{"id":49485327,"url":"https://github.com/siddforeal/blackhole_ai","last_synced_at":"2026-05-29T22:00:35.011Z","repository":{"id":354214330,"uuid":"1222665798","full_name":"Siddforeal/Blackhole_AI","owner":"Siddforeal","description":"Human-in-the-loop AI-assisted vulnerability discovery and bug intelligence workbench.","archived":false,"fork":false,"pushed_at":"2026-05-26T01:44:17.000Z","size":1516,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-26T02:33:50.216Z","etag":null,"topics":["ai-security","api-security","bug-bounty","cybersecurity","security-automation","vulnerability-research","web-security"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Siddforeal.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-27T15:31:28.000Z","updated_at":"2026-05-26T01:44:06.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Siddforeal/Blackhole_AI","commit_stats":null,"previous_names":["siddforreal403-commits/bugintel-ai-workbench","siddforeal/blackhole_ai"],"tags_count":92,"template":false,"template_full_name":null,"purl":"pkg:github/Siddforeal/Blackhole_AI","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Siddforeal%2FBlackhole_AI","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Siddforeal%2FBlackhole_AI/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Siddforeal%2FBlackhole_AI/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Siddforeal%2FBlackhole_AI/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Siddforeal","download_url":"https://codeload.github.com/Siddforeal/Blackhole_AI/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Siddforeal%2FBlackhole_AI/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33672125,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-29T02:00:06.066Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-security","api-security","bug-bounty","cybersecurity","security-automation","vulnerability-research","web-security"],"created_at":"2026-05-01T01:03:39.203Z","updated_at":"2026-05-29T22:00:35.005Z","avatar_url":"https://github.com/Siddforeal.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Blackhole AI Workbench\n\n[![Tests](https://github.com/Siddforeal/Blackhole_AI/actions/workflows/tests.yml/badge.svg)](https://github.com/Siddforeal/Blackhole_AI/actions/workflows/tests.yml)\n[![Latest release](https://img.shields.io/github/v/release/Siddforeal/Blackhole_AI?label=release)](https://github.com/Siddforeal/Blackhole_AI/releases)\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)\n\n**Blackhole AI Workbench** is a human-in-the-loop security research workbench for authorized\nvulnerability research, bug bounty workflows, endpoint intelligence, evidence planning, and\nreport preparation.\n\nIt is **not a scanner** and it is **not an auto-exploitation tool**.\n\nBlackhole is built around safe planning, local evidence, explicit human approval, and\nconservative report-readiness gates.\n\n**Current release:** `v0.79.0`\n\n**Project status:** active research prototype\n\n---\n\n## Why Blackhole Exists\n\nSecurity research produces fragmented material: endpoints, HAR files, screenshots, API\nresponses, notes, hypotheses, validation steps, evidence bundles, and report-readiness\ndecisions.\n\nBlackhole turns that material into a structured workflow:\n\n```text\ninputs\n→ endpoint intelligence\n→ research state / case memory\n→ deterministic planning\n→ provider-gated review\n→ evidence/action review gates\n→ report-readiness review\n→ human-written report support\n```\n\nThe goal is to help a researcher think clearly, prioritize high-signal paths, preserve evidence,\navoid overclaims, and produce stronger human-reviewed reports.\n\n---\n\n## Core Principles\n\n- Authorized research only\n- Local-first by default\n- Planning-first, not execution-first\n- Human approval before risky actions\n- Provider output is untrusted until reviewed\n- No automatic vulnerability confirmation\n- No automatic report submission\n- No target mutation by default\n- Evidence before severity or impact claims\n\n---\n\n## Current Safety Model\n\nBlackhole currently does **not** automatically:\n\n- call LLM providers\n- execute curl commands\n- launch browsers\n- run Kali tools\n- mutate targets\n- bypass authorization\n- confirm vulnerabilities\n- submit reports\n\nEvery provider/tool/browser/execution-oriented workflow is represented as a reviewable plan,\ngate, packet, or checklist until a human explicitly validates the next step.\n\n---\n\n## Current Workflow Highlights\n\n### Endpoint and Evidence Planning\n\nBlackhole can organize endpoints and evidence into structured research artifacts:\n\n```text\nendpoint list\n→ orchestration\n→ research state\n→ endpoint priority\n→ attack surface groups\n→ validation runbooks\n→ evidence requirements\n```\n\n### Case Chat and Provider Review Pipeline\n\nBlackhole supports a safety-gated case-chat workflow that treats external or provider-generated\ntext as untrusted planning input:\n\n```text\ncase-chat-prompt-package\n→ case-chat-provider-gate\n→ case-chat-provider-dry-run\n→ case-chat-provider-result-import\n→ case-chat-provider-result-review\n→ case-chat-suggestion-action-plan\n→ case-chat-action-plan-apply-preview\n→ case-chat-action-plan-apply-preview-review\n→ case-chat-reviewed-apply-packet\n→ case-chat-reviewed-apply-packet-export-bundle\n→ case-chat-export-bundle-review-gate\n→ case-chat-export-bundle-report-readiness-review\n```\n\n### Report Readiness\n\nThe current release can review whether a gated export bundle is ready to support a human-written\nreport draft.\n\nIt separates report-ready support notes, blockers, missing evidence, unsafe items, artifact\nproblems, overclaim risks, safety blockers, final checklist items, and report guardrails.\n\nIt still does **not** generate or submit reports automatically.\n\n---\n\n## Quick Start\n\n```bash\ngit clone https://github.com/Siddforeal/Blackhole_AI.git\ncd Blackhole_AI\n\npython -m venv .venv\nsource .venv/bin/activate\n\npip install -e .\nblackhole --help\n```\n\nThe legacy CLI name is also kept for compatibility:\n\n```bash\nbugintel --help\n```\n\n---\n\n## Minimal Demo\n\n```bash\ncat \u003e /tmp/blackhole-endpoints.txt \u003c\u003c'EOF'\n/api/accounts/123/users/{id}/permissions\n/api/files/{id}/download\n/api/status\nEOF\n\nblackhole orchestrate /tmp/blackhole-endpoints.txt \\\n  --target demo \\\n  --json-output /tmp/orchestration.json\n\nblackhole research-state /tmp/orchestration.json \\\n  --output-file /tmp/research-state.md \\\n  --json-output /tmp/research-state.json\n```\n\n---\n\n## Example: Report-Readiness Review\n\n```bash\nblackhole case-chat-export-bundle-report-readiness-review \\\n  --review-gate /tmp/export-bundle-review-gate.json \\\n  --output /tmp/report-readiness.md \\\n  --json-output /tmp/report-readiness.json\n```\n\nThis produces a planning-only readiness review. It does not generate a report, submit a report,\ncall providers, execute tools, or confirm a vulnerability.\n\n---\n\n## Documentation\n\n| Document | Purpose |\n|---|---|\n| [CLI Reference](docs/cli-reference.md) | Commands and examples |\n| [Feature Reference](docs/feature-reference.md) | Full feature list |\n| [Methodology](docs/methodology.md) | Research workflow and methodology |\n| [Safety Model](docs/safety-model.md) | Safety guarantees and boundaries |\n| [Architecture](docs/architecture.md) | Internal design |\n| [Threat Model](docs/threat_model.md) | Misuse and risk analysis |\n| [Limitations](docs/limitations.md) | Current limitations |\n\n---\n\n## Latest Release Line\n\n| Version | Focus |\n|---|---|\n| `v0.79.0` | Brain Chat Case Dashboard Review Packet |\n| `v0.78.0` | Brain Chat Case Dashboard |\n| `v0.77.0` | Brain Chat Session Next-Step Planner |\n| `v0.76.0` | Brain Chat Session Summary Command |\n| `v0.75.0` | Brain Chat Case Session Auto-Save |\n| `v0.74.0` | Brain Chat Case Directory Discovery |\n| `v0.73.0` | Brain Chat Demo Flow |\n| `v0.72.0` | Brain State Export Builder |\n| `v0.71.0` | Brain Chat Question Router |\n| `v0.70.0` | Human Report Skeleton Review Gate |\n| `v0.69.0` | Human Report Skeleton Packet |\n| `v0.68.0` | Finding Draft Packet Review Gate |\n| `v0.67.0` | Report Readiness Finding Draft Packet |\n| `v0.66.0` | Export Bundle Report Readiness Review |\n| `v0.65.0` | Export Bundle Review Gate |\n| `v0.64.0` | Reviewed Apply Packet Export Bundle |\n| `v0.63.0` | Case Chat Reviewed Apply Packet |\n| `v0.62.0` | Case Chat Apply Preview Reviewer |\n| `v0.61.0` | Case Chat Action Plan Apply Preview |\n| `v0.60.0` | Case Chat Suggestion Action Plan |\n| `v0.59.0` | Provider Suggestion Review Bridge |\n\n---\n\n## Ethical Use\n\nUse Blackhole only on systems you own, local labs, CTFs, written-scope penetration tests, or\nexplicitly authorized bug bounty programs.\n\nDo not use it for unauthorized scanning, exploitation, credential theft, persistence, stealth,\ndenial-of-service activity, destructive testing, or accessing private data.\n\n---\n\n## License\n\nMIT License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsiddforeal%2Fblackhole_ai","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsiddforeal%2Fblackhole_ai","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsiddforeal%2Fblackhole_ai/lists"}