GitHub - HikaruEgashira/parsentry: Code Scanner for AI (formaly vulnhuntrs) 🎯

AI-only scanners are slow and miss vulnerabilities.

Parsentry uses static analysis to enumerate patterns, then orchestrates AI agents for deep inspection. Scan large repositories 10x faster (or more) while catching what others miss.

How it works

Pattern Enumeration — Tree-sitter finds security-relevant code paths with PAR framework
AI Orchestration — Agents analyze each pattern in parallel
Universal — Support C, C++, Go, Java, JavaScript, Python, Ruby, Rust, TypeScript, Terraform

Installation

mise use -g github:HikaruEgashira/parsentry

Download the latest release for your platform from GitHub Releases:

Usage

# Analyze a GitHub repository
parsentry owner/repository

# Analyze with Claude Code CLI
parsentry owner/repository --agent claude-code

# Analyze a local directory
parsentry /path/to/code

# Generate security patterns
parsentry owner/repository --generate-patterns

Command Line Options

❯ parsentry --help

Usage: parsentry [OPTIONS] [TARGET]

Arguments:
  [TARGET]  Target to analyze: local path or GitHub repository (owner/repo)

Core Options:
  -a, --analyze <ANALYZE>                Analysis target
  -m, --model <MODEL>                    [default: gpt-5.1-codex]
      --output-dir <OUTPUT_DIR>          [default: ./reports]
      --generate-patterns                Generate security patterns
      --language <LANGUAGE>              [default: ja]

Agent Options:
      --agent <AGENT>                    [default: genai]
                                         Possible values: genai, claude-code
      --agent-poc                        Enable PoC execution

Multi-Repository Variant Analysis (MVRA):
      --mvra                             Enable multi-repository variant analysis
      --search-query <MVRA_SEARCH_QUERY> GitHub search query for MVRA
      --code-query <MVRA_CODE_QUERY>     Code search query for MVRA
      --max-repos <MVRA_MAX_REPOS>       Max repos to analyze [default: 10]

Example Reports

skills/secure-code-game - Security challenges across multiple languages
harishsg993010/damn-vulnerable-MCP-server - MCP Server
bridgecrewio/terragoat - Terraform
RhinoSecurityLabs/cloudgoat - Infrastructure as Code (IaC)
NeuraLegion/brokencrystals - Typescript
OWASP/NodeGoat - Node.js
OWASP/railsgoat - Ruby on Rails
dolevf/Damn-Vulnerable-GraphQL-Application - GraphQL
cider-security-research/cicd-goat - CI/CD Pipeline (analyzed with --agent claude-code)

Security

This tool is intended for security research and educational purposes only. Do not use the example vulnerable applications in production environments.

License

AGPL 3.0

Name		Name	Last commit message	Last commit date
Latest commit History 477 Commits
.github		.github
.parsentry		.parsentry
crates		crates
docs		docs
packaging		packaging
scripts		scripts
src		src
tests		tests
.envrc		.envrc
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
CLAUDE.md		CLAUDE.md
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
LICENSE		LICENSE
README.md		README.md
deny.toml		deny.toml
devenv.lock		devenv.lock
devenv.nix		devenv.nix
devenv.yaml		devenv.yaml
flake.nix		flake.nix
logo.png		logo.png

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

How it works

Installation

Usage

Command Line Options

Example Reports

Security

License

About

Uh oh!

Releases 17

Uh oh!

Contributors 7

Uh oh!

Languages

License

HikaruEgashira/parsentry

Folders and files

Latest commit

History

Repository files navigation

How it works

Installation

Usage

Command Line Options

Example Reports

Security

License

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 17

Uh oh!

Contributors 7

Uh oh!

Languages