zzjas

zzjas / anypoc

Public

Generates executable Proof-of-Concept for any bug in any project. AI agents discover and reproduce vulnerabilities — verified, not hallucinated.

ai ai-agents bug-hunting bug-reproduction claude-code
10
0
100% credibility
Found May 02, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

AnyPoC uses AI agents to automatically discover software vulnerabilities and generate reproducible proof-of-concept exploits in sandboxed environments for projects like Firefox and OpenSSL.

How It Works

1
🔍 Discover AnyPoC

You hear about a smart helper that finds real software bugs and creates working examples to prove them.

2
🤖 Connect your AI assistant

Tell your friendly AI coding buddy to set up AnyPoC using simple instructions—it handles everything safely.

3
🚀 Pick a project and start hunting

Choose something like Firefox, describe what kind of bugs to look for, and watch your AI start discovering issues automatically.

4
Follow the live dashboard
🐛
New bugs found

Review fresh vulnerability reports with details.

Ready PoCs

Check working proof-of-concepts that crash the software.

5
🔍 Dive into results

Examine bug details, evidence like crash logs, and ready-to-test examples.

🎉 Real bugs confirmed

Celebrate finding genuine vulnerabilities with reproducible proofs—ready to report!

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

# AnyPoC

AI agents discover bugs in any project and generate executable proof-of-concept exploits—verified, not hallucinated.

What it does

Feed it a repo like Firefox or OpenSSL. Pick a strategy: mine git history for fix patterns and scan current code; audit a focused module; review a PR. Agents output structured bug reports, then parallel workers craft reproducible PoCs: inputs, scripts, payloads that crash sanitized builds in Docker. Evidence checker re-runs independently, recording ASan output/backtraces. Python CLI drives it all, agent skills for natural commands.

Prebuilt Docker setups for 15+ OSS heavyweights (Chromium, FFmpeg, Redis, V8, etc.) with sanitizers enabled.

Standout features

- Hunt mode: concurrent bug discovery + PoC generation, backpressure keeps it sane. - Sandboxed execution: crashes stay contained, auto-figures Docker images. - Agent-agnostic: Claude Code or Codex skills, uses your keys. - Dashboard tracks progress, costs, bugs found (130+ claimed across real projects). - Repro-first: rejects untriggerable reports, demands user-reachable paths.

Who it's for

Security researchers auditing C/Rust/JS engines. Teams verifying vulns in deps like FFmpeg/SQLite. Not for quick scans—targets deep, history-based hunts in massive codebases.

Verdict

Breaks new ground: agents that reproduce real vulns with executable codes, dodging hallucinated nonsense. 10 stars and 1.0% credibility scream alpha, but bug tracker/arXiv paper show legs. Docker setup pays off for repeat targets. Worth the agent spend if manual PoCs burn you—else wait for polish.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.