DeepAudit
by
lintsinghua

Description: DeepAudit:人人拥有的 AI 黑客战队,让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行,自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ,一键生成报告。支持中转站。​让安全不再昂贵,让审计不再复杂。

View on GitHub ↗

Summary Information

Updated 2 hours ago
Added to GitGenius on December 22nd, 2025
Created on September 19th, 2025
Open Issues & Pull Requests: 90 (+0)
Number of forks: 814
Total Stargazers: 6,596 (+2)
Total Subscribers: 66 (+0)

Issue Activity (beta)

Open issues: 85
New in 7 days: 1
Closed in 7 days: 0
Avg open age: 44 days
Stale 30+ days: 80
Stale 90+ days: 65

Recent activity

Opened in 7 days: 1
Closed in 7 days: 0
Comments in 7 days: 0
Events in 7 days: 0

Top labels

  • enhancement (5)
  • bug (4)
  • help wanted (3)
  • good first issue (1)

Most active issues this week

No issue events were indexed in the last 7 days.

Repository Insights (GitGenius)

Median issue/PR response: 0.6 hours
Mean response time: 2.0 days
90th percentile: 3.1 days
Tracked items: 153

Most active contributors

Detailed Description

DeepAudit is an open-source multi-agent system for automated code vulnerability detection and security auditing, developed by lintsinghua. Written primarily in Python with TypeScript and React components for the frontend, the project aims to democratize security auditing by making vulnerability discovery accessible to non-specialists through a one-click deployment model. The system is positioned as China's first open-source code vulnerability mining multi-agent system, emphasizing ease of use and automation.

The repository implements a multi-agent architecture where autonomous agents collaborate to conduct code audits. The system supports integration with Ollama for private deployment, eliminating dependency on external API services. Users can paste code snippets or upload files for immediate analysis, with results generated in seconds. The platform provides real-time visibility into agent reasoning and execution processes through audit flow logs, allowing users to observe how the system thinks through security problems. A dashboard interface displays project security posture at a glance, and the system supports importing projects from GitHub, GitLab, and Gitea for multi-project collaborative management.

A key feature is automated sandbox proof-of-concept verification, which validates discovered vulnerabilities without manual intervention. The system can generate professional security reports in multiple formats including PDF, Markdown, and JSON with a single command. The platform also supports relay station functionality for network flexibility.

According to GitGenius activity tracking, the repository shows strong engagement with a median issue and pull request response latency of 0.6 hours and a mean latency of 48.0 hours across 153 tracked items. The primary maintainer lintsinghua has logged 391 events, with secondary contributors vindia1024 and yihua1024 each contributing 8 events. The most frequently used issue labels are enhancement with 5 occurrences, bug with 4 occurrences, and help wanted with 3 occurrences, indicating active development and community engagement. The repository shares overlapping contributors with langgenius/dify, projectdiscovery/nuclei-templates, and clash-verge-rev/clash-verge-rev.

The closed-source version of DeepAudit has demonstrated significant real-world impact, discovering 49 CVE identifiers and 6 GHSA security advisories across 17 known open-source projects. Notably, the system identified 6 vulnerabilities in the OpenClaw project, all confirmed and published as security advisories by the project maintainers. These vulnerabilities span multiple severity levels and include command injection, signature verification bypass, remote code execution, credential exposure, resource exhaustion, and sensitive information disclosure, with several rated as high severity.

The project is classified by GitGenius across multiple domains including deep learning, model auditing, explainable AI, interpretability, bias detection, trustworthiness, model analysis, AI transparency, machine learning, and model evaluation, reflecting the sophisticated AI techniques underlying the vulnerability detection system. The repository covers topics spanning AI, bug detection, code audit, code quality, code review, developer tools, DevSecOps, Google Gemini, LLM, SAST, security scanning, and vulnerability scanning, positioning it as a comprehensive security analysis platform leveraging modern language models and agent-based reasoning.

DeepAudit
by
lintsinghualintsinghua/DeepAudit

Repository Details

Fetching additional details & charts...