Share
## https://sploitus.com/exploit?id=4048E156-ED99-5267-BBF0-320E2C866948
๐ก๏ธ SmartContract VulnHunter
The ultimate smart contract security CLI framework for solo bug bounty researchers
---
## ๐ Overview
**SmartContract VulnHunter** orchestrates 15+ industry-leading security scanners, feeds the results to a Large Language Model (LLM) for deep analysis, generates Proof-of-Concept (PoC) exploits, and automatically produces submission-ready reports formatted specifically for major bug bounty platforms.
## ๐ Supported Languages & Chains
| Language | Scanners Included | Tool Details |
| --- | --- | --- |
| **Solidity** | 10 | Slither, Aderyn, Solhint, Semgrep, 4naly3er, Mythril, Echidna, Medusa, Foundry, Heimdall |
| **Rust / Solana** | 3 | Trident, sec3 X-ray, cargo-audit |
| **Vyper** | 1 | Vyper (Slither-backed) |
| **Cairo** | 1 | Caracal |
> **Total Arsenal:** 15 robust adapters ready out-of-the-box.
---
## โจ Core Features
### ๐ Scanner Orchestration
- **Async Execution:** Ultra-fast, semaphore-based concurrency wrapper limits performance bottlenecks.
- **Auto-Detection:** Detects toolsets dynamically based on availability.
- **Data Normalization:** Converts and normalizes all scanner outputs into valid SARIF format.
- **Smart Deduplication:** Fingerprint-based duplicate removal to eliminate noise.
### ๐ง LLM Deep Analysis Pipeline
- **Kimi K2.5 Integration:** Operates with OpenAI-compatible APIs dynamically.
- **6-Pass Auditor Pipeline:**
1. ***Protocol Understanding***
2. ***Attack Surface Mapping***
3. ***Invariant Violation Analysis***
4. ***Cross-Function Interaction***
5. ***Adversarial Modeling***
6. ***Boundary & Edge Cases***
- **Cost Reduction:** Intelligent context caching drastically reduces API spend.
- **Function Calling:** Grants the AI the ability to orchestrate tools autonomously.
### ๐ฏ PoC Auto-Generation
- Automatically generates robust **Foundry test cases**.
- Equipped with smart templates for:
- `Reentrancy`
- `Flash loans`
- `Oracle manipulation`
- `Access control`
- Automated `forge test --json` validation engine triggers autonomous iterative corrections.
### ๐ Platform-Specific Reporting
Automatically builds the markdown logic specifically suited to individual bug bounty platforms:
- **Immunefi:** Calculates explicit *funds-at-risk*.
- **Code4rena:** Respects the established *High / Medium / QA * split framework.
- **Sherlock:** Operates on strict *impact-based* matrices.
- **Codehawks:** Calculates reports using their standard *Impact ร Likelihood* logic.
---
## ๐ Getting Started
### Installation
```bash
pip install vulnhunter
```
### Quick Usage Guide
1. **Initialize your configuration**
```bash
vulnhunter config init
```
2. **Scan a target codebase**
```bash
vulnhunter scan ./my-contracts --tools slither,aderyn --parallel 5
```
3. **Generate a formalized platform report**
```bash
vulnhunter report ./results --platform immunefi --output report.md
```
4. **Prepare an advanced bounty submission**
```bash
vulnhunter bounty prepare findings.json --platform code4rena --output submission.md
```
---
## ๐๏ธ Architecture
```text
vulnhunter/
โโโ adapters/ # 15 external tool adapters
โโโ commands/ # Interactive CLI commands
โโโ config/ # TOML config & extendable plugin systems
โโโ core/ # Engine: Tasks, orchestration, SARIF parsing
โโโ llm/ # Kimi client & 6-pass pipeline
โโโ models/ # Data models: Findings, Fingerprint maps
โโโ poc/ # Exploit generator & Foundry runner
โโโ reporters/ # Markdown generation for target platforms
```
---
## โ๏ธ Configuration
Create a `vulnhunter.toml` at the root of your working directory to customize the experience:
```toml
[vulnhunter]
debug = false
[vulnhunter.scan]
timeout = 600
max_retries = 3
parallel = 5
[vulnhunter.llm]
api_key = "sk-xxxxxxxxxxxxxxx" # Or use VULNHUNTER_LLM__API_KEY env
model = "kimi-k2.5"
```
---
## ๐จโ๐ป Author
Created and maintained by **Abdelrehman Fouad**.
Catch me online to discuss Web3 security, bug bounties, and AI:
- **GitHub:** [@MaridWSH](https://github.com/MaridWSH)
- **X (Twitter):** [@AbdelrehmanFou2](https://x.com/AbdelrehmanFou2)
## ๐ License
This project is licensed under the [MIT License](LICENSE).