AI-powered code security vulnerability scanner
Project description
๐ก๏ธ Pluto - AI-Powered Code Security Analyzer
โญโโโโโ[By 0xSaikat]โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ โ
โ ____ __ __ โ
โ / __ \/ /_ __/ /_____ โ
โ / /_/ / / / / / __/ __ \ โ
โ / ____/ / /_/ / /_/ /_/ / โ
โ /_/ /_/\__,_/\__/\____/ V-1.0 โ
โ โ
โ AI-Powered Code Security Analyzer โ
โ โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ[hackbit.org]โโโโโโโโฏ
Pluto is a powerful CLI tool that uses AI to detect security vulnerabilities in your code.
Features โข Installation โข Usage โข Examples โข Contributing
๐ Features
- ๐ค Multiple AI Providers: Claude, OpenAI, Ollama (local)
- ๐ Flexible Input: Analyze files, directories, or GitHub repositories
- ๐ Multiple Report Formats: Terminal, PDF, JSON, Markdown
- ๐ Privacy-First: Local analysis with Ollama support
- ๐ฏ Severity Filtering: Focus on CRITICAL, HIGH, MEDIUM, or LOW issues
- ๐ Multi-Language Support: Python, JavaScript, Java, C/C++, Go, Rust, PHP, Ruby, and more
๐ Security Checks
Pluto detects:
- SQL Injection
- XSS (Cross-Site Scripting)
- Authentication/Authorization flaws
- Hardcoded secrets & credentials
- Insecure cryptography
- Path traversal
- Command injection
- CSRF vulnerabilities
- Insecure dependencies
- And many more...
๐ฆ Installation
From PyPI (Recommended)
pip install pluto-ai
From Source
git clone https://github.com/0xsaikat/pluto.git
cd pluto
pip install -e .
โ๏ธ Setup
For Claude (Recommended)
export ANTHROPIC_API_KEY='your-api-key-here'
Get your API key from: https://console.anthropic.com/
For OpenAI
export OPENAI_API_KEY='your-api-key-here'
For Ollama (Local, Free)
# Install Ollama from https://ollama.ai
ollama pull phi
ollama serve
๐ป Usage
Basic Commands
# Analyze a single file
pluto scan -code app.py
# Analyze entire directory
pluto scan -dir ./src --report pdf --output security_report
# Analyze GitHub repository
pluto scan -git https://github.com/user/repo --provider claude
# Use local AI (Ollama)
pluto scan -code app.py --provider ollama --model phi
# Filter by severity
pluto scan -dir ./src --min-severity HIGH
Command Options
Options:
-code, --code-file PATH Analyze a single code file
-dir, --directory PATH Analyze entire directory
-git, --git-repo TEXT Analyze GitHub repository
--provider [claude|openai|ollama] AI provider (default: claude)
--model TEXT Model name
--report [terminal|pdf|json|markdown] Report format (default: terminal)
--output TEXT Output file name
--min-severity [LOW|MEDIUM|HIGH|CRITICAL] Minimum severity level
--help Show this message and exit
๐ Examples
Quick Security Scan
pluto scan -code myapp.py
Full Project Audit
pluto scan -dir ./backend --provider claude --report pdf --output project_audit
GitHub Repository Analysis
pluto scan -git https://github.com/user/vulnerable-app --report json
Local Private Scan
pluto scan -code sensitive_code.py --provider ollama --model phi
CI/CD Integration
pluto scan -dir ./src --report json --output results.json --min-severity HIGH
๐ Report Formats
- Terminal: Colorful, real-time output with severity highlighting
- PDF: Professional report with logo, charts, and detailed findings
- JSON: Machine-readable format for automation and CI/CD
- Markdown: Documentation-friendly format
๐จ Supported Languages
Python โข JavaScript โข TypeScript โข Java โข C/C++ โข Go โข Rust โข PHP โข Ruby โข Swift โข Kotlin
๐ง Configuration
Create a .plutorc file in your project root:
provider: claude
model: claude-sonnet-4-20250514
min_severity: MEDIUM
report_format: pdf
output_dir: ./security-reports
๐ค Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
๐จโ๐ป Author
0xSaikat
- Website: hackbit.org
- GitHub: @0xsaikat
๐ Acknowledgments
- Powered by Claude (Anthropic), OpenAI, and Ollama
- Built with โค๏ธ for the security community
โ ๏ธ Disclaimer
Pluto is a security analysis tool intended for educational and legitimate security testing purposes only. Always ensure you have permission before scanning code or repositories you don't own.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pluto_ai-1.2.0.tar.gz.
File metadata
- Download URL: pluto_ai-1.2.0.tar.gz
- Upload date:
- Size: 82.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
646e008b3934fda6785e85e5a84b1a975c7bd55a009c67554a822c78c260b493
|
|
| MD5 |
aacf8edcc86ed5593b027be1010b5780
|
|
| BLAKE2b-256 |
f4cdd2e5b2b76dba2aadcc3ee55cb90d0e27bcdea6d95d35ca510cb48414e052
|
File details
Details for the file pluto_ai-1.2.0-py3-none-any.whl.
File metadata
- Download URL: pluto_ai-1.2.0-py3-none-any.whl
- Upload date:
- Size: 28.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bc7f9b04c81d926322a12ca04d589c4cd4edffe527a13482136a58f34701c9b5
|
|
| MD5 |
deb6c669af3550ed377af54c55e38bfc
|
|
| BLAKE2b-256 |
82060c3a5ec418ca552245b604ca80608bc4c58a21d42437fda3ff529559cf87
|
