Projects

Security tools and research projects I've built

SecLoop

Autonomous security scanner & auto-fixer using the Ralph Loop pattern - an iterative LLM loop that scans, fixes, and verifies until clean. Supports Python, Node.js, Go, Rust, and Ruby ecosystems. Found CVE-2025-68428 in Apache Superset.

Key Features

  • Dependency CVE scanning (pip-audit, npm audit, cargo-audit)
  • Secret detection with gitleaks
  • SAST analysis with semgrep and bandit
  • LLM-powered auto-fix with iterative verification
PythonClaude AIpip-auditsemgrepgitleaksSecurity Scanner

LLM-Powered Threat Modeling

A self-serve threat modeling platform that uses LLMs to analyze system designs and generate comprehensive security threat assessments using the STRIDE methodology. Import JIRA tickets, upload PRDs and architecture diagrams, and get actionable remediation steps with priority and effort estimates.

Key Features

  • STRIDE-based threat categorization
  • Risk scoring with likelihood × impact
  • JIRA integration for context
  • Export to Markdown and JSON
ReactTypeScriptViteOpenAIClaudePostgreSQLHonoDrizzle ORM

Info Disclosure Scanner

AI-powered security scanner that detects sensitive information leakage in web applications using Claude AI. Scans 50+ risky paths, checks security headers, analyzes JavaScript files, and categorizes findings by severity.

Key Features

  • 50+ risky path checks
  • Security header analysis
  • Severity categorization (High/Medium/Low)
  • HTML and Markdown reports
PythonClaude AIffufDockerSecurity Scanner

AttackTree

AI-powered threat modeling application that automatically generates comprehensive attack trees based on attacker objectives. Includes 6 pre-built scenarios covering credential theft, authorization bypass, financial fraud, DoS, and more.

Key Features

  • AI-generated attack trees
  • Defense recommendations
  • OWASP Top 10 mapping
  • Export to Markdown and JSON
PythonFastAPIGroqLlama 3.1Docker