Skillget

anypoc

agent
Guvenlik Denetimi
Uyari
Health Uyari
  • License — License: Apache-2.0
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 9 GitHub stars
Code Gecti
  • Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This agent automatically discovers software vulnerabilities and generates reproducible proof-of-concept (PoC) exploits using external AI coding assistants like Claude or Codex.

Security Assessment
Overall Risk: Medium. The tool executes arbitrary shell commands and dynamically creates Docker environments to run potentially malicious code. While this execution is designed to be sandboxed inside Docker containers, relying on the container for isolation carries inherent risks, especially if the Docker setup is misconfigured. The code scan found no dangerous patterns or hardcoded secrets. It does not request dangerous system permissions. Network requests are made to fetch external bug reports and communicate with AI provider APIs. Data remains local, but API prompts and code snippets are sent to third-party AI models.

Quality Assessment
The project is actively maintained, with its most recent update pushed today. It uses the permissive Apache-2.0 license and has a clear, detailed description. However, it currently has very low community visibility with only 9 GitHub stars. This means the codebase has not been broadly reviewed by the security community. The repository references an academic paper and claims to have found over 130 bugs in major projects, which adds a degree of academic credibility.

Verdict
Use with caution — ensure strict Docker isolation and understand the privacy implications of sharing codebases with third-party AI APIs.
SUMMARY

Generates executable Proof-of-Concept for any bug in any project. AI agents discover and reproduce vulnerabilities — verified, not hallucinated.

README.md
AnyPoC

Automatically find and reproduce software vulnerabilities with AI-powered proof-of-concept generation.

arXiv
Bugs Found
Bugs Confirmed
Bugs Fixed

✨ Key Features | 🚀 Setup | 🤖 Using AnyPoC | 📚 How it works | 🙏 Credits

✨ Key Features

  • Real bugs, real PoCs. Findings come with a reproducible Proof-of-Concept — verified, not hallucinated.
  • Sandboxed. Agents auto-figure out the Docker image, so crashing binaries never touch your host.
  • Agent-agnostic. Orchestrates your trusted Claude Code or Codex under the hood.

AnyPoC has found 130+ bugs across large real-world systems like Firefox, OpenSSL, FFmpeg, and more — see the running list here.

🚀 Setup

Clone the repo, then let your coding agent handle the rest:

claude "Setup AnyPoC following setup.md"
# or
codex "Setup AnyPoC following setup.md"

🤖 Using AnyPoC

AnyPoC is designed to be driven by a coding agent like Claude Code or Codex through skills — you describe what you want in natural
language and the skill figures out the right anypoc invocation for you. Under the hood, the skill shells out to your locally installed claude or codex CLI, so it uses whichever account/credentials you've already set up — no separate API key for AnyPoC.

The examples below use Claude Code's /anypoc slash-command syntax. In Codex, use $anypoc instead of /anypoc — everything else is the same.

The first time you run AnyPoC against a project, it will walk you through setting up the project's Docker environment (Dockerfile, source paths, build flags) interactively with your guidance. Subsequent runs reuse that setup.

Generate a PoC for an existing bug report

If you already have a bug report and just want AnyPoC to reproduce it, point the skill at it. The report can be a local file, a URL (issue tracker, advisory, blog post), or just pasted text:

/anypoc generate a PoC for firefox using the bug report at ./reports/spidermonkey-oob-read.md

AnyPoC spins up the project's Docker image, has its analyzer agent confirm the bug is plausible, generates a minimal PoC, and re-runs it from scratch to record the evidence.

Hunt for bugs

AnyPoC can also discover bugs from scratch. Give it a project and a high-level description of what to look for:

/anypoc hunt firefox use the last 6 months of commit history to find memory-safety bugs in SpiderMonkey

This uses the commit-history strategy: the scanner walks git history for bug-fix commits, extracts the underlying patterns, scans the codebase for related vulnerabilities, and streams each bug report into a PoC worker pool — all in one pass.

To view the progress and detected bugs:

/anypoc dashboard

[!NOTE]

We are continuously improving AnyPoC and working on more sophisticated bug scanning. Stay tuned for updates!

Discover more

To find out what AnyPoC can do for you (setup a new project, find bugs without PoCs, retry a specific PoC, launch the dashboard, check status...):

/anypoc help

📚 How it works

Scanner — how bugs are discovered

The scanner is the "find" half of AnyPoC. It accepts one of three strategies and produces structured bug reports:

  • history — Mines git log for bug-fix commits within a time range, extracts the underlying vulnerability patterns, then scans the current codebase for code that looks similar to the pre-fix versions. Best when you want breadth and don't know where to look.
  • focused — Takes a natural-language description of what to audit (a file, a module, a feature, a class of bug) and drives an LLM session scoped to that area. Best when you already have a hypothesis.
  • commit-pr — Reviews a single commit or pull request for bugs introduced by the change. Best for pre-merge review or post-mortem of a specific change.

Each strategy emits BugReports incrementally, so downstream consumers (PoC generation, the dashboard) can start working before the scan is finished.

PoC generation — how bugs are reproduced

PoC generation is the "reproduce" half. For each bug report it runs a three-stage pipeline inside a project-specific Docker container:

  1. Analysis — An analyzer agent reads the report plus the relevant source and decides whether the bug is real or a false positive. Reports rejected here never consume PoC-generation budget.
  2. Generation — A generator agent crafts a minimal proof-of-concept (crafted input, standalone program, script, …) following the project's poc_gen.md guidance, iterating against the target binary until it triggers the bug.
  3. Evidence checking — An independent agent re-runs the PoC from scratch to confirm reproduction and records the evidence (sanitizer output, crash backtrace, unexpected output) against the project's oracle rules.

In hunt mode the scanner and a bounded PoC worker pool run concurrently: as reports are emitted they're dispatched to workers, with backpressure pausing the scanner at safe session boundaries when the pool is saturated.

CLI reference — if you'd rather use anypoc directly and compose commands yourself

Dashboard

anypoc dashboard

Then open http://localhost:8501 in your browser.

Finding Bugs

The pipeline has four steps:

Step 1: Generate Sources 📥

Extract potential vulnerability patterns from the project's commit history:

anypoc scan source commits \
  -p firefox \
  --time-range "from 2024-01-01 to 2024-12-31" \
  --description "memory errors; integer overflow; buffer overflow"

Step 2: Extract Patterns 🧩

Analyze those sources to create bug patterns:

anypoc scan pattern -p firefox

Step 3: Scan for Bugs 🐛

Scan the codebase looking for similar vulnerabilities:

anypoc scan bug -p firefox

Step 4: Generate POCs 💥

Automatically generate proof-of-concept exploits:

anypoc poc run firefox

Check progress:

anypoc poc status firefox

Adding a New Project (manual)

1. Initialize your project

anypoc project init myproject

This creates a project folder with everything you need:

projects/myproject/
├── Dockerfile         # How to build the target
├── paths.md           # Where to find source code & binaries
└── prompts/           # Custom prompts for poc generation (optional)

2. Configure the Dockerfile

Edit projects/myproject/Dockerfile to:

  • Clone or copy the source code
  • Install any dependencies
  • Build with sanitizers (ASan, UBSan, etc.) for better bug detection

3. Set up paths

Edit projects/myproject/paths.md to tell the system where to find the source code and binaries inside the container.

4. Build the Docker images

anypoc project build myproject

5. Start hunting

anypoc scan source commits -p myproject --time-range "last 6 months"
anypoc scan pattern -p myproject
anypoc scan bug -p myproject
anypoc poc run myproject

🙏 Credits

If AnyPoC helped you find/confirmed bugs, please open an issue to tell us about them so we can keep track of bugs found by AnyPoC.

If your research paper uses AnyPoC, please cite:

@article{zhao2026anypoc,
  title={AnyPoC: Universal Proof-of-Concept Test Generation for Scalable LLM-Based Bug Detection},
  author={Zhao, Zijie and Yang, Chenyuan and Wang, Weidong and Yang, Yihan and Zhang, Ziqi and Zhang, Lingming},
  journal={arXiv preprint arXiv:2604.11950},
  year={2026}
}

Thanks to:

Yorumlar (0)

Sonuc bulunamadi