Detect • Investigate • Analyze • Respond
ThreatHunter AI is a modern, open-source cybersecurity platform that combines advanced threat detection, AI-powered investigation, GitHub secret scanning, and executive incident reporting into a single SOC experience.
Traditional SOC platforms are often expensive, difficult to deploy, and inaccessible to students, startups, researchers, and independent security analysts.
ThreatHunter AI was built to solve this problem by providing:
✅ AI-Powered Threat Investigation
✅ Real-Time Threat Detection
✅ GitHub Secret Exposure Scanning
✅ Executive Incident Reporting
✅ Security Operations Dashboard
✅ Self-Hosted Deployment
✅ Open Source Transparency
✅ Zero Vendor Lock-In
Whether you're a cybersecurity student, penetration tester, SOC analyst, developer, or security researcher, ThreatHunter gives you enterprise-grade capabilities without enterprise-grade costs.
Upload security logs and receive instant AI-powered threat intelligence.
- Nginx Access Logs
- Apache Access Logs
- Authentication Logs
- Custom Security Logs
- Application Logs
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Command Injection
- Directory Traversal
- SSH Brute Force
- Credential Stuffing
- Authentication Abuse
- Suspicious User Agents
- Reconnaissance Activity
- Rate Limit Violations
Gemini AI automatically generates:
- Executive Summary
- Threat Explanation
- Risk Assessment
- Indicators of Compromise (IOCs)
- Attack Timeline
- Mitigation Recommendations
- Remediation Guidance
ThreatHunter scans repositories for exposed secrets and security risks.
- API Keys
- AWS Credentials
- Google Cloud Credentials
- JWT Secrets
- GitHub Tokens
- Database Passwords
- OAuth Secrets
- Hardcoded Credentials
- Environment Variables
- Sensitive Configuration Files
- Public Repository Scanning
- Private Repository Support
- Severity Classification
- File Path Identification
- Line Number Detection
- Multi-File Analysis
Monitor your security posture in real time.
- Live Incident Feed
- Threat Radar
- Risk Score Engine
- Severity Distribution Charts
- Incident Timeline
- Recent Threat Activity
- System Health Metrics
- Database Status Monitoring
Integrated cybersecurity copilot powered by Google Gemini.
- Security Q&A
- Attack Explanations
- Vulnerability Research
- Incident Response Guidance
- Threat Hunting Assistance
- Security Best Practices
- Blue Team Support
- SOC Investigation Help
Generate professional security reports instantly.
- Executive Summary
- Threat Overview
- Risk Assessment
- Timeline Analysis
- Indicators of Compromise
- Root Cause Analysis
- Remediation Actions
- Recommended Security Controls
- PDF Reports
- Historical Reports
- Executive Briefings
┌──────────────────────────┐
│ User Uploads │
│ Logs / GitHub Repos │
└─────────────┬────────────┘
│
▼
┌──────────────────────────┐
│ Ingestion Layer │
│ Log Parser & Validator │
└─────────────┬────────────┘
│
▼
┌──────────────────────────┐
│ Threat Detection Engine │
│ Pattern Matching Rules │
└─────────────┬────────────┘
│
▼
┌──────────────────────────┐
│ Severity Classification │
│ Critical / High / Medium │
└─────────────┬────────────┘
│
▼
┌──────────────────────────┐
│ Gemini AI Analysis │
│ Threat Investigation │
└─────────────┬────────────┘
│
▼
┌──────────────────────────┐
│ Incident Report Builder │
└─────────────┬────────────┘
│
▼
┌──────────────────────────┐
│ Dashboard & PDF Export │
└──────────────────────────┘
User Uploads Logs
│
▼
Log Ingestion
│
▼
Threat Detection Engine
(SQLi / XSS / Brute Force)
│
▼
Risk Scoring
│
▼
Gemini AI Investigation
│
▼
IOC Extraction
│
▼
Executive Report Generation
│
▼
Dashboard Visualization
│
▼
PDF Export
Raw Security Logs
│
▼
Threat Classification
│
▼
Severity Assessment
│
▼
Context Extraction
│
▼
Gemini AI Analysis
│
▼
Attack Explanation
│
▼
Risk Evaluation
│
▼
Remediation Plan
ThreatHunter currently detects:
🔴 SQL Injection
🔴 Cross-Site Scripting
🔴 Command Injection
🔴 Directory Traversal
🔴 SSH Brute Force
🔴 Credential Stuffing
🔴 Secret Exposure
🔴 Suspicious User Agents
🔴 Authentication Abuse
🔴 Reconnaissance Attempts
🔴 Rate Limit Violations
🔴 Configuration Leaks
| Layer | Technology |
|---|---|
| Frontend | Next.js 15 |
| Language | TypeScript |
| Styling | Tailwind CSS v4 |
| AI Engine | Google Gemini 2.5 Flash |
| Authentication | NextAuth.js |
| Database | PostgreSQL |
| ORM | Prisma |
| Animations | Framer Motion |
| Icons | Lucide React |
| Notifications | Sonner |
| Deployment | Vercel |
threathunter-ai/
│
├── src/
│ ├── app/
│ │ ├── dashboard/
│ │ ├── logs/
│ │ ├── reports/
│ │ ├── scanner/
│ │ ├── chat/
│ │ └── api/
│ │
│ ├── components/
│ ├── lib/
│ │ ├── ai/
│ │ ├── scanners/
│ │ └── threat-detection/
│ │
│ └── styles/
│
├── prisma/
├── public/
├── package.json
└── README.mdgit clone https://github.com/Juhamim/threathunder-production.git
cd threathunder-productionnpm installGEMINI_API_KEY=
NEXTAUTH_URL=
NEXTAUTH_SECRET=
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
DATABASE_URL=
GITHUB_TOKEN=npm run devOpen:
http://localhost:3000npm run buildImport the repository into Vercel and add all environment variables.
ThreatHunter is fully optimized for:
- Vercel
- PostgreSQL
- Neon Database
- Supabase
- Cloudflare R2
- Google Gemini API
Landing Page Screenshot
Dashboard Screenshot
Log Analysis Screenshot
GitHub Scanner Screenshot
Incident Reports ScreenshotMonitor and investigate threats in real time.
Analyze attack traces and identify security weaknesses.
Explore attack patterns and incident trends.
Learn SOC workflows and threat analysis.
Monitor applications without purchasing expensive SIEM platforms.
- AI SOC Agent
- Autonomous Incident Response
- Malware Detection
- YARA Rules Engine
- Sigma Rules Integration
- Threat Intelligence Feeds
- SIEM Connectors
- Splunk Integration
- ELK Stack Integration
- Multi-Tenant Organizations
- Team Collaboration
- Alert Notifications
Contributions are welcome.
git checkout -b feature/amazing-feature
git commit -m "feat: add amazing feature"
git push origin feature/amazing-featureOpen a Pull Request and help improve ThreatHunter.
MIT License
This project is open-source and free to use, modify, distribute, and self-host.
Cybersecurity Engineer • Full Stack Developer • AI Builder
GitHub: https://github.com/Juhamim
Project Repository: https://github.com/Juhamim/threathunder-production
Live Application: https://threathunder-production.vercel.app