{"id":48543964,"url":"https://github.com/holasoymalva/gemini-bug-hunter","last_synced_at":"2026-04-08T06:01:52.700Z","repository":{"id":332876974,"uuid":"1135338085","full_name":"holasoymalva/gemini-bug-hunter","owner":"holasoymalva","description":"Gemini Bug Hunter is an AI-first CLI tool that helps developers find, understand, and fix security vulnerabilities in their codebases using Gemini 3 (Next Gen) as the core intelligence engine.","archived":false,"fork":false,"pushed_at":"2026-01-31T22:21:59.000Z","size":273,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-01T10:19:05.600Z","etag":null,"topics":["agent","agentic-ai","agents","cybersecurity","cybersecurity-tools","gemini","gemini-ai","gemini-api","gemini-cli","gemini-pro","hacking","hacking-tool","llm","llms"],"latest_commit_sha":null,"homepage":"https://holasoymalva.github.io/gemini-bug-hunter/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/holasoymalva.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-16T00:48:28.000Z","updated_at":"2026-01-31T22:22:02.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/holasoymalva/gemini-bug-hunter","commit_stats":null,"previous_names":["holasoymalva/gemini-bug-hunter"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/holasoymalva/gemini-bug-hunter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/holasoymalva%2Fgemini-bug-hunter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/holasoymalva%2Fgemini-bug-hunter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/holasoymalva%2Fgemini-bug-hunter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/holasoymalva%2Fgemini-bug-hunter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/holasoymalva","download_url":"https://codeload.github.com/holasoymalva/gemini-bug-hunter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/holasoymalva%2Fgemini-bug-hunter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31542384,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T16:28:08.000Z","status":"online","status_checked_at":"2026-04-08T02:00:06.127Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","agentic-ai","agents","cybersecurity","cybersecurity-tools","gemini","gemini-ai","gemini-api","gemini-cli","gemini-pro","hacking","hacking-tool","llm","llms"],"created_at":"2026-04-08T06:01:51.871Z","updated_at":"2026-04-08T06:01:52.694Z","avatar_url":"https://github.com/holasoymalva.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e  \n  \n  \u003cimg width=\"438\" height=\"188\" alt=\"image\" src=\"https://github.com/user-attachments/assets/20f1e804-f500-42eb-9db2-90d9e5b982dd\" /\u003e\n\n  # 🛡️ Gemini Bug Hunter\n\n  ### AI-Powered Security Vulnerability Hunter (CLI)\n\u003c/div\u003e\n\n\u003e **Gemini Bug Hunter** is an AI-first CLI tool that helps developers **find, understand, and fix security vulnerabilities** in their codebases using **Gemini 2.5 and Gemini 3 (Next Gen) as the core intelligence engine**.\n\nInspired by tools like **Gemini-CLI** and **Claude-Code**, Gemini Bug Hunter brings **ethical hacking and AppSec workflows** directly into the developer terminal.\n\n---\n\n## 🚀 Vision\n\nSecurity tools are often:\n\n* Too noisy\n* Too complex\n* Too disconnected from developer workflows\n\n**Gemini Bug Hunter** solves this by using **Gemini 2.5 and Gemini 3 (Next Gen) as the main reasoning engine** to:\n\n* Understand code context\n* Detect vulnerabilities\n* Explain real-world risks\n* Propose secure fixes\n* Apply safe auto-remediations\n\n---\n\n## 🧠 Core Principle\n\n\u003e **Gemini 3 is not an assistant — it is the brain of the system.**\n\nAll vulnerability analysis, risk reasoning, and fix generation are driven by Gemini 3.\n\n---\n\n## 🛠️ Tech Stack\n\n* **Node.js** (v18+)\n* **JavaScript (ES2022+)**\n* **Gemini 2.5 Flash and Gemini 3** (Next Gen Analysis Engine)\n* **Premium CLI Experience** (ASCII Art, Animations, Gradients)\n* CLI Framework: `commander`\n* Output Styling: `chalk`, `cli-table3`, `boxen`\n* File traversal: `glob`\n* Config: `.env` + `default.js`\n\n---\n\n## 📦 Installation\n\n### Prerequisites\n\n- Node.js 18 or higher\n- Gemini API Key ([Get one here](https://aistudio.google.com/app/apikey))\n- **Gemini Model**: Uses `gemini-2.5-flash` by default (configurable)\n\n### Setup\n\n```bash\n# Clone the repository\ngit clone https://github.com/holasoymalva/gemini-bug-hunter.git\ncd gemini-bug-hunter\n\n# Install dependencies\nnpm install\n\n# Configure environment\ncp .env.example .env\n# Edit .env and add your GEMINI_API_KEY\n\n# Test installation\nnpm start doctor\n```\n\n### Global Installation\n\nTo use `gbh` from anywhere in your terminal:\n\n```bash\n# 1. Install globally\nnpm install -g gemini-bug-hunter\n\n# 2. Set your API Key globally (Run once)\ngbh config set-key \u003cYOUR_GEMINI_API_KEY\u003e\n\n# 3. Ready to scan!\ngbh scan\n```\n\n---\n\n## 🧪 CLI Commands\n\n### Scan for Vulnerabilities\n\n```bash\n# Scan current directory\ngbh scan\n\n# Scan specific file or directory\ngbh scan ./src\n\n# Output to JSON file\ngbh scan --output report.json\n\n# JSON output to stdout\ngbh scan --json\n\n# Interactive Auto-Fix Mode\ngbh scan --fix\n```\n\n\u003e **Note**: The `--fix` option will interactively prompt you to apply AI-generated fixes for each vulnerability found.\n\n### Check System Health\n\n```bash\ngbh doctor\n```\n\n### View Configuration\n\n```bash\ngbh config\n```\n\n### Explain Vulnerability\n\n```bash\ngbh explain \"SQL Injection\"\ngbh explain \"XSS\"\n```\n\n---\n\n## 🔍 How It Works\n\n1. **Collect** - Scans project files based on configured patterns\n2. **Sanitize** - Redacts secrets and sensitive data\n3. **Analyze** - Sends code to Gemini 3 with structured prompts\n4. **Parse** - Extracts structured vulnerability data\n5. **Score** - Calculates risk scores using weighted algorithms\n6. **Report** - Displays beautiful, actionable reports\n\n---\n\n## 🤖 Gemini 3 Integration\n\n### System Prompt\n\nGemini receives a carefully crafted system prompt that instructs it to:\n\n- Act as a professional ethical hacker\n- Focus on OWASP Top 10 vulnerabilities\n- Avoid false positives\n- Return structured JSON responses\n- Provide actionable recommendations\n\n### Response Schema\n\n```json\n{\n  \"projectRiskScore\": 0-100,\n  \"riskLevel\": \"LOW|MEDIUM|HIGH|CRITICAL\",\n  \"summary\": \"string\",\n  \"vulnerabilities\": [\n    {\n      \"id\": \"string\",\n      \"title\": \"string\",\n      \"severity\": \"LOW|MEDIUM|HIGH|CRITICAL\",\n      \"confidence\": 0-1,\n      \"category\": \"string\",\n      \"file\": \"string\",\n      \"line\": number,\n      \"description\": \"string\",\n      \"impact\": \"string\",\n      \"exploitationScenario\": \"string\",\n      \"recommendation\": \"string\",\n      \"secureCodeExample\": \"string\",\n      \"autoFixSafe\": boolean\n    }\n  ]\n}\n```\n\n---\n\n## 📊 Risk Scoring\n\nThe tool calculates risk scores using:\n\n- **Severity** (40% weight) - CRITICAL, HIGH, MEDIUM, LOW\n- **Confidence** (30% weight) - How certain is the detection\n- **Exploitability** (20% weight) - How easy to exploit\n- **Impact** (10% weight) - Business impact\n\nFinal score: **0-100%**\n\n---\n\n## 🔐 Security \u0026 Privacy\n\n✅ **Explicit consent** before sending code to Gemini  \n✅ **Automatic secret redaction** (API keys, passwords, tokens)  \n✅ **No remote storage** of source code  \n✅ **Configurable privacy settings**  \n\n---\n\n## 🗂️ Project Structure\n\n```\ngemini-bug-hunter/\n├── cli/\n│   └── index.js              # Main CLI entry point\n├── engine/\n│   ├── gemini/\n│   │   └── client.js         # Gemini API client\n│   ├── scanner/\n│   │   └── scanner.js        # Code scanner\n│   └── risk/\n│       └── calculator.js     # Risk scoring\n├── reporter/\n│   └── console.js            # CLI reporter\n├── config/\n│   └── default.js            # Default configuration\n├── .env.example              # Environment template\n├── package.json\n└── README.md\n```\n\n---\n\n## 🎯 Supported Vulnerability Categories\n\n- SQL Injection\n- XSS (Cross-Site Scripting)\n- CSRF (Cross-Site Request Forgery)\n- Authentication Issues\n- Authorization Issues\n- Sensitive Data Exposure\n- Security Misconfiguration\n- Insecure Deserialization\n- Using Components with Known Vulnerabilities\n- Insufficient Logging \u0026 Monitoring\n- Command Injection\n- Path Traversal\n- Hardcoded Secrets\n- Weak Cryptography\n- Race Conditions\n\n---\n\n## 📈 Example Output\n\n```\n🛡️  GEMINI BUG HUNTER REPORT\n\n📊 Risk Assessment\n\n  Risk Score: 81% ████████████████████\n  Risk Level: HIGH\n  Summary: Found 3 vulnerabilities including 1 CRITICAL issues requiring immediate attention\n\n🎯 Severity Breakdown\n\n  ● CRITICAL: 1\n  ● HIGH: 1\n  ● MEDIUM: 1\n\n🔍 Detected Vulnerabilities\n\n🔴 [1] SQL Injection in User Query\n    File: src/users.js:42\n    Category: SQL Injection\n    Severity: CRITICAL | Confidence: 95%\n\n    User input is directly concatenated into SQL query without sanitization.\n\n    ⚠️  Impact: Attackers can extract or manipulate database data.\n\n    ✓ Fix: Use parameterized queries and input validation.\n\n    ✨ Auto-fix available\n```\n\n---\n\n## 🔮 Future Roadmap\n\n- [x] Auto-fix implementation (Interactive Mode)\n- [ ] GitHub Actions integration\n- [ ] CI/CD security gates\n- [ ] PR comment integration\n- [ ] Historical risk tracking\n- [ ] Multi-language support (Python, Java, Go)\n- [ ] Enterprise mode with team features\n- [ ] Custom rule definitions\n- [ ] Integration with SAST tools\n\n---\n\n## 🤝 Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n\n---\n\n## 📄 License\n\nMIT License - see [LICENSE](LICENSE) file for details\n\n---\n\n## 🙏 Acknowledgments\n\n- Powered by **Google Gemini 2.5 and Gemini 3 Flash**\n- Inspired by **OWASP Top 10**\n- Built for the developer community\n\n---\n\n## 🆘 Support\n\n- 📧 Issues: [GitHub Issues](https://github.com/holasoymalva/gemini-bug-hunter/issues)\n- 📖 Documentation: This README\n- 🔑 API Key: [Get Gemini API Key](https://aistudio.google.com/app/apikey)\n\n---\n\n**Made with ❤️ by [@holasoymalva](https://github.com/holasoymalva)**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fholasoymalva%2Fgemini-bug-hunter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fholasoymalva%2Fgemini-bug-hunter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fholasoymalva%2Fgemini-bug-hunter/lists"}