Ai Rotten Lab

Most people are vibe coding without looking at critical security risks and vulnerabilities and this must be carefully implemented to avoid holes that can allow unauthorized access.

Comment

Inspiration

I discovered a vulnerability in a Rwandan government website that allowed an unauthorized use to access admin privileges where by an attacker can login as an admin or director general and approve applications to the students who used that website (i didn't mention that website for privacy reasons)

What it does

it scans vulnerabilities when you give it a github repo url or a website url. where by we use security tools to scan the website's source code or repo source code and grant the result to ai where by ai gives a user a meaningful readable findings and how to fix that issue or how an attacker can use that vulnerability to attack you.

How we built it

backend it uses redis, node js & typescript + postgreSQL + playwright + Semgrep, Trivy, & Gitleaks and pdfkit frontend it uses react via next js, and uses tailwind css and chacn for styling

is uses ai like claude and gemini to tell user the findings

Challenges we ran into

It needs a real server like physical hard ware or buying a vps to run those tools that's why it can't be simply deployed providers like vercel or render and i don't have time to configure a vps.

Accomplishments that we're proud of

I scanned one of the hackerthon's project and i was able to find some hard coded ai api key's and sql injections bad practices and fixed it using my tool.

What we learned

how to use playwright and automate tests using it

What's next for Ai Rotten Lab

make it more powerful and more tools sot that even a non experience user with not cyber security knowledge can use it and also i wanna make it more powerful to run uncensored ai so that it can execute scripts for you.

Built With

Share this project:

Updates