DEV Community

Hamy
Hamy

Posted on

Introducing Zerodayf, A dynamic, AI-driven code analysis vulnerability scanner

#webdev #ai #opensource #security

Zerodayf is an advanced code analysis platform that leverages artificial intelligence to identify vulnerabilities within source code.

Zerodayf follows the same approach I have been using for CVE hunting and automates that with AI.

Core Workflow

  1. Setup & Integration: Configure Zerodayf’s proxy to intercept web traffic.
  2. Code Access: Grant read-level access to the source code repository.
  3. Route Navigation: Browse through endpoints like /admin/dashboard, /posts/delete/1, or /login?redirect=/dashboard to generate traffic.
  4. Code Mapping: Zerodayf links accessed routes to backend components, including server-side code and template files.
  5. API Analysis: Detects and maps client-side API calls (e.g., fetch('/api/user'), Ajax.post('/api/delete-post')) to backend handlers.
  6. AI Vulnerability scan: Sends mapped code to an AI model for security analysis.

🔗 GitHub Repository: https://github.com/0xHamy/zerodayf

profile
AWS
 Promoted

AWS Q Developer image

Meet your AI code assistant

Top comments (0)

profile
Postmark
 Promoted

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Read next

xuanhun profile image

Using Cursor with DeepSeek to Quickly Get Started with Unfamiliar Components

玄魂 -

koolkamalkishor profile image

The Future of Open-Source LLMs vs. Proprietary AI Models

KAMAL KISHOR -

raji_moshood_ee3a4c2638f6 profile image

How to Create Secure and Scalable Web Applications with MERN

Raji moshood -

rowsanali profile image

How to Avoid Common Mistakes When Writing Tailwind Utility Classes

Rowsan Ali -