Welcome back, aspiring cyberwarriors and AI enthusiasts!
AI is stepping up in every aspect of our cybersecurity job: STRIDE-GPT generates threat models and mitigations to them, BruteForceAI helps with password attacks, and LLM-Tools-Nmap conducts reconnaissance. Today is a time to explore AI-powered vulnerability scanning.
In this article, we’ll cover the BugTrace-AI toolkit from installation through advanced usage. We’ll begin with setup and configuration, then explore each of the core analysis tools, including URL analysis, code review, and security header evaluation. Let’s get rolling!
What Is BugTrace-AI?
BugTrace-AI leverages Generative AI to understand context, identify logic flaws, and provide intelligent recommendations that adapt to each unique situation. The tool performs non-invasive reconnaissance and analysis, generating hypotheses about potential vulnerabilities that serve as starting points for manual investigation.
The platform integrates both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) within a single interface. It supports multiple AI models through OpenRouter, including Google Gemini, Anthropic Claude, and many more.
It’s important to recognize that this tool functions as an assistant rather than an automated exploitation tool. Based on that, we should understand that all findings should be deliberately validated.
Step #1: Installation
First of all, we need to clone the repository from GitHub:
kali> git clone https://github.com/yz9yt/BugTrace-AI.git
kali> cd BugTrace-AI
After listing the content of the downloaded directory, we can see the script we need – dockerizer.sh. We need to add execution permissions and launch it.
kali> chmod +x dockerizer.sh
kali> sudo ./dockerizer.sh
At this point, you may encounter an issue with the script, as it is currently incompatible with Docker Compose version 2 at the time of writing. To fix the script, you can manually change it or use the following:
#!/bin/bash
set -e
COMPOSE_FILE="docker-compose.yml"
echo "--- Stopping any previous containers... ---"
docker compose -f "$COMPOSE_FILE" down -v || \
echo "Warning: 'docker compose down' failed. This might be the first run, which is okay."
echo "--- Building and starting the application... ---"
docker compose -f "$COMPOSE_FILE" up --build -d
echo "--- Application is now running! ---"
echo "Access it at: http://localhost:6869"
echo "To stop the application, run: docker compose -f $COMPOSE_FILE down"
# === Try to launch Firefox with checks ===
sleep 3 # Give the container a moment to start
if [ -z "$DISPLAY" ]; then
echo "⚠️ No GUI detected (DISPLAY is not set)."
echo "💡 Open http://localhost:6869 manually in your browser."
elif ! command -v firefox &> /dev/null; then
echo "⚠️ Firefox is not installed."
echo "💡 Install it with: sudo apt install firefox"
else
echo "🚀 Launching Firefox..."
firefox http://localhost:6869 &
fi
After updating the script, you should see the process of building the Docker image and starting the container in detached mode.
After finishing, you can now access BugTrace-AI at http://localhost:6869. You will see the disclaimer similar to the one below.
If you accept it, the app will load the main screen.
Step #2: Configuring API Access
BugTrace-AI requires an OpenRouter API key to function. OpenRouter provides unified access to multiple AI models through a single API, making it ideal for this application. Visit the OpenRouter website at https://openrouter.ai and create an account if you don’t already have one. Navigate to the API keys section and generate a new key.
In the BugTrace-AI interface, click the Settings icon in the header. This opens a modal where you can enter your API key.
Step #3: Understanding the Three Scan Modes
BugTrace-AI offers three URL analysis modes, each designed for different scenarios and authorization levels.
The Recon Scan focuses entirely on passive reconnaissance. It analyzes the URL structure looking for patterns that might indicate vulnerabilities, performs technology fingerprinting using public databases, searches CVE databases for vulnerabilities in identified technologies, and checks public exploit databases like Exploit-DB for available exploits. This mode never sends any traffic to the target beyond the initial page load.
The Active Scan analyzes URL patterns and parameters to hypothesize vulnerabilities. Despite its name, this mode remains “simulated active” because it doesn’t actually send attack payloads. Instead, it uses AI reasoning to identify URL patterns that commonly correlate with vulnerabilities. For example, URLs with parameters named “id” or “user” might be susceptible to SQL injection, while parameters that appear in the page output could be vulnerable to XSS. The AI generates hypotheses about potential vulnerabilities based on these patterns and guides how to test them manually.
The Grey Box Scan combines DAST with SAST by analyzing the page’s live JavaScript code. After loading the target URL, the tool extracts all JavaScript code from the page, including inline scripts and external files. The AI then performs static analysis on this JavaScript, looking for client-side vulnerabilities, hardcoded secrets or API keys, insecure data handling patterns, and client-side logic flaws.
For this exercise, we’ll analyze a web application with the third mode.
The tool generates a report summarizing its findings.
BugTrace-AI highlights possible vulnerabilities and suggests what to test manually based on what it finds. You can also review all results with the Agent, which remembers context so you can ask follow-up questions about earlier findings or how to verify them.
Step #4: Payload Generation Tools
Web Application Firewalls (WAFs) attempt to block malicious requests by detecting attack patterns. The Payload Forge helps bypass WAF protections by generating payload variations using obfuscation and encoding techniques.
The tool generates a few dozen payloads. Each of them includes an explanation of the obfuscation technique used and the specific WAF detection methods it’s designed to evade.
Besides that, BugTrace-AI suggests SSTI payloads and OOB Interaction Helper.
Summary
BugTrace-AI is a next-generation vulnerability scanning tool. Unlike traditional scanners that rely on rule-based detection, BugTrace-AI focuses on understanding the logic and context of its target.
In this article, we installed the tool and tested some of its features. But, this is not a comprehensive guide; BugTrace-AI offers many more capabilities designed to make cybersecurity work easier. We encourage you to install the tool and explore its full potential on your own. Keep in mind that it is not an all-in-one solution, and every finding should be manually verified.
If you want to dive deeper into using AI for hacking, consider checking out AI for Cybersecurity training. This 7-hour video course, led by a Master OTW, is designed to take your understanding and practical use of artificial intelligence to the next level.
Source: HackersArise
Source Link: https://hackers-arise.com/artificial-intelligence-in-cybersecurity-part-7-ai-powered-vulnerability-scanning-with-bugtrace-ai/