JSPM

gemini-bug-hunter

1.2.0
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 19
  • Score
    100M100P100Q32383F
  • License MIT

AI-Powered Security Vulnerability Hunter using Gemini 2.5 Flash

Package Exports

  • gemini-bug-hunter
  • gemini-bug-hunter/cli/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (gemini-bug-hunter) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

image

๐Ÿ›ก๏ธ Gemini Bug Hunter

AI-Powered Security Vulnerability Hunter (CLI)

Gemini Bug Hunter is an AI-first CLI tool that helps developers find, understand, and fix security vulnerabilities in their codebases using Gemini 2.5 Flash (Next Gen) as the core intelligence engine.

Inspired by tools like Gemini-CLI and Claude-Code, Gemini Bug Hunter brings ethical hacking and AppSec workflows directly into the developer terminal.

๐Ÿš€ Vision

Security tools are often:

  • Too noisy
  • Too complex
  • Too disconnected from developer workflows

Gemini Bug Hunter solves this by using Gemini 2.5 (Next Gen) as the main reasoning engine to:

  • Understand code context
  • Detect vulnerabilities
  • Explain real-world risks
  • Propose secure fixes
  • Apply safe auto-remediations

๐Ÿง  Core Principle

Gemini 3 is not an assistant โ€” it is the brain of the system.

All vulnerability analysis, risk reasoning, and fix generation are driven by Gemini 3.

๐Ÿ› ๏ธ Tech Stack

  • Node.js (v18+)
  • JavaScript (ES2022+)
  • Gemini 2.5 Flash (Next Gen Analysis Engine)
  • Premium CLI Experience (ASCII Art, Animations, Gradients)
  • CLI Framework: commander
  • Output Styling: chalk, cli-table3, boxen
  • File traversal: glob
  • Config: .env + default.js

๐Ÿ“ฆ Installation

Prerequisites

  • Node.js 18 or higher
  • Gemini API Key (Get one here)
  • Gemini Model: Uses gemini-2.5-flash by default (configurable)

Setup

# Clone the repository
git clone https://github.com/holasoymalva/gemini-bug-hunter.git
cd gemini-bug-hunter

# Install dependencies
npm install

# Configure environment
cp .env.example .env
# Edit .env and add your GEMINI_API_KEY

# Test installation
npm start doctor

Global Installation

To use gbh from anywhere in your terminal:

# 1. Install globally
npm install -g gemini-bug-hunter

# 2. Set your API Key globally (Run once)
gbh config set-key <YOUR_GEMINI_API_KEY>

# 3. Ready to scan!
gbh scan

๐Ÿงช CLI Commands

Scan for Vulnerabilities

# Scan current directory
gbh scan

# Scan specific file or directory
gbh scan ./src

# Output to JSON file
gbh scan --output report.json

# JSON output to stdout
gbh scan --json

# Interactive Auto-Fix Mode
gbh scan --fix

Note: The --fix option will interactively prompt you to apply AI-generated fixes for each vulnerability found.

Check System Health

gbh doctor

View Configuration

gbh config

Explain Vulnerability

gbh explain "SQL Injection"
gbh explain "XSS"

๐Ÿ” How It Works

  1. Collect - Scans project files based on configured patterns
  2. Sanitize - Redacts secrets and sensitive data
  3. Analyze - Sends code to Gemini 3 with structured prompts
  4. Parse - Extracts structured vulnerability data
  5. Score - Calculates risk scores using weighted algorithms
  6. Report - Displays beautiful, actionable reports

๐Ÿค– Gemini 2.5 Integration

System Prompt

Gemini receives a carefully crafted system prompt that instructs it to:

  • Act as a professional ethical hacker
  • Focus on OWASP Top 10 vulnerabilities
  • Avoid false positives
  • Return structured JSON responses
  • Provide actionable recommendations

Response Schema

{
  "projectRiskScore": 0-100,
  "riskLevel": "LOW|MEDIUM|HIGH|CRITICAL",
  "summary": "string",
  "vulnerabilities": [
    {
      "id": "string",
      "title": "string",
      "severity": "LOW|MEDIUM|HIGH|CRITICAL",
      "confidence": 0-1,
      "category": "string",
      "file": "string",
      "line": number,
      "description": "string",
      "impact": "string",
      "exploitationScenario": "string",
      "recommendation": "string",
      "secureCodeExample": "string",
      "autoFixSafe": boolean
    }
  ]
}

๐Ÿ“Š Risk Scoring

The tool calculates risk scores using:

  • Severity (40% weight) - CRITICAL, HIGH, MEDIUM, LOW
  • Confidence (30% weight) - How certain is the detection
  • Exploitability (20% weight) - How easy to exploit
  • Impact (10% weight) - Business impact

Final score: 0-100%

๐Ÿ” Security & Privacy

โœ… Explicit consent before sending code to Gemini
โœ… Automatic secret redaction (API keys, passwords, tokens)
โœ… No remote storage of source code
โœ… Configurable privacy settings

๐Ÿ—‚๏ธ Project Structure

gemini-bug-hunter/
โ”œโ”€โ”€ cli/
โ”‚   โ””โ”€โ”€ index.js              # Main CLI entry point
โ”œโ”€โ”€ engine/
โ”‚   โ”œโ”€โ”€ gemini/
โ”‚   โ”‚   โ””โ”€โ”€ client.js         # Gemini API client
โ”‚   โ”œโ”€โ”€ scanner/
โ”‚   โ”‚   โ””โ”€โ”€ scanner.js        # Code scanner
โ”‚   โ””โ”€โ”€ risk/
โ”‚       โ””โ”€โ”€ calculator.js     # Risk scoring
โ”œโ”€โ”€ reporter/
โ”‚   โ””โ”€โ”€ console.js            # CLI reporter
โ”œโ”€โ”€ config/
โ”‚   โ””โ”€โ”€ default.js            # Default configuration
โ”œโ”€โ”€ .env.example              # Environment template
โ”œโ”€โ”€ package.json
โ””โ”€โ”€ README.md

๐ŸŽฏ Supported Vulnerability Categories

  • SQL Injection
  • XSS (Cross-Site Scripting)
  • CSRF (Cross-Site Request Forgery)
  • Authentication Issues
  • Authorization Issues
  • Sensitive Data Exposure
  • Security Misconfiguration
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Insufficient Logging & Monitoring
  • Command Injection
  • Path Traversal
  • Hardcoded Secrets
  • Weak Cryptography
  • Race Conditions

๐Ÿ“ˆ Example Output

๐Ÿ›ก๏ธ  GEMINI BUG HUNTER REPORT

๐Ÿ“Š Risk Assessment

  Risk Score: 81% โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ
  Risk Level: HIGH
  Summary: Found 3 vulnerabilities including 1 CRITICAL issues requiring immediate attention

๐ŸŽฏ Severity Breakdown

  โ— CRITICAL: 1
  โ— HIGH: 1
  โ— MEDIUM: 1

๐Ÿ” Detected Vulnerabilities

๐Ÿ”ด [1] SQL Injection in User Query
    File: src/users.js:42
    Category: SQL Injection
    Severity: CRITICAL | Confidence: 95%

    User input is directly concatenated into SQL query without sanitization.

    โš ๏ธ  Impact: Attackers can extract or manipulate database data.

    โœ“ Fix: Use parameterized queries and input validation.

    โœจ Auto-fix available

๐Ÿ”ฎ Future Roadmap

  • Auto-fix implementation (Interactive Mode)
  • GitHub Actions integration
  • CI/CD security gates
  • PR comment integration
  • Historical risk tracking
  • Multi-language support (Python, Java, Go)
  • Enterprise mode with team features
  • Custom rule definitions
  • Integration with SAST tools

๐Ÿค Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

๐Ÿ“„ License

MIT License - see LICENSE file for details

๐Ÿ™ Acknowledgments

  • Powered by Google Gemini 2.5 Flash
  • Inspired by OWASP Top 10
  • Built for the developer community

๐Ÿ†˜ Support

Made with โค๏ธ by @holasoymalva