Enterprise-grade security analysis powered by local AI - completely private, no data ever leaves your server.
Comprehensive security analysis tools using local Large Language Models (LLMs) for analyzing system configurations, detecting vulnerabilities, reviewing code, and monitoring threats in real-time. Perfect for security professionals, DevOps engineers, and system administrators who need enterprise-grade security without compromising privacy.
π NEW in v3.1.1: Perfect 100/100 Security Score Achieved! - See Release Notes
π View Roadmap | π‘ Request Features | β Star on GitHub
- π Comprehensive Security Scanning - Full system audits with AI-powered analysis
- π‘οΈ Real-time Threat Monitoring - Live log analysis with instant threat assessment
- π¦ Malware & Rootkit Detection - ClamAV, rkhunter, chkrootkit with AI analysis
- π Code Security Review - Automated vulnerability detection in code
- π¬ Interactive Security Assistant - Chat with AI security expert
- π 100% Private - Runs entirely on your infrastructure, zero external calls
- β‘ Automated Scheduling - Set up daily/hourly scans via cron
- π Detailed Reports - Actionable recommendations with priority levels
- π Multi-Factor Authentication (MFA/2FA) - TOTP-based 2FA with QR code setup
- π OAuth 2.0 Integration - Sign in with Google/Microsoft
- π¨ Intrusion Detection System - Real-time threat detection with automated blocking
- π Account Lockout Protection - Automatic lockout after failed login attempts
- π IP Whitelist/Blacklist - Manage allowed and blocked IPs
- β±οΈ Advanced Rate Limiting - 3-tier rate limiting (general, auth, admin)
- π Secrets Rotation - Automated secret rotation scheduler
- β Configuration Validator - Startup validation for security configs
- π Audit Logging - Comprehensive logging with 90-day retention
- πΎ Automated Backups - Scheduled backups with disaster recovery
- π SSL/TLS Support - HTTPS for production environments
- π‘οΈ Enhanced Security Headers - Helmet.js security middleware
Security Score: 100/100 β¨ - See detailed breakdown
- Listening ports and exposed services
- Firewall configurations (UFW/iptables)
- User accounts and privilege escalation risks
- Login attempts (successful/failed)
- Cron jobs and scheduled tasks
- SUID/SGID binaries
- File permissions and world-writable files
- Active connections and routing tables
- DNS configurations
- Suspicious network activity
- Open ports analysis
- Web server configs (Nginx/Apache)
- SSH configurations and keys
- Docker containers
- Node.js/Python/PHP applications
- Environment variables and secrets
- Authentication logs
- System logs
- Security incidents
- Anomaly detection
- Intrusion attempts
Full Windows support now available! See Windows README for details.
cd windows
.\install.ps1Linux/macOS:
curl -fsSL https://raw.githubusercontent.com/ssfdre38/ai-security-scanner/master/setup.sh | bashWindows (PowerShell as Admin):
irm https://raw.githubusercontent.com/ssfdre38/ai-security-scanner/master/setup.ps1 | iexThe setup script automatically:
- β Detects your OS and installs dependencies
- β Installs Node.js, Ollama, and security tools
- β Generates secure random secrets
- β Configures SSL/TLS certificates
- β Sets up firewall rules
- β Creates systemd/Windows service
- β Tests the installation
That's it! Access at https://localhost:3000 after installation.
See SETUP_GUIDE.md for advanced configuration options.
- Linux, BSD, macOS, or Windows system
- 8GB RAM minimum (16GB+ recommended for 70B model)
- 50GB+ free disk space
- Internet connection (for initial setup only)
# Clone the repository
git clone https://github.com/barrersoftware/ai-security-scanner.git
cd ai-security-scanner
# Run the installer
sudo ./install.sh
# Or manual installation:
chmod +x scripts/*.sh
sudo scripts/install-ollama.shRecommended models by system specs:
| RAM | Model | Quality | Speed |
|---|---|---|---|
| 8GB | llama3.2:3b | Good | Fast |
| 16GB | llama3.1:8b | Better | Medium |
| 32GB+ | llama3.1:70b | Best | Slower |
# Install your chosen model
ollama pull llama3.1:70b # Best quality
# OR
ollama pull llama3.1:8b # Balanced
# OR
ollama pull llama3.2:3b # Fastest# Run comprehensive security scan
./scripts/security-scanner.sh
# View the report
cat ~/security-reports/security_analysis_*.md | less./scripts/security-scanner.shComplete system security audit with AI analysis and prioritized recommendations.
What it does:
- Full system configuration review
- Network and firewall analysis
- Application security assessment
- Log analysis for threats
- Executive summary with actionable fixes
Output: Detailed markdown report in ~/security-reports/
./scripts/security-monitor.shMonitors authentication logs in real-time and provides instant AI threat analysis.
Use case: Run in background or tmux/screen session for continuous monitoring.
./scripts/code-review.sh /path/to/codeScans code for vulnerabilities including SQL injection, XSS, command injection, hardcoded secrets, and more.
Supported languages: JavaScript, Python, PHP, Shell, Java, Ruby, Go
./scripts/malware-scanner.shComprehensive malware detection using ClamAV, rkhunter, chkrootkit, and AI analysis.
What it does:
- Virus and malware scanning (ClamAV)
- Rootkit detection (rkhunter, chkrootkit)
- Process and network analysis
- Web shell detection
- File system anomaly detection
- AI-powered threat analysis
Windows version: .\windows\scripts\MalwareScanner.ps1 (uses Windows Defender)
./scripts/security-chat.shInteractive chat with AI security expert for questions, incident response, and guidance.
Example questions:
- "How do I secure my nginx configuration?"
- "What are signs my server has been compromised?"
- "Analyze this suspicious IP: X.X.X.X"
- "Best practices for SSH hardening?"
# Schedule daily scan at 3:30 AM (adjust timezone as needed)
./scripts/setup-cron.sh
# Or manually add to crontab:
crontab -e
# Add: 30 3 * * * /path/to/scripts/security-scanner.sh >> ~/security-reports/cron.log 2>&1# AI Security Analysis Report
Generated: 2025-10-12 11:30:00 UTC
## Executive Summary
### CRITICAL ISSUES - Fix Immediately
1. SSH root login enabled - Disable PermitRootLogin in /etc/ssh/sshd_config
2. Firewall not configured - Enable UFW: sudo ufw enable
3. World-writable files in /var/www - Run: find /var/www -perm -002 -exec chmod o-w {} \;
### HIGH PRIORITY - Fix within 24 hours
1. Outdated SSL/TLS protocols in Nginx
2. Password authentication enabled for SSH
3. Multiple failed login attempts from suspicious IPs
### Security Score: 6.5/10Edit the model and parameters in any script:
# scripts/security-scanner.sh
MODEL="llama3.1:70b" # Change model
TEMPERATURE=0.3 # Lower = more focused, Higher = more creativeModify what gets scanned by editing the script sections:
- System info collection (lines ~40-80)
- Log analysis depth (lines ~180-200)
- File system scan paths (lines ~130-150)
- Pre-deployment Security Checks - Scan before production deployment
- Compliance Audits - Generate reports for compliance requirements
- Incident Response - Analyze logs during security incidents
- Code Reviews - Automated security review of pull requests
- Continuous Monitoring - Daily automated scans with alerts
- Security Training - Learn security best practices interactively
- Threat Hunting - Search for indicators of compromise
- 100% Local Execution - All analysis happens on your server
- No External Calls - Zero data transmission to third parties
- No Telemetry - No usage tracking or analytics
- Open Source - Full transparency, audit the code yourself
- Air-gap Compatible - Works on isolated networks (after initial model download)
We believe security tools should be open source for several critical reasons:
Transparency & Trust - Security software deals with your most sensitive systems and data. Closed-source security tools ask you to trust them blindly. With open source, you can audit every line of code, verify there are no backdoors, and ensure your data stays private. Trust should be earned through transparency, not demanded through obscurity.
Community Strength - Security is a collaborative effort. The global security community can review, improve, and contribute to this project, making it stronger and more reliable than any single vendor could achieve. Bugs are found faster, vulnerabilities are patched quicker, and features are built based on real-world needs.
Freedom & Control - You own your security infrastructure. No vendor lock-in, no forced updates, no licensing headaches, no telemetry collecting your data. You control when and how to deploy updates, customize the tool for your specific needs, and run it anywhere without restrictions or ongoing costs.
Educational Value - Learning security is hard when tools are black boxes. This project serves as both a production tool and an educational resource. Study the code, understand how AI-powered security analysis works, modify it for your use cases, and share your improvements with others.
Longevity & Sustainability - Proprietary security companies can be acquired, discontinued, or pivot away from products you depend on. Open source projects live beyond any single organization. Even if the original maintainers move on, the community can continue development, ensuring your investment in this tool isn't wasted.
Privacy by Design - We built this tool to run 100% locally because we believe your security data should never leave your infrastructure. This isn't just a featureβit's a philosophy. Open source ensures we can't quietly add telemetry or "phone home" functionality in future updates. The code is the proof.
No Hidden Costs - Security tools shouldn't be prohibitively expensive. Organizations of all sizes deserve enterprise-grade security analysis. By making this tool free and open source, we're democratizing access to AI-powered security analysis, whether you're a Fortune 500 company or a solo developer.
This project embodies the principles that have made Linux, OpenSSL, and countless other critical security projects successful. Security through transparency, not obscurity. Community over profit. Freedom over lock-in.
If this project helps you secure your infrastructure, consider contributing backβwhether through code, documentation, bug reports, or simply spreading the word. Together, we can build security tools that serve everyone, not just those who can afford expensive proprietary solutions.
- Start with smaller model - Test with 8B model first, upgrade if needed
- Run during off-hours - Schedule scans when server load is low
- Review reports regularly - Set up weekly report review process
- Customize for your stack - Edit scripts to focus on your specific technologies
- Combine with other tools - Complement existing security tools, don't replace them
Contributions welcome! Please read CONTRIBUTING.md first.
- Add support for new security checks
- Improve AI prompts for better analysis
- Add support for additional platforms
- Report bugs and issues
- Improve documentation
- Share your use cases
- Installation Guide
- Configuration Guide
- Troubleshooting
- API Reference
- Security Best Practices
- Product Roadmap - Future plans and feature requests
systemctl restart ollama
ollama ps # Check what's runningollama stop llama3.1:70b
ollama pull llama3.1:8b # Use smaller model- Lower model size (70b β 8b β 3b)
- Reduce scan frequency
- Limit concurrent scans
- Add more RAM if possible
MIT License - see LICENSE file for details.
- Ollama - For making local LLMs accessible
- Meta AI - Llama models
- Security community - For best practices and feedback
This tool is for security analysis and educational purposes. It complements but does not replace professional security audits, penetration testing, or other security measures. Always follow your organization's security policies and consult security professionals for critical systems.
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Security Issues: security@yourdomain.com (private disclosure)
NEW! Modern web-based dashboard for managing scans and viewing reports.
cd web-ui
./start-web-ui.shAccess at http://localhost:3000
Features:
- π Real-time dashboard with live updates
- π Start and monitor scans from browser
- π Browse and view security reports
- π¬ Interactive AI security assistant
- βοΈ System monitoring and status
- π± Responsive design for mobile/tablet
See web-ui/README.md for full documentation.
NEW! Send security alerts and reports to your team communication platforms.
cd integrations
./setup-integrations.shFeatures:
- π Slack, Discord, and Microsoft Teams support
- π¨ Color-coded severity levels (critical, warning, info, success)
- π Attach full security reports to notifications
- β‘ Automatic notifications on scan completion
- π Rich formatting with emojis and detailed messages
Examples:
# Send notification to Slack
./integrations/notify.sh --platform slack --message "Scan completed"
# Run scan with auto-notification to all platforms
./integrations/auto-notify.sh comprehensive
# Send critical alert with report
./integrations/notify.sh --platform all --title "Security Alert" \
--file ~/security-reports/latest.md --severity criticalSee integrations/README.md for full documentation.
NEW! Scan multiple servers from a central location using SSH.
cd multi-server
cp servers.yaml.example servers.yaml
# Edit servers.yaml with your infrastructure
./scan-servers.sh --group production --notifyFeatures:
- π Parallel scanning with GNU Parallel
- π YAML-based server inventory with groups and tags
- π― Flexible targeting (by name, group, or tags)
- π Consolidated reports across all servers
- π Automatic notifications on completion
- β‘ Fast execution (scan 50 servers in ~15 minutes)
Examples:
# Scan production servers
./scan-servers.sh --group production --parallel 8
# Scan specific servers with consolidated report
./scan-servers.sh --servers web-01,db-01 --consolidated
# Scan by tags with notifications
./scan-servers.sh --tags critical --notifySee multi-server/README.md for full documentation.
NEW! Comprehensive security audits for AWS, GCP, and Azure.
cd cloud-security
# Scan individual clouds
./scan-aws.sh
./scan-gcp.sh
./scan-azure.sh
# Or scan all at once
./scan-all-clouds.sh --all --notifySupported Services:
- AWS: IAM, EC2, S3, VPC, RDS, CloudTrail, Security Groups
- GCP: IAM, Compute Engine, Cloud Storage, VPC, Cloud SQL, Logging
- Azure: Azure AD, VMs, Storage, NSGs, SQL, Key Vault, Security Center
Features:
- βοΈ Multi-cloud support (AWS, GCP, Azure)
- π Comprehensive service coverage
- π€ AI-powered analysis and recommendations
- π Detailed markdown reports
- π¨ Color-coded severity levels
- π Integration with notification system
Examples:
# Daily AWS security audit
./scan-aws.sh && ../integrations/notify.sh --file ~/security-reports/aws_*.md
# Multi-cloud compliance scan
./scan-all-clouds.sh --all --notify
# Specific clouds only
./scan-all-clouds.sh --aws --gcpSee cloud-security/README.md for full documentation.
NEW! Define your own security checks with YAML.
cd custom-rules
cp rules.yaml.example rules.yaml
./run-rules.sh --group criticalFeatures:
- π YAML-based rule definitions
- β‘ Parallel execution support
- π¨ Severity levels (critical/warning/info)
- π Rule grouping and filtering
- π§ Custom remediation instructions
See custom-rules/README.md for full documentation.
NEW! Comprehensive K8s cluster security auditing.
cd kubernetes
./scan-k8s.shCoverage:
- Pod security (privileged, root)
- RBAC analysis
- Network policies
- Secrets management
- Resource quotas
- Container images
See kubernetes/README.md for full documentation.
NEW! Audit MySQL, PostgreSQL, MongoDB, and Redis.
cd database-security
./scan-databases.sh --allChecks:
- Connection security (bind addresses)
- Authentication configuration
- Encryption (SSL/TLS, at-rest)
- Public exposure detection
- Configuration best practices
See database-security/README.md for full documentation.
NEW! Industry standards, government regulations, and defense-level security auditing.
cd compliance
# Industry compliance standards
./scan-compliance.sh --framework pci-dss
# OpenSCAP security scanning (200+ checks)
sudo ./scan-openscap.sh --profile standard
# DISA STIG (DoD/Government compliance)
sudo ./scan-disa-stig.shIndustry Frameworks:
- PCI-DSS 3.2.1 (Payment Card Industry)
- HIPAA Security Rule (Healthcare)
- SOC 2 Type II (Service organizations)
- GDPR (Data protection)
Government & Defense Standards:
- OpenSCAP - Security Content Automation Protocol scanning
- DISA STIG - Defense Information Systems Agency Security Technical Implementation Guides
- CIS Benchmarks - Center for Internet Security hardening guidelines
- OSPP - Common Criteria Operating System Protection Profile
- CUI - Controlled Unclassified Information protection
Key Features:
- π‘οΈ 200-300+ automated security checks per profile
- π― CAT I/II/III severity classification (DISA STIG)
- π€ AI-powered risk analysis and remediation recommendations
- π Multiple report formats (HTML, XML, Markdown)
- β‘ Optional automated remediation (use with caution!)
- π Integration with team notifications
Installation:
# Install OpenSCAP tools (required for SCAP/STIG)
cd scripts
sudo ./install-openscap.sh
# Verify installation
oscap --versionExamples:
# Run CIS Benchmark with AI analysis
sudo ./scan-openscap.sh --profile cis --analyze
# Scan only critical (CAT I) STIG requirements
sudo ./scan-disa-stig.sh --category CAT1 --notify
# Auto-remediate based on SCAP profile (DANGEROUS - test first!)
sudo ./scan-openscap.sh --profile standard --fixSee compliance/README.md for full documentation.
- β Web UI dashboard
- β Integration with Slack/Discord/Teams
- β Multi-server scanning from central location
- β Cloud provider security (AWS/GCP/Azure)
- β Custom rule engine
- β Kubernetes security scanning
- β Database security analysis
- β Compliance framework templates (PCI-DSS, HIPAA, SOC2, GDPR)
- β Malware, virus, and rootkit detection (Linux & Windows)
- β OpenSCAP integration - SCAP security compliance scanning
- β DISA STIG support - DoD/Government security auditing
π 100% Complete + Government/DoD Security Standards!
All major roadmap features implemented including enterprise compliance and government-level security auditing with OpenSCAP and DISA STIG support!
- Installation Guide - Quick installation instructions
- Setup Guide - Comprehensive setup for all platforms
- Security Features - Guide to MFA, OAuth, and more
- Security Score 100/100 - Detailed security breakdown
- Release Notes v3.1.0 - What's new in latest release
- Mobile App Feasibility - Future mobile app development
- Compliance - Compliance frameworks and STIG
- Multi-Server - Manage multiple servers
- Cloud Security - AWS, GCP, Azure scanning
- Windows Support - Windows-specific documentation
We welcome contributions! Please see CONTRIBUTING.md for guidelines.
Ways to contribute:
- π Report bugs
- π‘ Suggest features
- π Improve documentation
- π§ Submit pull requests
- β Star the repository
- π£οΈ Spread the word!
Found a security vulnerability? Please see SECURITY.md for responsible disclosure.
Security Score: 100/100 - See detailed analysis
Please read our Code of Conduct before contributing.
This project is licensed under the MIT License - see the LICENSE file for details.
Making enterprise-grade cybersecurity accessible to everyone.
We believe that security should not be a luxury reserved for corporations with deep pockets. Everyone deserves to be safe online, regardless of technical knowledge or financial resources. This project exists to democratize cybersecurity and help bring down the all-time high data breach rates by giving everyone access to the same defensive capabilities that Fortune 500 companies have.
Open Source. Local AI. Perfect Privacy. Zero Cost.
Star β this repo if you find it useful!
Latest Release: v3.1.1 - Perfect Security Score 100/100 β¨
Made with β€οΈ for the security community