{"id":47746718,"url":"https://github.com/thresher-sh/thresher","last_synced_at":"2026-04-04T02:01:12.019Z","repository":{"id":348169096,"uuid":"1194891261","full_name":"thresher-sh/thresher","owner":"thresher-sh","description":"OSS Projects are cool, vulnerabilities and threats arent. AI scan environment for scanning OSS projects for threats, malware, security issues.","archived":false,"fork":false,"pushed_at":"2026-04-03T06:06:53.000Z","size":814,"stargazers_count":4,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-03T09:50:21.025Z","etag":null,"topics":["ai","ai-agents","entropy","malware","malware-analysis","scanning","security","supply-chain-security","vulnerability"],"latest_commit_sha":null,"homepage":"https://thresher.sh","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thresher-sh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-29T00:14:57.000Z","updated_at":"2026-04-03T06:06:56.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/thresher-sh/thresher","commit_stats":null,"previous_names":["shadowcodex/project-threat-scanner","thresher-sh/thresher"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/thresher-sh/thresher","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thresher-sh%2Fthresher","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thresher-sh%2Fthresher/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thresher-sh%2Fthresher/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thresher-sh%2Fthresher/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thresher-sh","download_url":"https://codeload.github.com/thresher-sh/thresher/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thresher-sh%2Fthresher/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31384847,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T01:22:39.193Z","status":"online","status_checked_at":"2026-04-04T02:00:07.569Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","ai-agents","entropy","malware","malware-analysis","scanning","security","supply-chain-security","vulnerability"],"created_at":"2026-04-03T01:17:30.871Z","updated_at":"2026-04-04T02:01:11.994Z","avatar_url":"https://github.com/thresher-sh.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[Join Discord](https://discord.gg/VVt9qmkcnr) -- [Website: thresher.sh](https://thresher.sh)\n\n```\n                                          ___/|\n                              ___________/    |\n                   __________/                |\n               ___/    _____                  |\n           ___/   \\___/     \\                 |\n       ___/                  \\         ______/\n   ___/         _              \\______/\n  /          __/ \\__    ___----~\n |      ,__-~      \\--~\n |     /    _,                  T H R E S H E R\n  \\___/  __/\n     |  /                       Separate the safe\n     |_/                        from the dangerous.\n      ~\n```\n\nSupply chain security scanner. 22 deterministic scanners + 8 AI analyst personas inside a hardened, ephemeral VM. Produces a go/no-go report.\n\n\u003e **Disclaimer:** Thresher is provided \"as is\" without warranty of any kind. It does not guarantee detection of all vulnerabilities, malicious code, or supply chain threats. Results should not be treated as a substitute for professional security audits. No vm isolation is guaranteed safe, Use at your own risk.\n\n---\n\n## Install\n\n```bash\nbrew tap thresher-sh/thresher\nbrew install thresher\n```\n\nOr with pip:\n\n```bash\npip install -e .\n```\n\nThen set up the VM:\n\n```bash\n# Import a pre-built VM image (fast — ~30 seconds)\nthresher import latest\n\n# Or build your own (~10 minutes)\nthresher build\n```\n\n```bash\nthresher scan https://github.com/owner/repo\n```\n\n---\n\n## What It Does\n\n```\nHost (macOS)\n  └── Lima VM (ephemeral, firewalled, zero-sudo)\n        ├── Hardened git clone (safe_clone.sh)\n        ├── AI pre-dep discovery (hidden dependency sources)\n        ├── Docker container (dependency resolution)\n        ├── 22 deterministic scanners (parallel)\n        ├── 8 AI analyst agents + adversarial verification\n        └── Report synthesis\n```\n\n| Step | What Happens |\n|------|-------------|\n| **Isolate** | Ephemeral VM. 3-layer network hardening. No mounts, no ports. |\n| **Clone** | 4-phase hardened clone. Neutralizes all known git execution vectors. |\n| **Discover** | AI finds hidden deps (git clones in Makefiles, curl in Dockerfiles, submodules). |\n| **Resolve** | Single Docker container. Source-only downloads. No install scripts. |\n| **Scan** | 22 scanners: SCA, SAST, behavioral, entropy, install hooks, malware, license. |\n| **Analyze** | 8 AI personas investigate in parallel. Adversarial verification reduces false positives. |\n| **Report** | EPSS/KEV enrichment. Go / Caution / Do Not Use recommendation. |\n| **Cleanup** | VM destroyed. Nothing persists. |\n\nAll scan data stays inside the VM until the final report copy.\n\n---\n\n## The 8 Analysts\n\nEach runs as a Claude Code headless agent inside the VM with specialized tools.\n\n| # | Persona | Core Question |\n|---|---------|--------------|\n| 1 | **The Paranoid** | Is this code malicious? |\n| 2 | **The Behaviorist** | Is there an unreported vulnerability? |\n| 3 | **The Investigator** | Is this code trustworthy? |\n| 4 | **Pentester: Vulns** | What vulnerabilities are we inheriting? |\n| 5 | **Pentester: App Surface** | How do users break in? |\n| 6 | **Pentester: Memory** | Can this be corrupted at runtime? |\n| 7 | **Infra Auditor** | Is this safe to deploy? |\n| 8 | **The Shadowcatcher** | What is this code hiding? |\n\n---\n\n## 22 Scanners\n\n| Tool | What It Catches |\n|------|-----------------|\n| Syft | SBOM generation (feeds Grype) |\n| Grype | Known CVEs in dependencies |\n| OSV-Scanner | CVEs + malicious package advisories (MAL-*) |\n| Trivy | Container/filesystem CVEs |\n| govulncheck | Go vulns with call-graph reachability |\n| cargo-audit | Rust vulns from RustSec |\n| Semgrep | Code vulnerabilities and dangerous patterns |\n| Semgrep (supply-chain) | Custom rules on dep source: exfil, download-and-exec, encoded payloads |\n| Bandit | Python security anti-patterns |\n| GuardDog | Suspicious behaviors on manifests |\n| GuardDog (deps) | Behavioral heuristics on actual dep source code |\n| Install Hooks | preinstall/postinstall with network/shell activity |\n| Entropy | High-entropy strings, base64, hex escapes, JS obfuscator patterns, eval-of-decoded |\n| deps.dev | OpenSSF Scorecard, typosquatting, version history anomalies |\n| Registry Metadata | Maintainer changes, tarball size spikes, install script introduction |\n| Gitleaks | Hardcoded API keys, tokens, credentials |\n| Checkov | Dockerfile/Terraform/K8s misconfigurations |\n| Hadolint | Dockerfile best practices |\n| YARA | Known malware signatures |\n| ClamAV | Virus and malware signatures |\n| capa | Capabilities in compiled binaries |\n| ScanCode | License compliance from file contents |\n\n---\n\n## Usage\n\n```bash\n# Full scan with AI analysis\nthresher scan https://github.com/owner/repo\n\n# Deterministic scanners only (no API key needed)\nthresher scan https://github.com/owner/repo --skip-ai\n\n# Custom VM resources\nthresher scan https://github.com/owner/repo --cpus 8 --memory 16 --disk 100\n\n# Download high-risk hidden dependencies (binaries, tarballs)\nthresher scan https://github.com/owner/repo --high-risk-dep\n\n# With tmux split-pane UI (scan left, logs right)\nthresher scan https://github.com/owner/repo --tmux\n```\n\nWith [uv](https://docs.astral.sh/uv/):\n\n```bash\nuv run thresher scan https://github.com/owner/repo --skip-ai\n```\n\n### Commands\n\n| Command | What It Does |\n|---------|-------------|\n| `thresher scan \u003curl\u003e` | Scan a repository |\n| `thresher build` | Build/rebuild the cached base VM image |\n| `thresher stop` | Stop all VMs and tmux session |\n| `thresher list` | List available pre-built VM images from releases |\n| `thresher import \u003csource\u003e` | Import a pre-built VM image (skip the build) |\n| `thresher export` | Export your base VM image for distribution |\n\n### Flags\n\n| Flag | Default | Description |\n|------|---------|-------------|\n| `--depth N` | 2 | Transitive dependency depth |\n| `--skip-ai` | off | Deterministic scanners only |\n| `--high-risk-dep` | off | Download high-risk hidden deps |\n| `--verbose` | off | Detailed tool output |\n| `--output DIR` | `./thresher-reports` | Report output directory |\n| `--cpus N` | 4 | VM CPU count |\n| `--memory N` | 8 | VM memory in GiB |\n| `--disk N` | 50 | VM disk in GiB |\n| `--tmux` | off | Tmux split-pane UI |\n\n### Configuration\n\nCopy `thresher.toml.example` to `thresher.toml`. CLI flags override config values.\n\n```toml\nmodel = \"sonnet\"\ndepth = 2\noutput_dir = \"./thresher-reports\"\ntmux = false\n\n[vm]\ncpus = 4\nmemory = 8\ndisk = 50\n\n[limits]\nmax_json_size_mb = 10\nmax_file_size_mb = 50\nmax_copy_size_mb = 500\nmax_stdout_mb = 50\n```\n\n---\n\n## Output\n\n```\n~~~~~~~~~~~_/|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nFINDINGS\n\nP0  CRIT  HIGH  MED   LOW\n 0     2      5     12    23\n\nReport: ./thresher-reports/example-repo-20260401/\n\n~~~~~~~~~~~_/|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n```\n\nReports in the output directory:\n\n| File | Contents |\n|------|----------|\n| `executive-summary.md` | Go / Caution / Do Not Use recommendation |\n| `detailed-report.md` | All findings by priority with remediation |\n| `findings.json` | Machine-readable (CVSS, EPSS, KEV, AI scores) |\n| `sbom.json` | CycloneDX SBOM |\n| `scan-results/` | Raw scanner output |\n\n### Priority Levels\n\n| Priority | Criteria |\n|----------|----------|\n| **P0** | CISA KEV (actively exploited), or AI-confirmed exfiltration/backdoor |\n| **Critical** | CVSS \u003e= 9.0, EPSS \u003e 90th percentile, or AI risk 9-10 |\n| **High** | CVSS 7.0-8.9, EPSS \u003e 75th percentile, or AI risk 7-8 |\n| **Medium** | CVSS 4.0-6.9, EPSS \u003e 50th percentile, or AI risk 4-6 |\n| **Low** | Everything else |\n\nP0 or Critical = **DO NOT USE**. High only = **CAUTION**. Medium and below = **GO**.\n\n---\n\n## Security Model\n\n| Layer | What It Does |\n|-------|-------------|\n| **VM isolation** | Lima `vz` backend, `--plain`, no mounts, no port forwards |\n| **Zero sudo** | Scan user can only run one hardcoded Docker wrapper |\n| **3-layer network** | iptables whitelist + hostResolver DNS + gateway pinning |\n| **Hardened clone** | 4-phase safe_clone.sh (all git execution vectors neutralized) |\n| **Dep sandbox** | `--network=none`, `--read-only`, `--cap-drop=ALL` |\n| **Source-only** | `pip download --no-binary`, `npm pack`, `cargo vendor` |\n| **Host boundary** | Staging dir, symlink removal, path traversal rejection, size limits |\n| **API key** | tmpfs read-and-delete, never in shell environment |\n| **Ephemeral** | VM destroyed after each scan |\n\n---\n\n## Requirements\n\n- macOS with Apple Silicon\n- [Lima](https://lima-vm.io) (`brew install lima`)\n- Python 3.11+\n- `ANTHROPIC_API_KEY` or `claude login` (unless `--skip-ai`)\n- [tmux](https://github.com/tmux/tmux) (`brew install tmux`) -- optional\n\nThe VM needs ~30 GB disk. Configurable via `--disk` or `thresher.toml`.\n\n---\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthresher-sh%2Fthresher","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthresher-sh%2Fthresher","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthresher-sh%2Fthresher/lists"}