### Example Apt Get Install Command
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet shows an apt-get install command that mantishack-sca recognizes when parsing inline install sources.
```bash
apt-get install -y curl
```
--------------------------------
### Example Dockerfile Inline Install
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet shows how mantishack-sca parses inline installation commands within Dockerfiles.
```dockerfile
FROM ubuntu:latest
RUN apt-get update && apt-get install -y curl
RUN curl -fsSL https://example.com/install.sh | bash
```
--------------------------------
### Scenario: General Help
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md
Example command to get help securing an application using MANTISHACK.
```plaintext
/mantishack - help me secure my application
```
--------------------------------
### Example Gem Install Command
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet shows a gem install command that mantishack-sca recognizes when parsing inline install sources.
```bash
gem install rails
```
--------------------------------
### Example Fuzzing Workflow
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/FUZZING_QUICKSTART.md
Demonstrates a typical workflow for fuzzing a binary with MantiHack, starting with a quick smoke test and progressing to deeper goal-directed analysis.
```bash
python3 mantishack_fuzzing.py \
--binary ./target_app \
--duration 300 \
--autonomous \
--max-crashes 5
```
```bash
python3 mantishack_fuzzing.py \
--binary ./target_app \
--duration 3600 \
--autonomous \
--goal "find heap overflow" \
--parallel 4 \
--max-crashes 20
```
```bash
ls out/fuzz_*/autonomous_corpus/ # View generated seeds
cat out/fuzz_*/fuzzing_report.json # Summary report
ls out/fuzz_*/analysis/exploits/ # Generated exploits
```
--------------------------------
### Run SAGE Setup Script
Source: https://github.com/deonmenezes/mantishack/blob/main/core/sage/docs/SAGE_INTEGRATION.md
Execute the setup script to configure SAGE integration. This script handles SDK verification, MCP configuration, Docker setup, knowledge seeding, and agent registration.
```bash
libexec/mantishack-sage-setup
```
--------------------------------
### Example Npm Install Command
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet shows an npm install command that mantishack-sca recognizes when parsing inline install sources.
```bash
npm install lodash
```
--------------------------------
### Example Python Pip Install Command
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet shows a pip install command that mantishack-sca recognizes when parsing inline install sources.
```bash
pip install requests
```
--------------------------------
### Example Cargo Install Command
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet shows a cargo install command that mantishack-sca recognizes when parsing inline install sources.
```bash
cargo install ripgrep
```
--------------------------------
### Example .NET Project File
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet is an example of a .csproj file for a .NET project, which mantishack-sca scans for package references.
```xml
Exe
net6.0
```
--------------------------------
### Install Mantishack Manually
Source: https://github.com/deonmenezes/mantishack/blob/main/README.md
Follow these steps to clone the repository, install Python dependencies, and set up required tools like Claude Code and Semgrep for manual installation.
```bash
git clone https://github.com/deonmenezes/mantishack.git
cd mantishack
pip install -r requirements.txt
npm install -g @anthropic-ai/claude-code
pip install semgrep
claude
```
--------------------------------
### Install SAGE Agent SDK and httpx
Source: https://github.com/deonmenezes/mantishack/blob/main/requirements.txt
Install the SAGE agent SDK and httpx for SAGE persistent memory functionality.
```bash
pip install sage-agent-sdk==6.6.5 httpx==0.28.1
```
--------------------------------
### Example Security Scan Workflow
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_USAGE.md
Demonstrates an interactive workflow starting with a /scan command, followed by analysis and user choices for remediation.
```bash
User: /scan
Claude: [Python executes mantishack.py scan]
[Scan completes]
Results: 15 vulnerabilities found
Analyzing with adversarial thinking:
- 2 Secrets (instant compromise) - REVIEW FIRST
- 5 SQLi (database access) - REVIEW SECOND
- 3 Auth issues (broken access control) - REVIEW THIRD
- 5 Config issues - REVIEW LAST
What next?
1. Deep - Analyze top findings
2. Fix - Apply patches/improve exploits
3. Generate report - Export results
4. Retry - Different parameters
5. Done - Finish
Your choice? [1-5]
User: 2
Claude: Reviewing Python-generated patches...
Found 2 template patches. Using Patch Engineer persona to create actual fixes...
✓ All patches now production-ready
Apply patches? [Y/n]
User: Y
Claude: [Applies patches using Edit tool]
✓ Patches applied successfully
Run /scan again to verify fixes? [Y/n]
```
--------------------------------
### MANTISHACK Setup in Claude Code
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md
Steps to set up MANTISHACK within Claude Code, including cloning the repo, installing dependencies, and configuring LLM access.
```bash
# 1. Clone and open in Claude Code
git clone https://github.com/gadievron/raptor.git
cd mantishack
claude
# 2. Let Claude handle setup
"Install Python packages from requirements.txt"
"Install semgrep" # External tool
# 3. Set up LLM (choose one)
"Set my ANTHROPIC_API_KEY to [your-key]" # Cloud (best quality)
# OR
"Install Ollama and pull deepseek-r1 model" # Local/free
# 4. Start using MANTISHACK
/scan - Scan code for vulnerabilities
/fuzz - Fuzz binaries (asks to install AFL++ if needed)
/web - Test web applications
```
--------------------------------
### Example Dotnet Add Package Command
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet shows a dotnet add package command that mantishack-sca recognizes when parsing inline install sources.
```bash
dotnet add package Newtonsoft.Json
```
--------------------------------
### Install SAGE SDK
Source: https://github.com/deonmenezes/mantishack/blob/main/core/sage/docs/SAGE_INTEGRATION.md
Install the necessary Python packages for SAGE integration. This includes the SDK and httpx for HTTP requests.
```bash
pip install sage-agent-sdk httpx
```
--------------------------------
### Example Go Module File
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet is an example of a go.mod file for a Go project, which mantishack-sca scans for module dependencies.
```go
module example.com/my-go-app
go 1.18
require (
r) github.com/gin-gonic/gin v1.8.1
)
```
--------------------------------
### Example Dataflow Analysis Prompt
Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/PHASE2_OVERVIEW.md
This prompt guides an LLM to analyze a CodeQL dataflow path, assessing sanitizer effectiveness, bypass possibilities, and attack complexity.
```plaintext
You are analyzing a dataflow path:
SOURCE: User input from HTTP parameter
LoginController.java:45
STEP 1: Passes through validation
InputValidator.java:23
SINK: SQL query execution
UserDAO.java:78
SANITIZERS: Basic input validation
Determine:
1. Can the sanitizer be bypassed?
2. Is this truly exploitable?
3. What's the attack complexity?
```
--------------------------------
### Install MANTISHACK Framework
Source: https://github.com/deonmenezes/mantishack/blob/main/requirements.txt
Install the MANTISHACK framework and its core dependencies using pip.
```bash
pip3 install -r requirements.txt
```
--------------------------------
### Install Optional LLM Provider SDKs
Source: https://github.com/deonmenezes/mantishack/blob/main/requirements.txt
Install SDKs for various LLM providers to enable external LLM support. Choose the SDK that matches your provider.
```bash
pip install openai # OpenAI, Gemini (via shim), Mistral, Ollama
```
```bash
pip install anthropic # Anthropic Claude (native structured output)
```
```bash
pip install google-genai # Google Gemini (native SDK, accurate thinking token costs)
```
--------------------------------
### Install Graphviz on Ubuntu/Debian
Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/DATAFLOW_VISUALIZATION.md
Install the Graphviz package using apt-get on Ubuntu or Debian systems.
```bash
# Ubuntu/Debian
sudo apt-get install graphviz
```
--------------------------------
### Install Optional Dataflow Visualization Tool
Source: https://github.com/deonmenezes/mantishack/blob/main/requirements.txt
Install the tabulate package for enhanced dataflow visualization, which is recommended for better analysis.
```bash
pip install tabulate==0.10.0
```
--------------------------------
### Audit Budget CLI Examples
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sandbox.md
Examples of how to configure the audit budget via the command-line interface for different diagnostic needs. Adjust the budget value based on workload requirements.
```bash
mantishack scan target/ --sandbox full --audit # default 10000
mantishack scan target/ --sandbox full --audit --audit-budget 100 # quick diag
mantishack scan target/ --sandbox full --audit --audit-verbose --audit-budget 50000 # long run
```
--------------------------------
### Install GDB
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/FUZZING_QUICKSTART.md
Installs the GNU Debugger (GDB). Use the command suitable for your OS (macOS or Ubuntu).
```bash
# macOS
brew install gdb
# Ubuntu
sudo apt install gdb
```
--------------------------------
### Install Optional Rich Inventory Metadata Tools
Source: https://github.com/deonmenezes/mantishack/blob/main/requirements.txt
Install packages for enhanced metadata handling, including decorators, annotations, and typed parameters.
```bash
pip install tree-sitter tree-sitter-python tree-sitter-java tree-sitter-javascript tree-sitter-c tree-sitter-go
```
--------------------------------
### Install Z3 SMT Solver
Source: https://github.com/deonmenezes/mantishack/blob/main/README.md
Command to install the Z3 SMT solver library, which is optional but enhances Mantishack's analysis results.
```bash
pip install z3-solver
```
--------------------------------
### Example Java Maven POM File
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet is an example of a pom.xml file for a Java project using Maven, which mantishack-sca scans.
```xml
4.0.0
com.example
my-app
1.0-SNAPSHOT
junit
junit
4.13.2
test
```
--------------------------------
### Verify Mantishack Installation and Components
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/ARCHITECTURE.md
Commands to verify the installation of the main Mantishack launcher and its individual components, including static analysis, CodeQL, LLM analysis, and full workflows.
```bash
# Test main launcher
python3 mantishack.py
# Test static analysis
python3 packages/static-analysis/scanner.py --help
# Test CodeQL
python3 mantishack_codeql.py --help
# Test LLM analysis
python3 packages/llm_analysis/agent.py --help
# Test full workflows
python3 mantishack_agentic.py --help
python3 mantishack_fuzzing.py --help
```
--------------------------------
### Patch Output Diff Example
Source: https://github.com/deonmenezes/mantishack/blob/main/tiers/personas/patch_engineer.md
An example of the expected patch output format, including a diff, comments explaining the fix, and vulnerability type reference. Include clear diff format, comments explaining the fix, reference to vulnerability type, and testing recommendations.
```diff
--- vulnerable_file.py (original)
+++ vulnerable_file.py (patched)
@@ -45,3 +45,4 @@
def login(username, password):
- query = f"SELECT * FROM users WHERE name='{username}'"
+ # Fixed: Use parameterized query to prevent SQL injection
+ query = "SELECT * FROM users WHERE name=?"
+ cursor.execute(query, (username,))
```
--------------------------------
### Usage Examples for Dependency Scan
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/EXTENDING_LAUNCHER.md
Demonstrates how to execute the dependency scan mode from the command line and access help information.
```bash
# Run dependency scan
python3 mantishack.py depscan --repo /path/to/code
# Get help
python3 mantishack.py help depscan
```
--------------------------------
### MantiHack CodeQL CLI Usage Example
Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/PHASE2_OVERVIEW.md
Demonstrates how to run MantiHack CodeQL in fully autonomous mode using the command-line interface, specifying the repository path.
```bash
# Fully autonomous (zero configuration)
python3 mantishack_codeql.py --repo /path/to/code
```
--------------------------------
### Scenario: Find Binary Bugs
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md
Example command to fuzz a binary for a specified duration using MANTISHACK.
```plaintext
/mantishack-fuzz - fuzz ./myapp for 30 minutes
```
--------------------------------
### Static Analysis Scanner CLI Example
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/ARCHITECTURE.md
Demonstrates how to run the static analysis scanner package from the command line, specifying the repository path, policy groups, and output directory.
```bash
python3 packages/static-analysis/scanner.py \
--repo /path/to/code \
--policy_groups secrets,owasp \
--output /path/to/output
```
--------------------------------
### Patch Example: MD5 vs. SHA-256
Source: https://github.com/deonmenezes/mantishack/blob/main/tiers/personas/exploit_developer.md
Demonstrates how to correctly apply a patch by showing the actual code change for replacing MD5 with SHA-256.
```diff
- digest = MessageDigest.getInstance("MD5");
+ digest = MessageDigest.getInstance("SHA-256");
```
--------------------------------
### Scanner.py Help Text Example
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/ARCHITECTURE.md
Demonstrates how to use the --help flag for the static analysis scanner to understand its arguments and usage.
```bash
$ python3 packages/static-analysis/scanner.py --help
MANTISHACK Static Analysis Scanner
Scans code using Semgrep with configurable policy groups.
Required Arguments:
--repo PATH Path to repository to scan
Optional Arguments:
--policy_groups STR Comma-separated policy groups (default: all)
--output PATH Output directory (default: auto-generated)
Examples:
# Scan with all policy groups
python3 scanner.py --repo /path/to/code
# Scan specific policy groups
python3 scanner.py --repo /path/to/code --policy_groups secrets,owasp
```
--------------------------------
### Example Composer Require Command
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet shows a composer require command that mantishack-sca recognizes when parsing inline install sources.
```bash
composer require monolog/monolog
```
--------------------------------
### CodeQL Pack Structure Example
Source: https://github.com/deonmenezes/mantishack/blob/main/packages/llm_analysis/codeql_packs/README.md
Illustrates the directory layout for a CodeQL pack, including the qlpack.yml, codeql-pack.lock.yml, and the Mantishack/LocalFlowSource.qll library.
```yaml
-queries/
├── qlpack.yml — depends on codeql/-all: "*"
├── codeql-pack.lock.yml — committed; deps pinned for reproducibility
├── Mantishack/
│ └── LocalFlowSource.qll — selects threat-model sources
└── Security/
├── CWE-022/PathTraversalLocal.ql
├── CWE-078/CommandInjectionLocal.ql
└── ...
```
--------------------------------
### Run CodeQL Analysis with Caching
Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/README.md
Demonstrates the difference in execution time between the first run and a subsequent run when caching is utilized. The first run creates the database, while the second run leverages the cache for faster analysis.
```bash
# First run
python3 packages/codeql/agent.py --repo /path/to/code
# Database created: 8.3 minutes
# Second run (cache hit)
python3 packages/codeql/agent.py --repo /path/to/code
# ✓ Using cached database for java (0.2 seconds)
# Total time: 2.1 minutes (just query execution)
```
--------------------------------
### Install MANTISHACK Dependencies
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/README.md
Installs the necessary Python dependencies and static analysis tools for MANTISHACK. Ensure you have Python 3.10+ and Git installed.
```bash
# Clone repository
git clone
cd MANTISHACK-daniel-modular
# Install Python dependencies
pip3 install anthropic openai requests beautifulsoup4 pwntools tabulate
# Install static analysis tools
pip3 install semgrep
# Download and configure CodeQL
# See: https://codeql.github.com/docs/codeql-cli/getting-started-with-the-codeql-cli/
# Install AFL++ (for binary fuzzing)
brew install afl++ # macOS
# OR
sudo apt install afl++ # Ubuntu
# Install GDB (for crash analysis)
brew install gdb # macOS
# OR
sudo apt install gdb # Ubuntu
# Verify installation
python3 mantishack_agentic.py --help
python3 mantishack_fuzzing.py --help
```
--------------------------------
### Analyze Java Maven Project
Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/README.md
Example of running CodeQL analysis on a Java project using Maven. Shows expected output including detected language, build system, database creation time, and findings.
```bash
python3 packages/codeql/agent.py \
--repo /Users/daniel/O365/CSR/Code/CodeQL-Crypto-Research/GHUniverse/acme-access-main
# Output:
# ✓ Detected java (confidence: 0.92)
# ✓ Detected Maven build system
# ✓ Created database (5.2 minutes)
# ✓ Analysis completed: 12 findings
# SARIF: out/codeql_acme-access-main_20250114_123456/codeql_java.sarif
```
--------------------------------
### Install Python Dependencies for Mantishack
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/ARCHITECTURE.md
Installs all Python dependencies required for the Mantishack project using pip and a requirements file. Alternatively, individual packages can be installed.
```bash
git clone
cd mantishack
pip install -r requirements.txt
# Or install manually:
pip install semgrep anthropic openai instructor requests beautifulsoup4
```
--------------------------------
### Analyze Multi-Language Repository
Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/README.md
Example of running CodeQL analysis on a repository containing multiple programming languages. Demonstrates parallel database creation and aggregated findings.
```bash
python3 packages/codeql/agent.py --repo /path/to/fullstack-app
# Output:
# ✓ Detected python (confidence: 0.85)
# ✓ Detected javascript (confidence: 0.78)
# ✓ Detected java (confidence: 0.91)
# ✓ Created 3 databases in parallel
# ✓ Analysis completed: 47 findings total
```
--------------------------------
### Install AFL++
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/FUZZING_QUICKSTART.md
Commands to install AFL++ on macOS and Ubuntu systems.
```bash
# Install AFL++
brew install afl++ # macOS
sudo apt install afl++ # Ubuntu
```
--------------------------------
### Structured Exploitation Paths Example
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/exploitability-validation-integration.md
Demonstrates the JSON structure for exploitation paths, pairing techniques with binary targets.
```json
{
"exploitation_paths": [
{"technique": "heap metadata corruption via double-free", "target": "GOT[exit] @ 0x28570"},
{"technique": "GOT overwrite via heap metadata corruption", "target": "GOT[_ex_deregister] @ 0x28aa0"}
]
}
```
--------------------------------
### Example Ruby Gemfile
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet is an example of a Gemfile for a Ruby project, which mantishack-sca parses for gem dependencies.
```ruby
source 'https://rubygems.org'
gem 'rails', '~> 7.0.0'
gem 'pg', '~> 1.0'
```
--------------------------------
### Binary Fuzzing Natural Language Examples
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md
Examples of natural language prompts for fuzzing binaries with MANTISHACK.
```plaintext
/fuzz - fuzz this binary
/fuzz - test ./myapp for 5 minutes
/fuzz - find crashes in /usr/local/bin/myapp
```
--------------------------------
### Mantishack Project Setup and Scan
Source: https://github.com/deonmenezes/mantishack/blob/main/README.md
Commands to create a project, set it as active, map the attack surface, and initiate an agentic scan. The agentic scan includes Semgrep and CodeQL, audit lanes, and validation.
```bash
/mantis-project create myapp --target /path/to/code # create a project first
/mantis-project use myapp # set it as active
/mantis-understand --map # map the attack surface
/mantis-agentic # scan, audit, validate, exploit, patch
/mantis-project findings # review everything in one place
```
--------------------------------
### Install Graphviz on macOS
Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/DATAFLOW_VISUALIZATION.md
Install the Graphviz package using Homebrew on macOS to enable DOT file rendering.
```bash
# macOS
brew install graphviz
```
--------------------------------
### Build CodeQL Databases for Multiple Languages
Source: https://github.com/deonmenezes/mantishack/blob/main/packages/llm_analysis/tests/fixtures/iris_e2e_multilang/README.md
Commands to create CodeQL databases for JavaScript, Java, Go, and C fixtures. For Java and C, specific compilation commands are included.
```bash
codeql database create /tmp/iris-js --language=javascript --source-root=js --overwrite
```
```bash
codeql database create /tmp/iris-java --language=java --source-root=java --command="javac CmdInj.java" --overwrite
```
```bash
codeql database create /tmp/iris-go --language=go --source-root=go --overwrite
```
```bash
codeql database create /tmp/iris-c --language=cpp --source-root=c --command="gcc -c cmd_inj.c -o /tmp/cmd_inj.o" --overwrite
```
--------------------------------
### Install AFL++
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/FUZZING_QUICKSTART.md
Installs AFL++ fuzzing tool. Use the appropriate command for your operating system (macOS or Ubuntu/Debian).
```bash
# macOS
brew install afl++
# Ubuntu/Debian
sudo apt install afl++
# Verify installation
which afl-fuzz
```
--------------------------------
### Example Rust Cargo.toml File
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet is an example of a Cargo.toml file for a Rust project, which mantishack-sca parses for dependencies.
```toml
[package]
name = "my-rust-app"
version = "0.1.0"
edition = "2021"
[dependencies]
serde = { version = "1.0", features = ["derive"] }
```
--------------------------------
### Expert Persona Usage Examples
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_USAGE.md
Examples of how to invoke expert personas for specific tasks. These personas are loaded on-demand.
```bash
"Use exploit developer persona to create PoC for finding #42"
"Use crash analyst persona to analyze this crash"
"Use fuzzing strategist persona to recommend AFL parameters"
```
--------------------------------
### Command-Based Input Detection Example
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/FUZZING_QUICKSTART.md
Illustrates binary analysis output when detecting commands and wrapping seeds, showing generated counts.
```text
[INFO] Detected command: STACK
[INFO] Detected command: HEAP
[INFO] Detected command: UAF
[INFO] Detected command: JSON
[INFO] Detected command: XML
[INFO] Binary analysis complete: 5 formats, 8 commands detected
[INFO] Wrapping basic seeds with 8 detected commands
[INFO] Generated 96 basic seeds (12 × 8 commands)
[INFO] Wrapping goal-directed seeds with STACK command
[INFO] Generated 5 goal-directed seeds
```
--------------------------------
### Web Testing Natural Language Examples
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md
Examples of natural language prompts for testing web applications with MANTISHACK.
```plaintext
/web - test my website
/web - scan https://localhost:3000 for XSS
/web - check this app for OWASP Top 10
```
--------------------------------
### Create CodeQL Database for OWASP Benchmark Java
Source: https://github.com/deonmenezes/mantishack/blob/main/core/dataflow/corpus/SOURCES.md
Creates a CodeQL database for the OWASP Benchmark Java project, used for security analysis.
```bash
# 1. Clone (see above)
# 2. Build CodeQL DB (the build hits Maven, takes ~3-5 minutes)
codeql database create /tmp/owasp-codeql-db \
--language=java \
--command="mvn -B -DskipTests clean package" \
--source-root=out/dataflow-corpus-fixtures/owasp-benchmark-java \
--overwrite
```
--------------------------------
### Run CodeQL Analysis with Agent
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/ARCHITECTURE.md
Execute the CodeQL analysis agent with specified repository, language, and output path. Ensure the CodeQL CLI is installed.
```bash
python3 packages/codeql/agent.py \
--repo /path/to/code \
--language python \
--output /path/to/output
```
--------------------------------
### Code Scanning Natural Language Examples
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md
Examples of natural language prompts for scanning source code with MANTISHACK.
```plaintext
/scan - scan this directory
/scan - find secrets in my code
/scan - check for SQL injection vulnerabilities
```
--------------------------------
### Install Python Dependencies
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/FUZZING_QUICKSTART.md
Installs necessary Python libraries for MANTISHACK, including libraries for network requests and LLM providers.
```bash
pip3 install requests anthropic openai pwntools
```
--------------------------------
### Compile and Analyze CodeQL Queries
Source: https://github.com/deonmenezes/mantishack/blob/main/packages/llm_analysis/codeql_packs/README.md
Use these commands to compile a new CodeQL query and then analyze a database with it. Ensure the query compiles successfully and produces results on a known-vulnerable fixture.
```bash
codeql query compile path/to/NewLocal.ql
codeql database analyze path/to/NewLocal.ql \
--format=sarif-latest --output=/tmp/result.sarif
```
--------------------------------
### Profile System (Context-Aware Analysis)
Source: https://github.com/deonmenezes/mantishack/blob/main/packages/exploit_feasibility/README.md
Demonstrates how to create and use profiles for context-aware analysis, especially for remote targets.
```APIDOC
## Profile System (Context-Aware Analysis)
### `create_remote_profile(glibc_version)`
#### Description
Creates a remote profile, optionally specifying the glibc version for accurate analysis.
#### Parameters
- **glibc_version** (string) - Optional - The version of glibc to use for the profile (e.g., "2.31").
### `FeasibilityAnalyzer(profile)`
#### Description
Initializes a FeasibilityAnalyzer with a given profile.
#### Parameters
- **profile** (object) - Required - The profile object to use for analysis.
### `FeasibilityAnalyzer.full_analysis()`
#### Description
Performs a full feasibility analysis using the configured analyzer and profile.
#### Returns
- **report** (object) - The analysis report.
```
--------------------------------
### Example PHP Composer JSON
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet is an example of a composer.json file for a PHP project, which mantishack-sca parses for package dependencies.
```json
{
"require": {
"monolog/monolog": "^2.0"
}
}
```
--------------------------------
### Scenario: Check New Repo
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md
Example command to scan a newly cloned repository for security issues using MANTISHACK.
```plaintext
/mantishack-scan - scan this repository for all security issues
```
--------------------------------
### Scenario: Test Web App
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md
Example command to test a local web application before deployment using MANTISHACK.
```plaintext
/mantishack-web - test http://localhost:8000
```
--------------------------------
### Example Node.js Package Lock File
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md
This snippet is an example of a package-lock.json file used by Node.js projects, which mantishack-sca parses.
```json
{
"name": "my-app",
"version": "1.0.0",
"dependencies": {
"lodash": {
"version": "4.17.21",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz"
}
}
}
```
--------------------------------
### Running MantiHack CodeQL Autonomous Workflow
Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/PHASE2_OVERVIEW.md
Demonstrates how to set up an API key and execute the MantiHack CodeQL fully autonomous workflow for a given repository. Review generated exploits after execution.
```bash
# Set your API key
export ANTHROPIC_API_KEY=sk-...
# Run fully autonomous workflow
python3 mantishack_codeql.py --repo /path/to/your/java/project
# Wait 20-60 minutes
# Review exploits in out/codeql_*/autonomous/exploits/
```
--------------------------------
### Sandbox Context with Egress Proxy and Multiple Runs
Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sandbox.md
This example demonstrates using a `sandbox` context manager with an egress proxy enabled. It shows how to make multiple calls within the same sandbox and access the combined event stream via `run.events`.
```python
with sandbox(use_egress_proxy=True, proxy_hosts=["api.example.com"]) as run:
run(["curl", "https://api.example.com/a"])
run(["curl", "https://api.example.com/b"])
print(run.events) # combined list covering both calls
```
--------------------------------
### Example Analysis JSON with Visualization Paths
Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/DATAFLOW_VISUALIZATION.md
This JSON structure shows an example of an analysis result that includes paths for various visualization formats.
```json
{
"finding": {
"rule_id": "java/sql-injection",
"has_dataflow": true,
"dataflow_path_count": 1,
...
},
"analysis": {
"is_exploitable": true,
...
},
"dataflow_validation": {
"is_exploitable": true,
"confidence": 0.95,
"sanitizers_effective": false,
...
},
"visualizations": {
"html": "out/.../autonomous/visualizations/java_sql-injection_42_dataflow.html",
"mermaid": "out/.../autonomous/visualizations/java_sql-injection_42_dataflow.mmd",
"ascii": "out/.../autonomous/visualizations/java_sql-injection_42_dataflow.txt",
"dot": "out/.../autonomous/visualizations/java_sql-injection_42_dataflow.dot"
}
}
```