Reading
VulnCheck is a collection of intentionally vulnerable HTTP servers written in C, specifically designed to evaluate the capabilities of large language models (LLMs) in security scanning and vulnerability discovery.
Section 01
VulnCheck is a collection of intentionally vulnerable HTTP servers written in C, specifically designed to evaluate the capabilities of large language models (LLMs) in security scanning and vulnerability discovery.
Section 02
VulnCheck was created by developer xoro and is a collection of intentionally vulnerable HTTP servers written in C. Each server is an independent single-file program that simulates internal tools developers might write, but contains hidden security vulnerabilities of specific categories.
The core goal of the project is: to evaluate whether LLM-driven security scanners can successfully discover and exploit these vulnerabilities without prior knowledge. This design makes it straightforward to compare different LLM providers, prompt strategies, or scanner implementations.
Section 03
VulnCheck carefully selected 10 of the most representative vulnerability categories, all from the 2025 CWE Top 25 list of the most dangerous software weaknesses:
Section 04
Document Viewer is a web-based file browser used to serve documents from a local directory. The issue is that the user-provided filename is directly concatenated with the document root directory without filtering ../ sequences, allowing attackers to access any file on the system.
Section 05
Network Diagnostic Tool provides a web-based ping utility. The user-input hostname is directly passed to the popen() function for execution without any sanitization. This means attackers can inject additional shell commands to execute arbitrary system commands.
Section 06
Knowledge Base Search is a web search tool. The search query is directly reflected in the HTML response without proper escaping, opening the door to XSS attacks.
Section 07
Employee Directory provides a web-based employee query function. User input is directly concatenated into SQL query strings for an in-memory SQLite database, with no use of parameterized queries or prepared statements at all.
Section 08
Calculator Service is a web-based mathematical expression evaluator. The user's expression is embedded into a generated C source code file, which is then compiled and executed. This design allows attackers to inject and execute arbitrary code.
Keep going with more reads from the same topic.
Splinter is a minimalist, high-performance key-value (KV) and vector storage system enabling zero-latency inter-process communication via shared memory and atomic operations. With only 766 lines of core code, it supports millions of operations per second and 768-dimensional vector storage, offering a new architectural approach for local LLM inference and data-intensive applications.
Folkering OS is the world's first AI-native bare-metal operating system, entirely written in Rust no_std without relying on Linux, POSIX, or libc. It can generate commands from scratch, compile them into WASM, and run them in 10 seconds, achieving true self-evolution.
This project explores how to use Large Language Models (LLMs) to detect logical vulnerabilities in Ethereum smart contracts, especially business logic flaws that are difficult for traditional static analysis tools to capture, such as economic manipulation and execution order errors.
A self-hosted MCP server that provides cross-session persistent coordination, task management, event bus, and observability for AI agents. It supports 35 tools and can be integrated into clients like Claude Code and Cursor with zero code changes.