ZackSecurity

ZackSecurity / Zack-AI-Scanner

Public

Zack-AI-Scanner 是一款基于大语言模型的自动化 Web 漏洞扫描工具,作为 Burp Suite 扩展运行。通过 AI 深度学习技术自动分析 HTTP 请求特征,智能识别潜在安全漏洞,动态生成针对性测试Payload,并智能验证漏洞真实性。

19
1
100% credibility
Found Apr 17, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Java
AI Summary

Burp Suite extension that uses AI to analyze HTTP requests, generate targeted tests for common web vulnerabilities, verify findings, and produce reports.

How It Works

1
🕵️‍♂️ Discover the smart scanner

You hear about a helpful tool that uses AI to automatically find web security weaknesses while testing websites.

2
🔧 Add it to your testing app

Load the tool into your web security checker app so it's ready to help spot issues.

3
🤖 Connect a smart AI helper

Link it to an AI service like a thinking brain so it can analyze and suggest tests.

4
🚀 Pick a web request to check

Right-click any captured web interaction and send it for AI-powered scanning – exciting discoveries begin!

5
📊 Watch the magic unfold

See live updates as AI studies the request, tries safe tests, and confirms real problems with high confidence.

6
📋 Review and export results

Check detailed findings, proofs, and explanations in your dashboard.

Share your professional report

Download a beautiful summary report of verified security issues to hand over confidently.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is Zack-AI-Scanner?

Zack-AI-Scanner is a Java-based Burp Suite extension that automates web vulnerability scanning using large language models. Right-click any HTTP request in Burp's Proxy, Repeater, or Target tabs, send it to the scanner, and it analyzes request features to spot potential issues like SQL injection, XSS, or SSRF across 17 vuln types. It generates targeted payloads (with 50% WAF bypass variants), tests them via Burp's engine, verifies results with AI confidence scores over 90%, and exports HTML or Markdown reports.

Why is it gaining traction?

It stands out by leveraging AI for smart payload generation and false-positive reduction, unlike traditional scanners relying on static lists. Burp integration means zero setup—just load the JAR and scan live traffic—while support for 16+ AI providers (OpenAI, Claude, domestic options like Tongyi Qianwen) keeps costs flexible. Real-time logs, task management, and pro reports make it feel like an AI pentest assistant inside your workflow.

Who should use this?

Burp Suite users doing manual pentests or bug bounties who want AI to handle payload brainstorming and verification for web apps. Security researchers testing APIs or forms for injection flaws, file uploads, or logic bugs without scripting custom tests. Teams auditing HTTP endpoints in regulated environments needing auditable, confidence-scored reports.

Verdict

Try it if you're deep in Burp Suite—solid for accelerating scans with AI smarts, despite 19 stars and 1.0% credibility signaling early maturity and thin docs. Polish the config UI and add more evasion tests to hit prime time; right now, it's a clever prototype for patient tinkerers.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.