Share
## https://sploitus.com/exploit?id=3425602D-393A-5D45-9F1A-25CE9B343627
# ๐Ÿ›ก๏ธ Hybrid AI Vulnerability Analyzer & PoC/Exploit Generator

An automated, end-to-end vulnerability research pipeline that combines **Traditional Static Analysis** with **Large Language Models (LLMs)** to autonomously detect, analyze, and verify **Low-Level Memory Corruptions** (Buffer Overflow, Format String) in C/C++ source code.

Unlike traditional static scanners that only report *potential* flaws, this tool generates raw **PoC (Proof of Concept)** payloads and verifies them in a **local execution sandbox** to achieve **Zero False Positives**.

---

# Key Features

- **Smart Code Slicing (Heuristic AST)**  
  Automatically isolates vulnerable functions to prevent LLM context window exhaustion ("Lost in the Middle" syndrome).

- **LLM-Powered Root Cause Analysis**  
  Utilizes **Qwen2.5-Coder (7B)** to semantically understand memory flaws and formulate exploit strategies.

- **Automated Exploit Generation**  
  Forces the LLM to output pure, raw-byte Python payloads (overcoming OS padding and alignment mitigations).

- **Exploitability Verification Sandbox**  
  Automatically compiles the target C/C++ code, injects the generated payload via stdin, and monitors for **SIGSEGV (Memory Violation)** to definitively confirm **Remote Code Execution (RCE)** capabilities.

---

# Architecture Workflow

```
+----------------------+ 
| C/C++ Source Code    | 
+----------+-----------+ 
           | 
           v 
+----------------------+ 
| 1. Static Pre-Scan   | 
| Detect dangerous     | 
| sinks (strcpy, printf| 
+----------+-----------+ 
           | 
           v 
+----------------------+ 
| 2. Smart Code Slice  | 
| Extract vulnerable   | 
| function context     | 
+----------+-----------+ 
           | 
           v 
+----------------------+ 
| 3. LLM Reasoning     | 
| Root cause analysis  | 
+----------+-----------+ 
           | 
           v 
+----------------------+ 
| 4. PoC Generation    | 
| Python exploit code  | 
+----------+-----------+ 
           | 
           v 
+----------------------+ 
| 5. Sandbox Verify    | 
| Compile and execute  | 
+----------+-----------+ 
           | 
           v 
+----------------------+ 
| Exploit Confirmed    | 
| (SIGSEGV crash)      | 
+----------------------+
```
# Repository Structure

```
Hybrid-Vulnerability-Analyzer/
โ”œโ”€โ”€ analyzer/
โ”‚   โ””โ”€โ”€ hybrid_analyzer.py      # Core analysis engine & Sandbox
โ”œโ”€โ”€ examples/
โ”‚   โ”œโ”€โ”€ buffer_overflow/
โ”‚   โ”‚   โ”œโ”€โ”€ bof.c               # Test case: Stack Buffer Overflow
โ”‚   โ”‚   โ””โ”€โ”€ bofv2.c             # Test case: Advanced BOF
โ”‚   โ””โ”€โ”€ format_string/
โ”‚       โ””โ”€โ”€ fmt.c               # Test case: Format String Vulnerability
โ”œโ”€โ”€ setup/
โ”‚   โ””โ”€โ”€ SetUpEnv.ipynb          # Google Colab Backend (FastAPI + Cloudflare Tunnel)
โ”œโ”€โ”€ README.md
โ””โ”€โ”€ requirements.txt
```

---

# Quick Start

## Setup Backend (LLM Server)

Upload `setup/SetUpEnv.ipynb` to **Google Colab**.

1. Select **T4 GPU runtime**
2. Click **Run All**
3. Wait for the model to load via **4-bit quantization**
4. Copy the generated Cloudflare URL

Example:

```
https://xxxxx.trycloudflare.com
```

---

## Setup Frontend & Local LLM

### 1. Install Python Dependencies

Install the required Python packages:

```bash
pip install -r requirements.txt
```

---

### 2. Install Local LLM (Ollama)

If you prefer running the AI locally without relying on cloud infrastructure, you can run the LLM using **Ollama**.

First, download and install Ollama from the official website:

https://ollama.com/download

After installation, pull and run the **Qwen2.5-Coder (7B)** model:

```bash
ollama run qwen2.5-coder:7b
```

The first run will automatically download the model.

Once running, Ollama exposes a local API endpoint at:

```
http://127.0.0.1:11434
```

Keep the Ollama process running in the background while using the analyzer.

---

## Run the Analyzer

### Option A โ€” Remote Mode (Google Colab + Cloudflare)

```bash
python analyzer/hybrid_analyzer.py --mode remote --url https://xxxxx.trycloudflare.com --file examples/buffer_overflow/bof.c
```

---

### Option B โ€” Local Mode (Ollama)

If Ollama is running locally, the analyzer will automatically connect to the local API.

```bash
python analyzer/hybrid_analyzer.py --mode local --file examples/buffer_overflow/bof.c
```

---

# Example Output

```
[*] Reading source file
[*] Slicing code around line 107...

========== Vulnerability Report ==========
Vulnerability: Stack Buffer Overflow
Function: vulnerable_function
Exploitability Score: HIGH
==========================================

[+] Running Exploitability Verification Sandbox
[*] Compiling target source code...
[+] Compilation successful
[*] Generating payload using PoC script
[*] Executing target binary with payload

[!] EXPLOIT CONFIRMED: Target crashed (Memory violation detected)
```

---

# Future Roadmap

- [ ] Integrate **pwntools** for advanced exploit generation
- [ ] Support **heap vulnerabilities** (UAF, Double Free)
- [ ] Analyze mitigation bypass (**ASLR / NX / Canary**)

---

# โš ๏ธ Disclaimer

This project is developed for **Educational and Security Research purposes only**.

Do **NOT** use this tool on systems you do not own or have explicit permission to test.