Introduction
Static Application Security Testing (SAST) is essential for catching vulnerabilities early in the development lifecycle. While enterprise tools can be heavy and complex, I wanted to build a lightweight, fast, and intelligent scanner that could analyze source code, identify critical flaws, and generate immediate, actionable visual reports.
Introducing Next-Gen AI-Powered Universal SAST Agentβa local security scanner designed to hunt down vulnerabilities like SQL Injection, Command Injection, and Insecure Cryptography before they hit production.
How the Tool Works
The script analyzes the source code of a specified target directory file-by-file, parsing patterns that indicate bad security practices.
When executed via the terminal, it asks for the target directory path:
Bash
python3 sast_agent.py
[+] Enter folder path to scan: /path/to/your/project
It dynamically scans the workspace and flags the exact line numbers and code snippets where critical risks reside.
Key Vulnerabilities Detected
In my initial test runs, the agent successfully analyzed test files and flagged three massive security risks:
SQL Injection Risks: Identifies raw, unparameterized SQL strings dynamically concatenated with user input (e.g., SELECT * FROM users WHERE username = '...'+username).
Command Injection Risks: Flags dangerous system calls like os.system() that execute shell commands using unvalidated runtime variables.
Insecure Cryptography: Scans for broken or outdated hashing functions like hashlib.md5(), which are highly vulnerable to collision attacks.
Interactive Security Dashboards
Instead of flooding the terminal with hard-to-read text, the agent automatically compiles all findings into a professional, dark-themed HTML report called sast_security_report.html.
The dashboard visualizes:
Scan Summary: Total number of actionable threats found.
Threat Cards: Color-coded vulnerability breakdown (e.g., Pink/Red icons for severe risks).
Code References: The exact file path, vulnerable line number, and the specific snippet of code that triggered the alert.
Open Source & Next Steps
This project is completely open-source. My goal is to enhance its semantic understanding to catch complex logic flaws and lower false positives.
Check out the full source code, run a scan on your own applications, and contribute to the repository here:
π [https://github.com/walimuhamad185/SAST-VULN-SCANNER.git]
Video Demonstration
See the Next-Gen SAST Agent in action, running scans and generating the security report in real-time:
{https://drive.google.com/file/d/1m7Fg2Y0oEmB5ieiRqMYmYXCDmdltWVds/view?usp=sharing}
I would love to get feedback from fellow developers and security researchers on how to expand the scanning vectors!
Top comments (0)