416rehman

416rehman / deepzero

Public

Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of Windows kernel drivers for exploitable IOCTLs natively using AI agents.

ai ai-agents automated-analysis cybersecurity deep-agents
17
5
100% credibility
Found Apr 07, 2026 at 17 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

DeepZero is an AI-driven tool that automatically scans large collections of Windows kernel driver files to identify potential zero-day vulnerabilities through triage, decompilation, pattern matching, and expert AI assessment.

How It Works

1
🔍 Discover DeepZero

You stumble upon an exciting blog post about automatically uncovering hidden security flaws in everyday computer drivers.

2
📥 Get the Tool Ready

Download the free analyzer and set up a few basic helpers on your computer, like a file examiner and an AI thinker.

3
⚙️ Share Locations

Simply note down where your file examiner and AI service are on your machine so the tool knows where to find them.

4
📁 Gather Driver Files

Collect a folder full of driver files from your downloads or packs, ready for scanning.

5
🚀 Start the Hunt

With one easy go, launch the analyzer on your folder—it quickly sorts thousands of files and deeply checks the promising ones overnight.

6
Watch Progress

Keep an eye on the friendly updates as it triages safe ones, examines suspects, and consults the AI for final verdicts.

📊 Review Reports

Wake up to clear reports flagging dangerous drivers with details on flaws, so you know exactly what's vulnerable and safe.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 17 to 17 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is deepzero?

DeepZero automates zero-day hunting in Windows kernel drivers, triaging thousands of .sys files for user-reachable IOCTLs, decompiling them with Ghidra, scanning for vuln patterns via Semgrep, and assessing exploits with AI agents on Vertex AI's Gemini. Built in Python, it runs overnight on driver packs—point the CLI at a directory like `byovd "C:\Drivers"`, and get VULNERABLE_report.md or SAFE_report.md files with detailed reasoning. Answers "can AI find zero days?" by slashing manual reverse engineering time.

Why is it gaining traction?

It skips known vulns via LOLDrivers integration, caches aggressively for crash-proof runs, and filters false positives before hitting pricey LLM calls—users see high throughput on standard hardware without babysitting. The agentic AI deep dive on Semgrep hits stands out, generating PoC strategies where tools like BinSkim or basic fuzzers fall short. Developers dig the "find zero days while you sleep" hook for scaling "how do hackers find zero days" workflows.

Who should use this?

Kernel researchers auditing BYOVD chains in red team ops, security firms scanning vendor driver packs for enterprise defense, or pentesters probing signed drivers for privilege escalation primitives. Ideal for those grinding SDIO extracts or custom .sys bins, not casual web devs.

Verdict

Promising prototype for authorized vuln research (17 stars, solid README), but 1.0% credibility signals early-stage risks—test on samples first, as Ghidra deps and API costs add setup friction. Grab it if you're serious about AI-automated driver hunting; skip for production without more battle scars.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.