Deep Eye: AI-Powered Vulnerability Scanner with Multi-LLM Support

By Prahlad Menon 4 min read

Security testing is one of those domains where AI isn’t just a nice-to-have — it fundamentally changes the game. Traditional vulnerability scanners rely on static pattern matching and known signatures. But modern applications have complex logic, custom APIs, and layered defenses that demand something smarter. Deep Eye brings multi-AI intelligence to penetration testing, and the result is a scanner that thinks before it attacks.

What Makes Deep Eye Different

Most vulnerability scanners follow a simple playbook: throw known payloads at endpoints and see what sticks. Deep Eye takes a different approach by integrating multiple AI providers — OpenAI, Claude, Grok, and Ollama — to generate context-aware payloads that adapt to what they find.

The tool supports 45+ attack methods spanning the full spectrum of web vulnerabilities:

  • Injection attacks: SQL injection (error-based, blind, time-based), command injection, LDAP injection, CRLF injection, SSTI
  • Client-side: XSS, CSRF, open redirect
  • Server-side: SSRF, XXE, path traversal, LFI/RFI, insecure deserialization
  • API security: OWASP API Top 10, GraphQL introspection and depth attacks, WebSocket testing
  • Authentication: JWT vulnerabilities, OAuth flaws, MFA bypass, session management issues
  • Business logic: Price manipulation, workflow bypass, race conditions

What’s notable is the AI payload generation. Rather than relying on static wordlists, Deep Eye uses its AI providers to craft payloads that are CVE-aware and context-sensitive. It analyzes the target’s responses and adapts its approach — much closer to how a human pentester operates.

WAF Bypass and Payload Obfuscation

One of the more impressive features is the advanced payload obfuscation engine with 11+ techniques specifically designed for WAF bypass. Modern web application firewalls catch most textbook payloads, so the tool uses AI to generate obfuscated variants that slip through pattern-based detection. This is the kind of capability that used to require manual creativity from experienced pentesters.

Reconnaissance and OSINT

Before launching attacks, Deep Eye performs comprehensive reconnaissance:

  • Passive OSINT gathering
  • DNS enumeration and subdomain discovery
  • Google dorking
  • Certificate transparency log analysis
  • GitHub and Pastebin exposure checks
  • Breach database lookups

This reconnaissance data feeds into the AI’s understanding of the target, making subsequent vulnerability testing more targeted and effective.

Team-Based Distributed Scanning

For larger engagements, Deep Eye supports collaborative scanning with session management. Multiple team members can contribute to a single assessment, distributing the workload while maintaining a unified view of findings. This is particularly useful for organizations running internal red team exercises.

Reporting and Notifications

The tool generates professional reports in PDF, HTML, and JSON formats. HTML reports are interactive with charts, filtering, and real-time search. OSINT intelligence is integrated directly into reports, providing executive summaries alongside technical details.

Real-time notifications via Email, Slack, and Discord mean your team stays informed as critical vulnerabilities are discovered — no waiting for the final report.

Extensibility

Deep Eye includes a custom plugin system that lets you write your own vulnerability scanners and integrate them into the framework. If you have proprietary checks or industry-specific tests, you can package them as plugins and run them alongside the built-in modules.

Getting Started

git clone https://github.com/zakirkun/deep-eye.git
cd deep-eye
pip install -r requirements.txt
cp config/config.example.yaml config/config.yaml
# Add your AI provider API keys to config.yaml
python deep_eye.py -u https://your-target.com

You’ll need at least one AI provider API key (OpenAI, Claude, Grok, or a local Ollama instance). Configuration is YAML-driven, making it easy to create repeatable scan profiles for different target types.

The Bigger Picture

Deep Eye represents a broader trend: AI isn’t just finding vulnerabilities faster — it’s finding vulnerabilities that static tools miss entirely. Business logic flaws, complex injection chains, and authentication bypasses require the kind of contextual reasoning that LLMs are increasingly good at.

The multi-provider approach is smart. Different AI models have different strengths — using Claude for nuanced analysis, GPT for creative payload generation, or a local Ollama instance for sensitive engagements where data can’t leave your network. Deep Eye lets you pick the right tool for each job.

Important caveat: Deep Eye is designed for authorized security testing only. Always ensure you have explicit permission before testing any system.

GitHub: github.com/zakirkun/deep-eye License: MIT