🛡️ Cyber-Walker

AI-Powered Cybersecurity Vulnerability Scanner

A professional-grade CLI tool that combines static code analysis with AI-powered security insights to detect vulnerabilities in your codebase.

✨ Features

• 🔍 Smart Scanning: Advanced pattern matching based on OWASP Top 10 vulnerabilities
• 🤖 AI Assistant: Interactive chat powered by Google's Gemini AI
• 📊 Rich Reports: Export findings in JSON or Markdown format
• ⚡ Fast & Efficient: Asynchronous scanning with progress tracking
• 🎨 Beautiful CLI: Professional terminal UI with color-coded severity levels
• ⚙️ Configurable: Persistent configuration with sensible defaults
• 🎯 Targeted Scans: Filter vulnerabilities by keyword or category
• 📈 Detailed Analysis: Line-by-line code analysis with context

🚀 Quick Start

Installation

npm install -g cyber-walker

Or run locally:

npm install
npm link

Setup

1. Get your Gemini API key from Google AI Studio

2. Initialize Cyber-Walker:

cyber-walker init

3. Configure your API key:

cyber-walker config set apiKey YOUR_API_KEY

First Scan

Scan your current project:

cyber-walker scan

📚 Usage

Commands

scan - Scan for Vulnerabilities

Scan your project for security issues:

# Scan current directory
cyber-walker scan

# Scan specific path
cyber-walker scan ./src

# Filter by keyword
cyber-walker scan --keyword password

# Export results
cyber-walker scan --output report.json
cyber-walker scan --output report.md

# JSON output for CI/CD
cyber-walker scan --format json

Options:

• -k, --keyword <keyword> - Filter vulnerabilities by keyword
• -o, --output <file> - Export report (.json or .md)
• -f, --format <format> - Output format: table or json (default: table)

chat - AI Security Assistant

Start an interactive AI-powered security assistant:

cyber-walker chat

Commands in chat mode:

• scan [keyword] - Run a vulnerability scan
• analyze - Get AI analysis of last scan results
• help - Show help message
• clear - Clear conversation history
• exit - Exit the assistant

Example conversation:

cyber-walker> scan password
[Scanning project...]

cyber-walker> analyze
[AI provides detailed security analysis...]

cyber-walker> How do I fix SQL injection vulnerabilities?
[AI provides remediation guidance...]

config - Manage Configuration

# Show all configuration
cyber-walker config show

# Get specific value
cyber-walker config get apiKey

# Set configuration value
cyber-walker config set model gemini-2.0-flash-exp
cyber-walker config set temperature 0.5

# Reset to defaults
cyber-walker config reset

# Show config file path
cyber-walker config path

Configuration Options:

• apiKey - Your Gemini API key
• model - AI model to use (default: gemini-2.0-flash-exp)
• temperature - AI creativity (0.0-1.0, default: 0.7)
• maxTokens - Max response length (default: 8192)
• scanPatterns - File patterns to scan
• ignorePatterns - Patterns to ignore
• outputFormat - Default output format
• verbose - Enable verbose logging

rules - List Security Rules

View available security rules:

# List all rules
cyber-walker rules

# Filter by severity
cyber-walker rules --severity critical
cyber-walker rules --severity high

# Filter by category
cyber-walker rules --category injection

info - System Information

Display system information and configuration status:

cyber-walker info

🔒 Security Rules

Cyber-Walker detects vulnerabilities based on OWASP Top 10 2021:

A01:2021 - Broken Access Control

• Hardcoded credentials
• Hardcoded API keys
• Weak RBAC implementation

A02:2021 - Cryptographic Failures

• Weak hashing algorithms (MD5, SHA1)
• Weak encryption (DES, RC4)
• Insecure random number generation

A03:2021 - Injection

• SQL injection
• Command injection
• XSS vulnerabilities
• eval() usage
• Unsafe innerHTML

A05:2021 - Security Misconfiguration

• Debug mode enabled
• CORS wildcard origins
• Disabled TLS validation

A07:2021 - Authentication Failures

• Weak bcrypt rounds
• Long session timeouts

A08:2021 - Integrity Failures

• Missing SRI for external scripts

A09:2021 - Logging Failures

• Sensitive data in logs
• Empty catch blocks

A10:2021 - SSRF

• Unvalidated user-supplied URLs

📖 Examples

CI/CD Integration

# GitHub Actions
name: Security Scan
on: [push]
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Install Cyber-Walker
        run: npm install -g cyber-walker
      - name: Run Security Scan
        env:
          GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
        run: cyber-walker scan --format json --output security-report.json
      - name: Upload Report
        uses: actions/upload-artifact@v2
        with:
          name: security-report
          path: security-report.json

Programmatic Usage

import SecurityScanner from 'cyber-walker/src/lib/scanner.js';

const scanner = new SecurityScanner({
  keyword: 'password',
  verbose: true
});

const results = await scanner.scan('./src');
const stats = scanner.getStats();

console.log(`Found ${stats.vulnerabilitiesFound} vulnerabilities`);

// Export reports
await scanner.exportJSON('./report.json');
await scanner.exportMarkdown('./report.md');

Pre-commit Hook

#!/bin/bash
# .git/hooks/pre-commit

echo "Running security scan..."
cyber-walker scan --format json > /dev/null

if [ $? -ne 0 ]; then
  echo "❌ Security scan found critical/high vulnerabilities"
  echo "Run 'cyber-walker scan' to see details"
  exit 1
fi

echo "✅ Security scan passed"

🎨 Output Examples

Table Format

File: src/auth/login.js
┌──────┬────────────┬──────────────────────┬────────────────────────────┐
│ Line │ Severity   │ ID                   │ Description                │
├──────┼────────────┼──────────────────────┼────────────────────────────┤
│ 42   │ CRITICAL   │ A01:2021-001         │ Hardcoded password detected│
│ 67   │ HIGH       │ A03:2021-001         │ Potential SQL injection    │
└──────┴────────────┴──────────────────────┴────────────────────────────┘

════════════════════════════════════════════════════════
▶ Scan Summary
────────────────────────────────────────────────────────
  Files Scanned             25
  Total Vulnerabilities     12

  Critical                  2
  High                      5
  Medium                    3
  Low                       2
════════════════════════════════════════════════════════

🛠️ Development

Project Structure

cyber-walker/
├── bin/
│   └── cyber-walker.js       # CLI entry point
├── src/
│   ├── commands/             # Command implementations
│   │   ├── chat.js
│   │   ├── config.js
│   │   └── scan-new.js
│   ├── core/                 # Core utilities
│   │   ├── config.js         # Configuration manager
│   │   └── logger.js         # Logging system
│   ├── lib/                  # Libraries
│   │   ├── gemini.js         # AI client
│   │   └── scanner.js        # Security scanner
│   └── utils/
│       ├── rules.js          # Security rules
│       └── osv.js            # OSV API client
├── package.json
└── README.md

Running Locally

# Install dependencies
npm install

# Run without installing
node bin/cyber-walker.js scan

# Run in development mode
npm run scan
npm run chat

🤝 Contributing

Contributions are welcome! Here's how you can help:

1. Add Security Rules: Enhance src/utils/rules.js with new patterns
2. Improve AI Prompts: Better prompts = better analysis
3. Bug Reports: Open an issue with details
4. Feature Requests: Share your ideas

📝 License

MIT License - see LICENSE file for details

🙏 Acknowledgments

• OWASP Top 10 for security guidance
• Google Gemini for AI capabilities
• Open Source Community for excellent npm packages

📞 Support

• Issues: GitHub Issues
• Discussions: GitHub Discussions

🗺️ Roadmap

• [ ] Support for more languages (Python, Go, Rust, etc.)
• [ ] Integration with more AI models (Claude, GPT-4)
• [ ] Web dashboard for results visualization
• [ ] VSCode extension
• [ ] Custom rule definitions via YAML
• [ ] Automated fix suggestions
• [ ] Historical trend analysis

Made with ❤️ by the Cyber-Walker Team

Stay secure! 🛡️