and sinks
- Logic and IDOR auditing
- Dependency scanning
- Taint-chasing SAST to reduce false positives
git clone https://github.com/Abmarne/VulnPilot.git
cd VulnPilotCreate a .env file in backend/:
GOOGLE_API_KEY=your_gemini_key_here
GROQ_API_KEY=your_groq_key_hereBackend:
cd backend
python -m venv .venv
.venv\Scripts\python.exe -m pip install -r requirements.txtFrontend:
cd ../frontend
npm installBackend:
cd ../backend
.venv\Scripts\python.exe main.pyFrontend:
cd ../frontend
npm run devOpen http://localhost:3000.
Authenticated attack profiles help VulnPilot reach logged-in pages, dashboards, and internal APIs that a normal crawler may miss.
Import HAR means uploading a HAR file exported from your browser DevTools Network tab.
A HAR file contains real traffic from your session, including:
- request URLs
- HTTP methods
- headers
- cookies
- request bodies
Use HAR import when you want VulnPilot to learn a full authenticated workflow from a real browser session.
Import cURL Profile means pasting one real cURL command into the dashboard.
Use cURL import when you want to target one important authenticated API request quickly.
HAR: best for many requests captured from a browser sessioncURL: best for one specific API request or endpoint
In Chrome or Edge:
- Open DevTools.
- Open the
Networktab. - Log in and perform the actions you want VulnPilot to learn.
- Right-click the request list.
- Choose
Save all as HAR with content.
- Start the backend and frontend.
- Open
http://localhost:3000. - Enter the target URL in the main target field.
- Import one of the following:
- a HAR file in
Import HAR Profile - a cURL command in
Import cURL Profile
- a HAR file in
- Select the saved profile from
Saved Attack Profile. - Keep
Use profile requestsenabled. - Launch the scan.
curl https://example.com/api/me \
-H "Cookie: session=abc123" \
-H "Content-Type: application/json" \
-d "{\"q\":\"test\"}"When a profile is selected, VulnPilot will:
- replay the imported authenticated requests
- merge them with normal crawler discovery
- mutate real parameters, headers, and bodies
- attach replayable evidence to findings
Profiles are stored locally in a JSON file inside backend/.data/attack_profiles.json. No extra database setup is required.
Manual repository or target audit:
cd backend
.venv\Scripts\python.exe cli.py --target "https://your-site.com" --fail-on "High" --output "report.md"Apply security fixes to a local codebase:
cd backend
.venv\Scripts\python.exe cli.py --target "./" --apply-fix- Framework: FastAPI
- UI: Next.js
- Brain: Google Gemini / Groq
- Analysis: custom SAST + DAST + replayable request fuzzing
Secure code is a collective effort. Feel free to open issues or PRs to improve the scanner, remediation prompts, or fuzzing logic.