Skip to content

Etive-Mor/language-model-look-kit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

9 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

LπŸ‘€k Kit

Copy the files into your repo, then run the prompt "open and run _look-kit/prompts/prompt-0.orchestrate.md" to get a low-cost first pass security audit of your app.

What is this?

A no-code security research prompt collection. You'll find some markdown files that'll instruct your LLM or Agent to perform a security-focused code review of your app, without breaking the bank. It's not guaranteed to be comprehensive, but it might reveal some hidden issues in your codebase.

The aim of the repository is that it costs less than $25 in tokens to highlight the most obvious security issues in your app. When finished, there'll be a list of task.md files, which describe in a human-readable format what needs looked at as a priority.

Companion blog post: https://www.etive-mor.com/blog/carlini-style-vulnerability-hunting-on-a-budget/

How to use this

  1. Copy the ./prompts directory into your target repository at ./_look-kit/prompts/
  2. Prompt your agent with something like "open and run _look-kit/prompts/prompt-0.orchestrate.md"

What'll be produced?

The results should be a directory at ./_look-kit something like the following:

_look-kit/
β”œβ”€β”€ codeql-results-javascript.sarif
β”œβ”€β”€ codeql-db-csharp/
β”œβ”€β”€ codeql-db-javascript/
└── prompts/
    β”œβ”€β”€ prompt-0.orchestrate.md
    β”œβ”€β”€ prompt-1.origination.md
    β”œβ”€β”€ prompt-2.vulnerability-ranker.md
    β”œβ”€β”€ prompt-3.vulnerability-inspector.md
    β”œβ”€β”€ prompt-prerequisite-0-0.codeql-phase.md
└── _onboarding/
    β”œβ”€β”€ _start.md
    β”œβ”€β”€ agent-task-list.md
    β”œβ”€β”€ api.md
    β”œβ”€β”€ architecture.md
    β”œβ”€β”€ database.md
    β”œβ”€β”€ frontend.md
    β”œβ”€β”€ ops.md
    β”œβ”€β”€ providers.md
    β”œβ”€β”€ search.md
    β”œβ”€β”€ security.md
    └── _security/
        β”œβ”€β”€ _ranking.md
        β”œβ”€β”€ _ranking-files.md
        └── tasks/
            β”œβ”€β”€ task-1.md
            β”œβ”€β”€ task-2.md
            β”œβ”€β”€ ...
            └── task-26.md

In the directories, the interesting stuff is all in ./look-kit/_onboarding/security/tasks/task-{n}.md

Sample output

The files at ./_sample/ are a demonstration output for a faked C# application Bookstore.API.

About

Some markdown files that'll instruct your LLM/Agent to perform a low-cost/low-accuracy security-focused code review of your app

Resources

License

Stars

1 star

Watchers

0 watching

Forks

Contributors