Inspiration
I built Eliot alone after realizing most security tools ignore client-side vulnerabilities. I wanted a system that could analyze large codebases, recognize patterns similar to known exploits, and use AI to explain and fix them.
What it does
Eliot scans client-side code, detects and verifies over eleven vulnerability types, shows the exact location, generates fixes, and can run safe proof of concept attacks in a sandbox VM.
How I built it
I created a deep crawler to inspect inputs, libraries, endpoints, HTML, and JavaScript. I used AI to analyze high-risk code segments and validate real vulnerabilities with impact and remediation.
Challenges
Launching Linux VMs and controlling an autonomous agent to execute exploits safely was the hardest part.
Accomplishments
It worked end to end and confirmed real vulnerabilities with fixes.
What I learned
VM automation, Linux, vulnerability classes, and performance optimization.
What's next
I plan to turn Eliot into an API developers can use directly in their pipelines or codebases.
Built With
- express.js
- next.js
- tailwind
- typescript
Log in or sign up for Devpost to join the conversation.