Security Auditor Plugin

A comprehensive security testing and vulnerability detection system that combines traditional security testing with advanced offline zero-day vulnerability hunting capabilities.

Overview

This security auditor provides two main capabilities:

Traditional Security Testing: 7 core security tests for identifying known vulnerabilities in your codebase.
Offline Zero-Day Hunter: Advanced pattern learning and similarity detection to discover potential zero-day vulnerabilities without any external API calls or network dependencies.

Key Features

Feature	Description
Offline Zero-Day Hunter	100% local, private vulnerability scanning. No external connections or API keys needed.
GitHub Actions Integration	Automated CI/CD security scans, pull request checks, and weekly audits.
Universal File Scanner	Analyzes binaries, text files, and archives on Windows, macOS, and Linux.
Cross-Platform Support	Works seamlessly across all major operating systems.
Multi-Language Support	Supports JavaScript, TypeScript, Python, Java, Go, Rust, PHP, Ruby, C, and C++.

Quick Start

Prerequisites

Node.js v14.0.0 or higher
npm package manager
Git (optional, for differential analysis features)

Installation & Execution

Clone the repository:

git clone https://github.com/RicheByte/beforeAuditor.git
cd beforeAuditor

Install dependencies:
```
npm install
```

Run Traditional Security Tests:

# Run all 7 security tests
node index.js

# Or use npm scripts
npm test
npm run security

Run Offline Zero-Day Hunter:

# First, run the one-time setup
node setup-offline-hunter.js

# Scan a project for zero-day vulnerabilities
node offline-zero-day-hunter.js --repo-path ./path/to/your/project

Detailed Hunter Usage:

# Scan a specific directory
node local-repo-analyzer.js --repo-path ./your-project

# Run complete offline analysis (all 4 phases)
node offline-zero-day-hunter.js --repo-path ./your-project

# Run in verbose mode for debugging
node offline-zero-day-hunter.js --repo-path ./src --verbose

(Optional) Learn from Open-Source Security Patches:

# Create a directory for learning
mkdir -p ./tmp/scanned-repos
cd ./tmp/scanned-repos

# Clone projects to learn from
git clone https://github.com/expressjs/express.git
git clone https://github.com/nodejs/node.git
cd ../..

# Run analysis to learn from their security patches
node offline-zero-day-hunter.js

Traditional Security Testing

This plugin runs 7 core security tests to find common vulnerabilities.

Test	Description	Detects
1. SAST	Static Analysis Security Testing	SQL injection, XSS, code injection, dangerous functions (`eval()`, `innerHTML`, `exec()`), insecure crypto patterns
2. Dependency Scanning	Vulnerability check using `npm audit`	Vulnerable packages categorized by severity (critical, high, moderate, low)
3. OWASP Dependency Check	Outdated dependency validation	Packages 2+ major versions behind, known CVEs
4. Hardcoded Secrets	Credential detection	Passwords, API keys, tokens, AWS credentials, GitHub tokens, private keys, JWT tokens
5. Code Pattern Analysis	Insecure coding pattern detection	SQL injection patterns, command injection, path traversal, weak cryptography (MD5, SHA1, DES)
6. Configuration Validation	Deployment security checks	`.env` file exposure, `.gitignore` completeness, CORS wildcard issues, security headers, HTTPS enforcement
7. Runtime Security	Security framework validation	helmet.js, input validation libraries (joi, yup, zod), logging frameworks, rate limiting, CSRF protection

Offline Zero-Day Hunter

The Zero-Day Hunter operates 100% locally in four phases to find previously unknown vulnerabilities.

Core Capabilities:

Complete Privacy: 100% local operation with no external connections, API keys, or network requests.
Local File and Directory Scanning: Analyze any files or folders on your system.
Differential Analysis: Learn from security patches in git commit history to identify new patterns.
Similarity Detection: Use fuzzy matching, n-gram analysis, and edit distance to find code similar to known vulnerabilities.
Intelligence Aggregation: Combine findings from multiple analysis methods to generate comprehensive reports.
Pattern Learning: Automatically update the vulnerability database based on new discoveries.

Four-Phase Analysis Process

Phase	Description
1. Local Analysis	Scans files for 15+ known vulnerability patterns (XSS, SQLi, SSRF, XXE, etc.).
2. Differential Analysis	Analyzes git commit history to learn new patterns from security patches and CVE fixes.
3. Similarity Detection	Uses fuzzy hashing, n-gram analysis, and Levenshtein distance to find code similar to known exploits.
4. Intelligence Aggregation	Combines all findings, calculates risk scores, and generates a final report.

Detection Methods

Pattern matching with 15+ vulnerability types
Fuzzy hash matching for similar code detection
N-gram tokenization analysis
Levenshtein distance calculation
Jaccard similarity for set comparison

Output Reports

All analysis results are saved locally in the following directories:

./intelligence-reports/
./local-analysis/
./differential-findings/
./similarity-findings/

Universal File Scanner

Analyze any file type across all major operating systems:

Binary Analysis: Executables (.exe), dynamic libraries (.dll, .so, .dylib), compiled modules
Platform Support: Windows, macOS, Linux
Malware Detection: String extraction, suspicious API detection, shellcode pattern identification
File Type Coverage: Text files, binaries, archives, firmware, and more

Complete documentation available in UNIVERSAL_SCANNER_GUIDE.md.

Configuration

Traditional Tests Configuration

Customize tests by creating a security-plugin.config.json file:

{
  "tests": ["sast", "dependencies", "owasp", "secrets", "patterns", "config", "runtime"],
  "severity": "high",
  "ignore": ["node_modules", "dist", "build"],
  "stopOnCritical": false
}

tests: Array of test identifiers to execute. Valid values: "sast", "dependencies", "owasp", "secrets", "patterns", "config", "runtime"
severity: Minimum severity level to report. Valid values: "critical", "high", "moderate", "low"
ignore: Array of directories or file patterns to exclude from scanning
stopOnCritical: Boolean flag to halt execution immediately upon detecting critical vulnerabilities
feeds: Optional external vulnerability sources. Example:
```
"feeds": {
  "ossIndex": { "enabled": true, "user": "your-oss-username", "token": "your-oss-token" },
  "nvdMirror": "./data/nvd-mirror.json"
}
```
Set ossIndex to false to disable the feed or provide custom url, user, and token fields. Credentials can also be supplied via the OSS_INDEX_USER and OSS_INDEX_TOKEN environment variables. Use nvdMirror to point at a local NVD JSON mirror (supports standard CVE_Items format).

Zero-Day Hunter Configuration

Configure the hunter using command-line arguments:

# Specify custom repository path
node offline-zero-day-hunter.js --repo-path /path/to/analyze

# Enable verbose logging
node offline-zero-day-hunter.js --verbose

# Combine options
node offline-zero-day-hunter.js --repo-path ./src --verbose

Similarity Detection Threshold: Modify the threshold in similarity-detector.js to adjust matching sensitivity:

Meta-Learning Enhancements

AST Semantic Modeling: Lightweight graph neural network learns semantic code relationships from parsed abstract syntax trees to reduce false positives.
Transformer-Inspired Feedback Loop: Validation feedback retrains the semantic model and adjusts pattern weights, improving confidence scores over time.

const threshold = 0.8;  // 80% similarity required (default)
// Lower values (e.g., 0.6) increase sensitivity but may produce more false positives
// Higher values (e.g., 0.9) reduce false positives but may miss subtle variations

Vulnerability Database Management

The vulnerability knowledge base is stored in vulnerability-intelligence.json. To rebuild or update:

# Rebuild database with default patterns
node build-vuln-database.js

# Update database with differential analysis findings
node differential-analyzer.js

CI/CD Integration

Automate your security scans with GitHub Actions, GitLab CI, or Jenkins.

GitHub Actions

Create .github/workflows/security.yml:

name: Security Vulnerability Scan

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]
  schedule:
    - cron: '0 0 * * *'  # Daily at midnight UTC

jobs:
  traditional-security-tests:
    name: Traditional Security Tests
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
      
      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '18'
      
      - name: Install dependencies
        run: npm install
      
      - name: Run security tests
        run: node index.js
      
      - name: Upload security report
        if: always()
        uses: actions/upload-artifact@v3
        with:
          name: security-report
          path: ./security-report.json

  zero-day-hunter:
    name: Offline Zero-Day Hunter
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
      
      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '18'
      
      - name: Install dependencies
        run: npm install
      
      - name: Setup zero-day hunter
        run: node setup-offline-hunter.js
      
      - name: Run zero-day analysis
        run: node offline-zero-day-hunter.js --repo-path .
      
      - name: Upload intelligence reports
        if: always()
        uses: actions/upload-artifact@v3
        with:
          name: zero-day-reports
          path: ./intelligence-reports/

GitLab CI

Create .gitlab-ci.yml:

stages:
  - security

traditional_security_scan:
  stage: security
  image: node:18
  script:
    - npm install
    - node index.js
  artifacts:
    reports:
      junit: security-report.xml
    paths:
      - security-report.json
  only:
    - merge_requests
    - main
    - develop

zero_day_hunter:
  stage: security
  image: node:18
  script:
    - npm install
    - node setup-offline-hunter.js
    - node offline-zero-day-hunter.js --repo-path .
  artifacts:
    paths:
      - intelligence-reports/
      - local-analysis/
      - similarity-findings/
  only:
    - main
    - develop

Jenkins Pipeline

pipeline {
    agent any
    
    stages {
        stage('Security Scan') {
            steps {
                nodejs(nodeJSInstallationName: 'Node 18') {
                    sh 'npm install'
                    sh 'node index.js'
                    sh 'node setup-offline-hunter.js'
                    sh 'node offline-zero-day-hunter.js --repo-path .'
                }
            }
        }
    }
    
    post {
        always {
            archiveArtifacts artifacts: 'intelligence-reports/**/*', allowEmptyArchive: true
            archiveArtifacts artifacts: 'security-report.json', allowEmptyArchive: true
        }
    }
}

Exit Codes and Return Values

Exit Code 0: All security tests passed successfully, no critical vulnerabilities detected.
Exit Code 1: Critical or high-severity vulnerabilities detected, manual review required.

Use these codes to fail your CI/CD pipeline:

node index.js || exit 1

📈 Security Scoring System

Traditional Tests Score Ranges

90-100: ✅ Excellent - Minimal security concerns, production-ready.
70-89: 👍 Good - Minor issues present, recommended fixes available.
50-69: ⚠️ Needs Improvement - Multiple security concerns requiring attention.
0-49: ❌ Critical - Severe vulnerabilities detected, immediate action required.

The score is calculated based on tests passed vs. failed, severity of vulnerabilities, and presence of hardcoded secrets or insecure configurations.

Zero-Day Hunter Risk Scoring

A separate risk score is calculated for zero-day findings: Risk Score Formula: Risk Score = (Critical × 10) + (High × 5) + (Medium × 2) + (Low × 1)

Risk Levels:

0-20: MINIMAL - Low risk, standard monitoring recommended.
21-50: MODERATE - Medium risk, review findings and prioritize fixes.
51-100: HIGH - Elevated risk, immediate investigation required.
100+: CRITICAL - Severe risk, emergency response needed.

Example Output

Traditional Security Test Output

============================================================
   Security Auditor - 7 Core Security Tests
============================================================

-- TEST 1: SAST - Static Analysis Security Testing
[PASS] No dangerous SAST patterns detected

-- TEST 2: Dependency Scanning
[WARN] Found 3 HIGH severity vulnerabilities
  Recommendation: Run 'npm audit fix --force'

-- TEST 3: OWASP - Outdated Dependencies Check
[PASS] All dependencies are up to date

-- TEST 4: Secrets Detection
[PASS] No hardcoded secrets detected

-- TEST 5: Code Pattern Analysis
[PASS] No suspicious code patterns detected

-- TEST 6: Configuration & Security Validation
[PASS] All 8 configuration checks passed

-- TEST 7: Runtime Security Setup
[WARN] Runtime security: 2 recommendations
  Recommendation: Consider adding helmet, joi/yup, winston, express-rate-limit

============================================================
SECURITY SCAN RESULTS
============================================================

Passed:   5
Warnings: 2
Failed:   0

Completed in 2.34 seconds

Security Score: 85/100 (GOOD)

Zero-Day Hunter Output

============================================================
Offline Zero-Day Vulnerability Hunter
============================================================
100% Local - No API calls - Complete Privacy

Scans: Local directories, files, and git repositories
Repository Path: ./src
Verbose Mode: Enabled
============================================================
Phase 1/4: Local Pattern Analysis
============================================================
Scanning directory: ./src
Files scanned: 247
Vulnerabilities found: 12
  - Critical: 1
  - High: 3
  - Medium: 6
  - Low: 2
Results saved to: ./local-analysis/local-analysis-1234567890.json
============================================================
Phase 2/4: Differential Analysis
============================================================
Analyzing git repositories: 5
Security commits found: 23
New patterns extracted: 8
Vulnerability database updated
Results saved to: ./differential-findings/differential-1234567890.json
============================================================
Phase 3/4: Similarity Detection
============================================================
Comparing against known vulnerabilities
Similarity threshold: 0.80 (80%)
Similar code patterns found: 5
Methods used:
  - Fuzzy hash matching
  - N-gram analysis
  - Levenshtein distance
Results saved to: ./similarity-findings/similarity-scan-1234567890.json
============================================================
Phase 4/4: Intelligence Aggregation
============================================================
Aggregating findings from all phases
Total findings: 25
High-confidence findings: 7
Multi-source detections: 3
Risk Score: 45/100 (MODERATE)

Reports generated:
  - ./intelligence-reports/intelligence-report-1234567890.json
  - ./intelligence-reports/intelligence-report-1234567890.txt
============================================================
Analysis Complete
============================================================
Recommendations:
  1. Review 7 high-confidence findings immediately
  2. Investigate 3 multi-source detections (detected by multiple methods)
  3. Consider fixing 12 medium/low severity issues
  4. Vulnerability database updated with 8 new patterns

Intelligence Report Sample (Text Format)

============================================================
ZERO-DAY VULNERABILITY INTELLIGENCE REPORT
============================================================
Generated: 2025-10-31 14:32:15
Analysis Duration: 45.3 seconds
------------------------------------------------------------
SUMMARY
------------------------------------------------------------
Total Findings: 25
  - Critical: 1
  - High: 3
  - Medium: 6
  - Low: 15

High-Confidence Findings: 7
Multi-Source Detections: 3
Risk Score: 45/100 (MODERATE)
------------------------------------------------------------
HIGH-CONFIDENCE FINDINGS
------------------------------------------------------------
[1] SQL Injection Vulnerability
    File: ./src/api/user-controller.js:45
    Severity: CRITICAL
    Confidence: 95%
    Pattern: Unsanitized user input in SQL query
    Detection Methods: Pattern Match, Similarity Detection
    
    Code Snippet:
    const query = `SELECT * FROM users WHERE id = ${req.params.id}`;
    
    Recommendation: Use parameterized queries or ORM

[2] Command Injection Risk
    File: ./src/utils/file-processor.js:123
    Severity: HIGH
    Confidence: 88%
    Pattern: User input passed to exec() without sanitization
    Detection Methods: Pattern Match, Differential Analysis
    
    Code Snippet:
    exec(`convert ${userFilename} output.png`);
    
    Recommendation: Validate and sanitize filename, use safer alternatives

[3] Cross-Site Scripting (XSS)
    File: ./src/views/render.js:67
    Severity: HIGH
    Confidence: 92%
    Pattern: Unsanitized data rendered to DOM
    Detection Methods: Pattern Match, Similarity Detection
    
    Code Snippet:
    element.innerHTML = userInput;
    
    Recommendation: Use textContent or sanitize HTML input
------------------------------------------------------------
RECOMMENDATIONS
------------------------------------------------------------
IMMEDIATE ACTION REQUIRED:
- Fix 1 critical SQL injection vulnerability
- Address 3 high-severity findings

SHORT TERM:
- Review and remediate 6 medium-severity issues
- Update input validation across the application

LONG TERM:
- Implement comprehensive input validation framework
- Add security testing to CI/CD pipeline
- Schedule regular security audits
------------------------------------------------------------
VULNERABILITY DATABASE UPDATES
------------------------------------------------------------
New patterns learned: 8
Total patterns in database: 78
Database last updated: 2025-10-31 14:32:15
============================================================
END OF REPORT
============================================================

System Requirements and Dependencies

Required Dependencies

Runtime Environment: Node.js version 14.0.0 or higher
Package Manager: npm
Built-in Modules: fs, path, crypto, child_process

Optional Dependencies for Enhanced Features

Advanced Static Analysis: semgrep (pip install semgrep)
Dependency Management: npm-check-updates (npm install -g npm-check-updates)
Differential Analysis: git

No External API Dependencies

The offline zero-day hunter operates entirely without external API calls.

No GitHub API requests
No external vulnerability databases
No cloud-based analysis services
All processing occurs locally on your machine for complete privacy.

Security Best Practices

Pre-Deployment Security Validation

Always run security tests before deploying to production:

# Run security tests, only deploy if they pass
node index.js && npm run deploy

Git Pre-Commit Hook Integration

Prevent committing vulnerable code using git hooks.

Using Husky:

# Install husky
npm install --save-dev husky

# Initialize husky
npx husky install

# Add pre-commit hook
npx husky add .husky/pre-commit "node index.js"

Manual hook creation (.git/hooks/pre-commit):

#!/bin/sh
node index.js
if [ $? -ne 0 ]; then
    echo "Security tests failed. Commit rejected."
    exit 1
fi

Regular Dependency Maintenance

# Fix known vulnerabilities
npm audit fix

# Update all dependencies to latest compatible versions
npm update

# Check for major version updates
npx npm-check-updates

Critical Security Guidelines

Never commit secrets: Use environment variables and .env files (add to .gitignore).
Fix critical vulnerabilities before deployment: Address all critical and high-severity findings.
Update outdated dependencies: Regularly update packages to patch known vulnerabilities.
Validate all user input: Implement input validation on all user-supplied data.
Use parameterized queries: Never concatenate user input into SQL queries.
Enable security headers: Use Helmet.js or equivalent.
Implement rate limiting: Protect APIs from abuse.

Roadmap and Future Enhancements

Planned Features

Container and Infrastructure Security: Trivy integration, Dockerfile scanning, Kubernetes manifest analysis.
Compliance and Reporting: License compliance checks, SBOM generation, OWASP Top 10 reporting.
Advanced Analysis: Custom rule engine, ML-based anomaly detection, API security testing (REST, GraphQL).
Integration and Notifications: Slack, Discord, and Microsoft Teams integration.
Report Generation: HTML dashboard, PDF reports, CSV export.
Additional Scanning Capabilities: Infrastructure as Code (IaC) scanning, mobile application analysis.

Contributing

Contributions are welcome and encouraged.

Fork the repository on GitHub
Create a feature branch (git checkout -b feature/your-feature-name)
Implement your changes with appropriate tests
Run security tests to ensure no vulnerabilities introduced (node index.js)
Commit your changes with descriptive commit messages
Push to your fork (git push origin feature/your-feature-name)
Submit a pull request with detailed description of changes

Areas for Contribution:

New vulnerability detection patterns
Additional programming language support
Performance optimizations
Documentation improvements
Bug fixes and issue resolution

Support and Community

Issue Reporting: Report bugs and issues on GitHub Issues. Please include reproduction steps and environment details.
Getting Help: Review the comprehensive documentation in the documentations/ directory.

Acknowledgments

This project uses patterns and techniques inspired by:

OWASP Top 10 security risks
SANS Top 25 most dangerous software errors
CWE (Common Weakness Enumeration)
CVE (Common Vulnerabilities and Exposures) database
Security research from the open-source community

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
.github/workflows		.github/workflows
ai-findings		ai-findings
intelligence-reports		intelligence-reports
local-analysis		local-analysis
similarity-findings		similarity-findings
test-files		test-files
zero-day-findings		zero-day-findings
.gitignore		.gitignore
README.md		README.md
ai-vulnerability-scanner.js		ai-vulnerability-scanner.js
banner.png		banner.png
build-vuln-database.js		build-vuln-database.js
create-test-files.js		create-test-files.js
demo-vulnerable.js		demo-vulnerable.js
differential-analyzer.js		differential-analyzer.js
example-meta-learning.js		example-meta-learning.js
index.js		index.js
intelligence-aggregator.js		intelligence-aggregator.js
local-repo-analyzer.js		local-repo-analyzer.js
meta-learning-data.json		meta-learning-data.json
meta-learning-report.json		meta-learning-report.json
meta-learning.js		meta-learning.js
offline-zero-day-hunter.js		offline-zero-day-hunter.js
package.json		package.json
repo-miner.js		repo-miner.js
security-plugin.config.json		security-plugin.config.json
semantic-learning.js		semantic-learning.js
setup-github-actions.js		setup-github-actions.js
setup-offline-hunter.js		setup-offline-hunter.js
similarity-detector.js		similarity-detector.js
vulnerability-intelligence.json		vulnerability-intelligence.json
zero-day-hunter.js		zero-day-hunter.js

RicheByte/beforeAuditor

Folders and files

Latest commit

History

Repository files navigation