### Example Apt Get Install Command Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet shows an apt-get install command that mantishack-sca recognizes when parsing inline install sources. ```bash apt-get install -y curl ``` -------------------------------- ### Example Dockerfile Inline Install Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet shows how mantishack-sca parses inline installation commands within Dockerfiles. ```dockerfile FROM ubuntu:latest RUN apt-get update && apt-get install -y curl RUN curl -fsSL https://example.com/install.sh | bash ``` -------------------------------- ### Scenario: General Help Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md Example command to get help securing an application using MANTISHACK. ```plaintext /mantishack - help me secure my application ``` -------------------------------- ### Example Gem Install Command Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet shows a gem install command that mantishack-sca recognizes when parsing inline install sources. ```bash gem install rails ``` -------------------------------- ### Example Fuzzing Workflow Source: https://github.com/deonmenezes/mantishack/blob/main/docs/FUZZING_QUICKSTART.md Demonstrates a typical workflow for fuzzing a binary with MantiHack, starting with a quick smoke test and progressing to deeper goal-directed analysis. ```bash python3 mantishack_fuzzing.py \ --binary ./target_app \ --duration 300 \ --autonomous \ --max-crashes 5 ``` ```bash python3 mantishack_fuzzing.py \ --binary ./target_app \ --duration 3600 \ --autonomous \ --goal "find heap overflow" \ --parallel 4 \ --max-crashes 20 ``` ```bash ls out/fuzz_*/autonomous_corpus/ # View generated seeds cat out/fuzz_*/fuzzing_report.json # Summary report ls out/fuzz_*/analysis/exploits/ # Generated exploits ``` -------------------------------- ### Run SAGE Setup Script Source: https://github.com/deonmenezes/mantishack/blob/main/core/sage/docs/SAGE_INTEGRATION.md Execute the setup script to configure SAGE integration. This script handles SDK verification, MCP configuration, Docker setup, knowledge seeding, and agent registration. ```bash libexec/mantishack-sage-setup ``` -------------------------------- ### Example Npm Install Command Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet shows an npm install command that mantishack-sca recognizes when parsing inline install sources. ```bash npm install lodash ``` -------------------------------- ### Example Python Pip Install Command Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet shows a pip install command that mantishack-sca recognizes when parsing inline install sources. ```bash pip install requests ``` -------------------------------- ### Example Cargo Install Command Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet shows a cargo install command that mantishack-sca recognizes when parsing inline install sources. ```bash cargo install ripgrep ``` -------------------------------- ### Example .NET Project File Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet is an example of a .csproj file for a .NET project, which mantishack-sca scans for package references. ```xml Exe net6.0 ``` -------------------------------- ### Install Mantishack Manually Source: https://github.com/deonmenezes/mantishack/blob/main/README.md Follow these steps to clone the repository, install Python dependencies, and set up required tools like Claude Code and Semgrep for manual installation. ```bash git clone https://github.com/deonmenezes/mantishack.git cd mantishack pip install -r requirements.txt npm install -g @anthropic-ai/claude-code pip install semgrep claude ``` -------------------------------- ### Install SAGE Agent SDK and httpx Source: https://github.com/deonmenezes/mantishack/blob/main/requirements.txt Install the SAGE agent SDK and httpx for SAGE persistent memory functionality. ```bash pip install sage-agent-sdk==6.6.5 httpx==0.28.1 ``` -------------------------------- ### Example Security Scan Workflow Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_USAGE.md Demonstrates an interactive workflow starting with a /scan command, followed by analysis and user choices for remediation. ```bash User: /scan Claude: [Python executes mantishack.py scan] [Scan completes] Results: 15 vulnerabilities found Analyzing with adversarial thinking: - 2 Secrets (instant compromise) - REVIEW FIRST - 5 SQLi (database access) - REVIEW SECOND - 3 Auth issues (broken access control) - REVIEW THIRD - 5 Config issues - REVIEW LAST What next? 1. Deep - Analyze top findings 2. Fix - Apply patches/improve exploits 3. Generate report - Export results 4. Retry - Different parameters 5. Done - Finish Your choice? [1-5] User: 2 Claude: Reviewing Python-generated patches... Found 2 template patches. Using Patch Engineer persona to create actual fixes... ✓ All patches now production-ready Apply patches? [Y/n] User: Y Claude: [Applies patches using Edit tool] ✓ Patches applied successfully Run /scan again to verify fixes? [Y/n] ``` -------------------------------- ### MANTISHACK Setup in Claude Code Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md Steps to set up MANTISHACK within Claude Code, including cloning the repo, installing dependencies, and configuring LLM access. ```bash # 1. Clone and open in Claude Code git clone https://github.com/gadievron/raptor.git cd mantishack claude # 2. Let Claude handle setup "Install Python packages from requirements.txt" "Install semgrep" # External tool # 3. Set up LLM (choose one) "Set my ANTHROPIC_API_KEY to [your-key]" # Cloud (best quality) # OR "Install Ollama and pull deepseek-r1 model" # Local/free # 4. Start using MANTISHACK /scan - Scan code for vulnerabilities /fuzz - Fuzz binaries (asks to install AFL++ if needed) /web - Test web applications ``` -------------------------------- ### Example Dotnet Add Package Command Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet shows a dotnet add package command that mantishack-sca recognizes when parsing inline install sources. ```bash dotnet add package Newtonsoft.Json ``` -------------------------------- ### Install SAGE SDK Source: https://github.com/deonmenezes/mantishack/blob/main/core/sage/docs/SAGE_INTEGRATION.md Install the necessary Python packages for SAGE integration. This includes the SDK and httpx for HTTP requests. ```bash pip install sage-agent-sdk httpx ``` -------------------------------- ### Example Go Module File Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet is an example of a go.mod file for a Go project, which mantishack-sca scans for module dependencies. ```go module example.com/my-go-app go 1.18 require ( r) github.com/gin-gonic/gin v1.8.1 ) ``` -------------------------------- ### Example Dataflow Analysis Prompt Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/PHASE2_OVERVIEW.md This prompt guides an LLM to analyze a CodeQL dataflow path, assessing sanitizer effectiveness, bypass possibilities, and attack complexity. ```plaintext You are analyzing a dataflow path: SOURCE: User input from HTTP parameter LoginController.java:45 STEP 1: Passes through validation InputValidator.java:23 SINK: SQL query execution UserDAO.java:78 SANITIZERS: Basic input validation Determine: 1. Can the sanitizer be bypassed? 2. Is this truly exploitable? 3. What's the attack complexity? ``` -------------------------------- ### Install MANTISHACK Framework Source: https://github.com/deonmenezes/mantishack/blob/main/requirements.txt Install the MANTISHACK framework and its core dependencies using pip. ```bash pip3 install -r requirements.txt ``` -------------------------------- ### Install Optional LLM Provider SDKs Source: https://github.com/deonmenezes/mantishack/blob/main/requirements.txt Install SDKs for various LLM providers to enable external LLM support. Choose the SDK that matches your provider. ```bash pip install openai # OpenAI, Gemini (via shim), Mistral, Ollama ``` ```bash pip install anthropic # Anthropic Claude (native structured output) ``` ```bash pip install google-genai # Google Gemini (native SDK, accurate thinking token costs) ``` -------------------------------- ### Install Graphviz on Ubuntu/Debian Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/DATAFLOW_VISUALIZATION.md Install the Graphviz package using apt-get on Ubuntu or Debian systems. ```bash # Ubuntu/Debian sudo apt-get install graphviz ``` -------------------------------- ### Install Optional Dataflow Visualization Tool Source: https://github.com/deonmenezes/mantishack/blob/main/requirements.txt Install the tabulate package for enhanced dataflow visualization, which is recommended for better analysis. ```bash pip install tabulate==0.10.0 ``` -------------------------------- ### Audit Budget CLI Examples Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sandbox.md Examples of how to configure the audit budget via the command-line interface for different diagnostic needs. Adjust the budget value based on workload requirements. ```bash mantishack scan target/ --sandbox full --audit # default 10000 mantishack scan target/ --sandbox full --audit --audit-budget 100 # quick diag mantishack scan target/ --sandbox full --audit --audit-verbose --audit-budget 50000 # long run ``` -------------------------------- ### Install GDB Source: https://github.com/deonmenezes/mantishack/blob/main/docs/FUZZING_QUICKSTART.md Installs the GNU Debugger (GDB). Use the command suitable for your OS (macOS or Ubuntu). ```bash # macOS brew install gdb # Ubuntu sudo apt install gdb ``` -------------------------------- ### Install Optional Rich Inventory Metadata Tools Source: https://github.com/deonmenezes/mantishack/blob/main/requirements.txt Install packages for enhanced metadata handling, including decorators, annotations, and typed parameters. ```bash pip install tree-sitter tree-sitter-python tree-sitter-java tree-sitter-javascript tree-sitter-c tree-sitter-go ``` -------------------------------- ### Install Z3 SMT Solver Source: https://github.com/deonmenezes/mantishack/blob/main/README.md Command to install the Z3 SMT solver library, which is optional but enhances Mantishack's analysis results. ```bash pip install z3-solver ``` -------------------------------- ### Example Java Maven POM File Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet is an example of a pom.xml file for a Java project using Maven, which mantishack-sca scans. ```xml 4.0.0 com.example my-app 1.0-SNAPSHOT junit junit 4.13.2 test ``` -------------------------------- ### Verify Mantishack Installation and Components Source: https://github.com/deonmenezes/mantishack/blob/main/docs/ARCHITECTURE.md Commands to verify the installation of the main Mantishack launcher and its individual components, including static analysis, CodeQL, LLM analysis, and full workflows. ```bash # Test main launcher python3 mantishack.py # Test static analysis python3 packages/static-analysis/scanner.py --help # Test CodeQL python3 mantishack_codeql.py --help # Test LLM analysis python3 packages/llm_analysis/agent.py --help # Test full workflows python3 mantishack_agentic.py --help python3 mantishack_fuzzing.py --help ``` -------------------------------- ### Patch Output Diff Example Source: https://github.com/deonmenezes/mantishack/blob/main/tiers/personas/patch_engineer.md An example of the expected patch output format, including a diff, comments explaining the fix, and vulnerability type reference. Include clear diff format, comments explaining the fix, reference to vulnerability type, and testing recommendations. ```diff --- vulnerable_file.py (original) +++ vulnerable_file.py (patched) @@ -45,3 +45,4 @@ def login(username, password): - query = f"SELECT * FROM users WHERE name='{username}'" + # Fixed: Use parameterized query to prevent SQL injection + query = "SELECT * FROM users WHERE name=?" + cursor.execute(query, (username,)) ``` -------------------------------- ### Usage Examples for Dependency Scan Source: https://github.com/deonmenezes/mantishack/blob/main/docs/EXTENDING_LAUNCHER.md Demonstrates how to execute the dependency scan mode from the command line and access help information. ```bash # Run dependency scan python3 mantishack.py depscan --repo /path/to/code # Get help python3 mantishack.py help depscan ``` -------------------------------- ### MantiHack CodeQL CLI Usage Example Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/PHASE2_OVERVIEW.md Demonstrates how to run MantiHack CodeQL in fully autonomous mode using the command-line interface, specifying the repository path. ```bash # Fully autonomous (zero configuration) python3 mantishack_codeql.py --repo /path/to/code ``` -------------------------------- ### Scenario: Find Binary Bugs Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md Example command to fuzz a binary for a specified duration using MANTISHACK. ```plaintext /mantishack-fuzz - fuzz ./myapp for 30 minutes ``` -------------------------------- ### Static Analysis Scanner CLI Example Source: https://github.com/deonmenezes/mantishack/blob/main/docs/ARCHITECTURE.md Demonstrates how to run the static analysis scanner package from the command line, specifying the repository path, policy groups, and output directory. ```bash python3 packages/static-analysis/scanner.py \ --repo /path/to/code \ --policy_groups secrets,owasp \ --output /path/to/output ``` -------------------------------- ### Patch Example: MD5 vs. SHA-256 Source: https://github.com/deonmenezes/mantishack/blob/main/tiers/personas/exploit_developer.md Demonstrates how to correctly apply a patch by showing the actual code change for replacing MD5 with SHA-256. ```diff - digest = MessageDigest.getInstance("MD5"); + digest = MessageDigest.getInstance("SHA-256"); ``` -------------------------------- ### Scanner.py Help Text Example Source: https://github.com/deonmenezes/mantishack/blob/main/docs/ARCHITECTURE.md Demonstrates how to use the --help flag for the static analysis scanner to understand its arguments and usage. ```bash $ python3 packages/static-analysis/scanner.py --help MANTISHACK Static Analysis Scanner Scans code using Semgrep with configurable policy groups. Required Arguments: --repo PATH Path to repository to scan Optional Arguments: --policy_groups STR Comma-separated policy groups (default: all) --output PATH Output directory (default: auto-generated) Examples: # Scan with all policy groups python3 scanner.py --repo /path/to/code # Scan specific policy groups python3 scanner.py --repo /path/to/code --policy_groups secrets,owasp ``` -------------------------------- ### Example Composer Require Command Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet shows a composer require command that mantishack-sca recognizes when parsing inline install sources. ```bash composer require monolog/monolog ``` -------------------------------- ### CodeQL Pack Structure Example Source: https://github.com/deonmenezes/mantishack/blob/main/packages/llm_analysis/codeql_packs/README.md Illustrates the directory layout for a CodeQL pack, including the qlpack.yml, codeql-pack.lock.yml, and the Mantishack/LocalFlowSource.qll library. ```yaml -queries/ ├── qlpack.yml — depends on codeql/-all: "*" ├── codeql-pack.lock.yml — committed; deps pinned for reproducibility ├── Mantishack/ │ └── LocalFlowSource.qll — selects threat-model sources └── Security/ ├── CWE-022/PathTraversalLocal.ql ├── CWE-078/CommandInjectionLocal.ql └── ... ``` -------------------------------- ### Run CodeQL Analysis with Caching Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/README.md Demonstrates the difference in execution time between the first run and a subsequent run when caching is utilized. The first run creates the database, while the second run leverages the cache for faster analysis. ```bash # First run python3 packages/codeql/agent.py --repo /path/to/code # Database created: 8.3 minutes # Second run (cache hit) python3 packages/codeql/agent.py --repo /path/to/code # ✓ Using cached database for java (0.2 seconds) # Total time: 2.1 minutes (just query execution) ``` -------------------------------- ### Install MANTISHACK Dependencies Source: https://github.com/deonmenezes/mantishack/blob/main/docs/README.md Installs the necessary Python dependencies and static analysis tools for MANTISHACK. Ensure you have Python 3.10+ and Git installed. ```bash # Clone repository git clone cd MANTISHACK-daniel-modular # Install Python dependencies pip3 install anthropic openai requests beautifulsoup4 pwntools tabulate # Install static analysis tools pip3 install semgrep # Download and configure CodeQL # See: https://codeql.github.com/docs/codeql-cli/getting-started-with-the-codeql-cli/ # Install AFL++ (for binary fuzzing) brew install afl++ # macOS # OR sudo apt install afl++ # Ubuntu # Install GDB (for crash analysis) brew install gdb # macOS # OR sudo apt install gdb # Ubuntu # Verify installation python3 mantishack_agentic.py --help python3 mantishack_fuzzing.py --help ``` -------------------------------- ### Analyze Java Maven Project Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/README.md Example of running CodeQL analysis on a Java project using Maven. Shows expected output including detected language, build system, database creation time, and findings. ```bash python3 packages/codeql/agent.py \ --repo /Users/daniel/O365/CSR/Code/CodeQL-Crypto-Research/GHUniverse/acme-access-main # Output: # ✓ Detected java (confidence: 0.92) # ✓ Detected Maven build system # ✓ Created database (5.2 minutes) # ✓ Analysis completed: 12 findings # SARIF: out/codeql_acme-access-main_20250114_123456/codeql_java.sarif ``` -------------------------------- ### Install Python Dependencies for Mantishack Source: https://github.com/deonmenezes/mantishack/blob/main/docs/ARCHITECTURE.md Installs all Python dependencies required for the Mantishack project using pip and a requirements file. Alternatively, individual packages can be installed. ```bash git clone cd mantishack pip install -r requirements.txt # Or install manually: pip install semgrep anthropic openai instructor requests beautifulsoup4 ``` -------------------------------- ### Analyze Multi-Language Repository Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/README.md Example of running CodeQL analysis on a repository containing multiple programming languages. Demonstrates parallel database creation and aggregated findings. ```bash python3 packages/codeql/agent.py --repo /path/to/fullstack-app # Output: # ✓ Detected python (confidence: 0.85) # ✓ Detected javascript (confidence: 0.78) # ✓ Detected java (confidence: 0.91) # ✓ Created 3 databases in parallel # ✓ Analysis completed: 47 findings total ``` -------------------------------- ### Install AFL++ Source: https://github.com/deonmenezes/mantishack/blob/main/docs/FUZZING_QUICKSTART.md Commands to install AFL++ on macOS and Ubuntu systems. ```bash # Install AFL++ brew install afl++ # macOS sudo apt install afl++ # Ubuntu ``` -------------------------------- ### Structured Exploitation Paths Example Source: https://github.com/deonmenezes/mantishack/blob/main/docs/exploitability-validation-integration.md Demonstrates the JSON structure for exploitation paths, pairing techniques with binary targets. ```json { "exploitation_paths": [ {"technique": "heap metadata corruption via double-free", "target": "GOT[exit] @ 0x28570"}, {"technique": "GOT overwrite via heap metadata corruption", "target": "GOT[_ex_deregister] @ 0x28aa0"} ] } ``` -------------------------------- ### Example Ruby Gemfile Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet is an example of a Gemfile for a Ruby project, which mantishack-sca parses for gem dependencies. ```ruby source 'https://rubygems.org' gem 'rails', '~> 7.0.0' gem 'pg', '~> 1.0' ``` -------------------------------- ### Binary Fuzzing Natural Language Examples Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md Examples of natural language prompts for fuzzing binaries with MANTISHACK. ```plaintext /fuzz - fuzz this binary /fuzz - test ./myapp for 5 minutes /fuzz - find crashes in /usr/local/bin/myapp ``` -------------------------------- ### Mantishack Project Setup and Scan Source: https://github.com/deonmenezes/mantishack/blob/main/README.md Commands to create a project, set it as active, map the attack surface, and initiate an agentic scan. The agentic scan includes Semgrep and CodeQL, audit lanes, and validation. ```bash /mantis-project create myapp --target /path/to/code # create a project first /mantis-project use myapp # set it as active /mantis-understand --map # map the attack surface /mantis-agentic # scan, audit, validate, exploit, patch /mantis-project findings # review everything in one place ``` -------------------------------- ### Install Graphviz on macOS Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/DATAFLOW_VISUALIZATION.md Install the Graphviz package using Homebrew on macOS to enable DOT file rendering. ```bash # macOS brew install graphviz ``` -------------------------------- ### Build CodeQL Databases for Multiple Languages Source: https://github.com/deonmenezes/mantishack/blob/main/packages/llm_analysis/tests/fixtures/iris_e2e_multilang/README.md Commands to create CodeQL databases for JavaScript, Java, Go, and C fixtures. For Java and C, specific compilation commands are included. ```bash codeql database create /tmp/iris-js --language=javascript --source-root=js --overwrite ``` ```bash codeql database create /tmp/iris-java --language=java --source-root=java --command="javac CmdInj.java" --overwrite ``` ```bash codeql database create /tmp/iris-go --language=go --source-root=go --overwrite ``` ```bash codeql database create /tmp/iris-c --language=cpp --source-root=c --command="gcc -c cmd_inj.c -o /tmp/cmd_inj.o" --overwrite ``` -------------------------------- ### Install AFL++ Source: https://github.com/deonmenezes/mantishack/blob/main/docs/FUZZING_QUICKSTART.md Installs AFL++ fuzzing tool. Use the appropriate command for your operating system (macOS or Ubuntu/Debian). ```bash # macOS brew install afl++ # Ubuntu/Debian sudo apt install afl++ # Verify installation which afl-fuzz ``` -------------------------------- ### Example Rust Cargo.toml File Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet is an example of a Cargo.toml file for a Rust project, which mantishack-sca parses for dependencies. ```toml [package] name = "my-rust-app" version = "0.1.0" edition = "2021" [dependencies] serde = { version = "1.0", features = ["derive"] } ``` -------------------------------- ### Expert Persona Usage Examples Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_USAGE.md Examples of how to invoke expert personas for specific tasks. These personas are loaded on-demand. ```bash "Use exploit developer persona to create PoC for finding #42" "Use crash analyst persona to analyze this crash" "Use fuzzing strategist persona to recommend AFL parameters" ``` -------------------------------- ### Command-Based Input Detection Example Source: https://github.com/deonmenezes/mantishack/blob/main/docs/FUZZING_QUICKSTART.md Illustrates binary analysis output when detecting commands and wrapping seeds, showing generated counts. ```text [INFO] Detected command: STACK [INFO] Detected command: HEAP [INFO] Detected command: UAF [INFO] Detected command: JSON [INFO] Detected command: XML [INFO] Binary analysis complete: 5 formats, 8 commands detected [INFO] Wrapping basic seeds with 8 detected commands [INFO] Generated 96 basic seeds (12 × 8 commands) [INFO] Wrapping goal-directed seeds with STACK command [INFO] Generated 5 goal-directed seeds ``` -------------------------------- ### Web Testing Natural Language Examples Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md Examples of natural language prompts for testing web applications with MANTISHACK. ```plaintext /web - test my website /web - scan https://localhost:3000 for XSS /web - check this app for OWASP Top 10 ``` -------------------------------- ### Create CodeQL Database for OWASP Benchmark Java Source: https://github.com/deonmenezes/mantishack/blob/main/core/dataflow/corpus/SOURCES.md Creates a CodeQL database for the OWASP Benchmark Java project, used for security analysis. ```bash # 1. Clone (see above) # 2. Build CodeQL DB (the build hits Maven, takes ~3-5 minutes) codeql database create /tmp/owasp-codeql-db \ --language=java \ --command="mvn -B -DskipTests clean package" \ --source-root=out/dataflow-corpus-fixtures/owasp-benchmark-java \ --overwrite ``` -------------------------------- ### Run CodeQL Analysis with Agent Source: https://github.com/deonmenezes/mantishack/blob/main/docs/ARCHITECTURE.md Execute the CodeQL analysis agent with specified repository, language, and output path. Ensure the CodeQL CLI is installed. ```bash python3 packages/codeql/agent.py \ --repo /path/to/code \ --language python \ --output /path/to/output ``` -------------------------------- ### Code Scanning Natural Language Examples Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md Examples of natural language prompts for scanning source code with MANTISHACK. ```plaintext /scan - scan this directory /scan - find secrets in my code /scan - check for SQL injection vulnerabilities ``` -------------------------------- ### Install Python Dependencies Source: https://github.com/deonmenezes/mantishack/blob/main/docs/FUZZING_QUICKSTART.md Installs necessary Python libraries for MANTISHACK, including libraries for network requests and LLM providers. ```bash pip3 install requests anthropic openai pwntools ``` -------------------------------- ### Compile and Analyze CodeQL Queries Source: https://github.com/deonmenezes/mantishack/blob/main/packages/llm_analysis/codeql_packs/README.md Use these commands to compile a new CodeQL query and then analyze a database with it. Ensure the query compiles successfully and produces results on a known-vulnerable fixture. ```bash codeql query compile path/to/NewLocal.ql codeql database analyze path/to/NewLocal.ql \ --format=sarif-latest --output=/tmp/result.sarif ``` -------------------------------- ### Profile System (Context-Aware Analysis) Source: https://github.com/deonmenezes/mantishack/blob/main/packages/exploit_feasibility/README.md Demonstrates how to create and use profiles for context-aware analysis, especially for remote targets. ```APIDOC ## Profile System (Context-Aware Analysis) ### `create_remote_profile(glibc_version)` #### Description Creates a remote profile, optionally specifying the glibc version for accurate analysis. #### Parameters - **glibc_version** (string) - Optional - The version of glibc to use for the profile (e.g., "2.31"). ### `FeasibilityAnalyzer(profile)` #### Description Initializes a FeasibilityAnalyzer with a given profile. #### Parameters - **profile** (object) - Required - The profile object to use for analysis. ### `FeasibilityAnalyzer.full_analysis()` #### Description Performs a full feasibility analysis using the configured analyzer and profile. #### Returns - **report** (object) - The analysis report. ``` -------------------------------- ### Example PHP Composer JSON Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet is an example of a composer.json file for a PHP project, which mantishack-sca parses for package dependencies. ```json { "require": { "monolog/monolog": "^2.0" } } ``` -------------------------------- ### Scenario: Check New Repo Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md Example command to scan a newly cloned repository for security issues using MANTISHACK. ```plaintext /mantishack-scan - scan this repository for all security issues ``` -------------------------------- ### Scenario: Test Web App Source: https://github.com/deonmenezes/mantishack/blob/main/docs/CLAUDE_CODE_QUICKSTART.md Example command to test a local web application before deployment using MANTISHACK. ```plaintext /mantishack-web - test http://localhost:8000 ``` -------------------------------- ### Example Node.js Package Lock File Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sca.md This snippet is an example of a package-lock.json file used by Node.js projects, which mantishack-sca parses. ```json { "name": "my-app", "version": "1.0.0", "dependencies": { "lodash": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz" } } } ``` -------------------------------- ### Running MantiHack CodeQL Autonomous Workflow Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/PHASE2_OVERVIEW.md Demonstrates how to set up an API key and execute the MantiHack CodeQL fully autonomous workflow for a given repository. Review generated exploits after execution. ```bash # Set your API key export ANTHROPIC_API_KEY=sk-... # Run fully autonomous workflow python3 mantishack_codeql.py --repo /path/to/your/java/project # Wait 20-60 minutes # Review exploits in out/codeql_*/autonomous/exploits/ ``` -------------------------------- ### Sandbox Context with Egress Proxy and Multiple Runs Source: https://github.com/deonmenezes/mantishack/blob/main/docs/sandbox.md This example demonstrates using a `sandbox` context manager with an egress proxy enabled. It shows how to make multiple calls within the same sandbox and access the combined event stream via `run.events`. ```python with sandbox(use_egress_proxy=True, proxy_hosts=["api.example.com"]) as run: run(["curl", "https://api.example.com/a"]) run(["curl", "https://api.example.com/b"]) print(run.events) # combined list covering both calls ``` -------------------------------- ### Example Analysis JSON with Visualization Paths Source: https://github.com/deonmenezes/mantishack/blob/main/packages/codeql/DATAFLOW_VISUALIZATION.md This JSON structure shows an example of an analysis result that includes paths for various visualization formats. ```json { "finding": { "rule_id": "java/sql-injection", "has_dataflow": true, "dataflow_path_count": 1, ... }, "analysis": { "is_exploitable": true, ... }, "dataflow_validation": { "is_exploitable": true, "confidence": 0.95, "sanitizers_effective": false, ... }, "visualizations": { "html": "out/.../autonomous/visualizations/java_sql-injection_42_dataflow.html", "mermaid": "out/.../autonomous/visualizations/java_sql-injection_42_dataflow.mmd", "ascii": "out/.../autonomous/visualizations/java_sql-injection_42_dataflow.txt", "dot": "out/.../autonomous/visualizations/java_sql-injection_42_dataflow.dot" } } ```