SakiX 🪓

n/a

SakiX 🪓

One vuln
at a time

Category

Artificial Inteligence

Industry

Date

January 16, 2025

SakiX 🪓

Overview

SakiX 🪓 is a powerful CLI application designed to automate code analysis by leveraging Semgrep and GPT Large Language Models (LLMs). The tool aims to streamline the process of identifying and validating code vulnerabilities in a user-defined directory. Additionally, SakiX 🪓 supports a multi-agent system for thorough file analysis and utilizes MongoDB for efficient data storage and retrieval.

Features

  • Automated Code Analysis: Use Semgrep to analyze code for vulnerabilities.
  • LLM Validation: Validate Semgrep findings using an advanced LLM.
  • Multi-Agent Analysis: Analyze a specified file with the support of a multi-agent system.
  • MongoDB Integration: Store and manage data efficiently in MongoDB.

Installation

Prerequisites

  • Python Python 3.11+
  • MongoDB
  • Semgrep
  • Required Python libraries (install using requirements.txt)

Steps

  1. Clone the repository:

    1git clone https://github.com/sentry-cybersecurity/SakiX.git 2cd SakiX
  2. Install the required Python libraries:

    1pip install -r requirements.txt
  3. Ensure MongoDB is running on your machine.

Usage

To run the main script with various functionalities, use the following command format:

1sakix.py [-h] {upload,view,semgrep,semgrep_llm,llm_scan} ...

Positional Arguments

  • {semgrep,semgrep_llm,llm_scan}: The action you wish to perform.

    • semgrep: Run Semgrep on a zip file from MongoDB.
    • semgrep_llm: Run LLM validation on Semgrep findings.
    • llm_scan: Run LLM scan on a specified file.

Options

  • -h, --help: Show the help message and exit.

Example Commands

  • Run Semgrep analysis on a directory:
    1sakix.py semgrep --target-path TARGET_DIRECTORY_PATH_TO_SCAN --config p/semgrep-registry
  • Validate Semgrep findings using an LLM:
    1sakix.py semgrep_llm --all 2sakix.py semgrep_llm --item-id ITEM_ID_FROM_MONGODB
  • Launch an LLM scan on a file:
    1sakix.py llm_scan --file-path TARGET_FILE_PATH_TO_SCAN

Contributing

Contributions are welcome! Feel free to open an issue or submit a pull request with your enhancements or bug fixes.

License

This project is licensed under the AGPL-3.0 license - see the LICENSE file for details.

Code of Ethics

SakiX is designed to enhance code security through automated analysis and should be used responsibly and ethically. Users are expected to adhere to the following principles to prevent misuse:

  • Authorized Use Only: Use SakiX only on codebases for which you have explicit permission to analyze. Unauthorized scanning of third-party or proprietary code is strictly prohibited.
  • Respect Privacy and Confidentiality: Handle all code and data with the utmost confidentiality. Do not disclose or distribute sensitive information uncovered during analysis.
  • Compliance with Laws and Regulations: Comply with all applicable local, national, and international laws and regulations when using SakiX.
  • No Malicious Intent: Do not use SakiX to identify vulnerabilities for malicious purposes, such as exploiting or compromising systems.
  • Contribution to Security Community: Share findings and improvements responsibly, contributing to the overall security and integrity of software systems.
  • Transparency and Accountability: Maintain transparency in your actions and be accountable for how you use SakiX, ensuring that your use aligns with ethical standards.
  • Commercial Use: Commercial use of SakiX is strictly prohibited.

Disclaimer: This tool is designed strictly for educational purposes and to help security professionals and enthusiasts identify and remediate vulnerabilities. The author takes no responsibility for any misuse of this tool. Users are solely responsible for obtaining proper authorization before using it on any system or network. Any illegal or unethical use of this tool is strictly prohibited. Use responsibly and always adhere to ethical hacking guidelines.

By using SakiX, you agree to adhere to this Code of Ethics and understand that misuse can lead to legal consequences and harm to individuals and organizations.

Happy hunting with SakiX 🪓