Gemma4 Source Code Pentest - Offline local environment
Good for recon & basic vulnerabilities
I recommend using this tool if you don’t have Claude or if you need to perform penetration testing in an offline environment. This tool saves me time.
Run this tool 5 times for 1 path in order to make sure the AI will find all the potential vulnerabilities.
python main.py /path
1. make sure ollama is installed (recommended to add to the PATH)
2. make sure you have the "ollama" python package installed (pip install ollama)
3. make sure you have the model gemma4 installed (ollama pull gemma4)
The code works in 4 steps:
- Each file at a path being learned by the AI, and then the AI takes relevant parts from the file, writes explanations for each one of them, and adds this data to a python string - a string that will contain also all the other data of the other files.
- AI gets the python string from part 1 that contains information about all the files and their explanations - and finds security vulnerabilities
- AI writes things that require future human research
- AI writes false positives that he thought were security vulnerabilities, but later did not consider valid and did not add to the list at step 2.