AI command line tool to detect broken access control vulnerabilities in source code

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for spmvg from gravatar.com spmvg

Unverified details

These details have not been verified by PyPI
Meta
  • License: GNU Affero General Public License v3 (AGPL-3.0)
  • Author: Steven van Gemert
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

broken_access_control_scanner

broken_access_control_scanner is an AI command line tool to detect broken access control vulnerabilities in source code using Anthropic's Claude AI.

Installation

Releases are made available on PyPi. The recommended installation method is via pip:

pip install broken-access-control-scanner

Usage

python -m broken_access_control_scanner <source_file> --data-model "<data_model_description>"

Requires ANTHROPIC_API_KEY environment variable to be set.

Arguments

  • source_file: Path to a source code file containing endpoints
  • --data-model, -d: Description of the data model and context for the endpoints (required)
  • --model, -m: Anthropic model to use (default: claude-sonnet-4-20250514)

Example

python -m broken_access_control_scanner api.py \
    --data-model "REST API with User and Document models. Users should only access their own profiles."

Output Example

┏━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Endpoint                  ┃  Severity  ┃ Description                      ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ /api/users/{id}/profile   │    NONE    │ Proper authorization check       │
│ /api/documents/{id}       │  CRITICAL  │ No authentication or auth check  │
└───────────────────────────┴────────────┴──────────────────────────────────┘

Severity Levels

  • NONE: No access control issues found
  • LOW: Minor issues, unlikely to be exploitable
  • MEDIUM: Access control weakness that could be exploited under certain conditions
  • HIGH: Clear access control vulnerability that can likely be exploited
  • CRITICAL: Severe access control vulnerability with high impact, easily exploitable

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for spmvg from gravatar.com spmvg

Unverified details

These details have not been verified by PyPI
Meta
  • License: GNU Affero General Public License v3 (AGPL-3.0)
  • Author: Steven van Gemert
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

0.1.0

This version

0.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

broken_access_control_scanner-0.0.0.tar.gz (17.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

broken_access_control_scanner-0.0.0-py3-none-any.whl (18.4 kB view details)

Uploaded Python 3

File details

Details for the file broken_access_control_scanner-0.0.0.tar.gz.

File metadata

File hashes

Hashes for broken_access_control_scanner-0.0.0.tar.gz
Algorithm Hash digest
SHA256 59c354f12d751fad885df917e8e8d4b577e9a80ec90516eaed11277c431377bf
MD5 70a75e7a56955c42c7b9752d0632ed58
BLAKE2b-256 3209a37abf43b42764e6f85ef4ae7c82ae90784d25a3a5ee8dc3cfc4365bb9dc

See more details on using hashes here.

Provenance

The following attestation bundles were made for broken_access_control_scanner-0.0.0.tar.gz:

Publisher: upload-pypi.yml on spmvg/broken_access_control_scanner

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file broken_access_control_scanner-0.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for broken_access_control_scanner-0.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 0398aea3cf19a06a6e81da747cc9094e052f4873fd56081298752202f32b0ff4
MD5 58bd4fdc09317acf4483d3d60e744c41
BLAKE2b-256 2f9adcbb60a76b4b6530bbacbd0705d2ed5780bef5b87d202f2316d557cee8ef

See more details on using hashes here.

Provenance

The following attestation bundles were made for broken_access_control_scanner-0.0.0-py3-none-any.whl:

Publisher: upload-pypi.yml on spmvg/broken_access_control_scanner

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page