Show HN: Bloodhound – Grey-box attack-path discovery in Rust/Go/C++ binaries
michaelafam1 Tuesday, December 09, 2025
We originally set out to solve complex debugging headaches and useless alerts caused by traditional security scanners in our own projects. Static Analysis (SAST) flagged too much noise because it couldn't verify runtime context, while Dynamic Analysis (DAST) missed internal logic bugs because it treated the app like a black box.
We built a CLI tool to bridge this gap using grey box testing from a red team approach. We use internal knowledge of the codebase to guide parallel execution, allowing us to find complex or hidden logic errors and attack paths standard linters/scanners miss.
The Tech (Grey Box Graphing & Execution): - Internal Graphing (The Map): It ingests the codebase to build a dependency graph of the internal logic. - Parallel Execution (The Test): The code is then tested on parallel engines. We spin up copies of your local dev environment to exercise the codebase in thousands of ways. This is the validation that proves a bug is real. - Logic Error Detection: Because It understands the intended architecture (the graph) and sees the actual behavior (execution), we can flag Logic Errors, (ex. race conditions, state inconsistencies, memory leaks etc). - Tainted Flow Mapping: We map tainted control flow over the dependency graph. This highlights exactly how external input threads through your logic to trigger a vulnerability. It then spins up a local instance to replay this flow and confirm the exploit.
How it runs: It runs locally via CLI to maintain privacy with secure repos and ease. Generates remediation via MD reports pinpointing the line of the error and downstream effects.
The Trade-off: This approach trades power for speed and deep testing. This testing engine is recommended for more sophisticated systems.
Try it out: We are currently opening our beta VS extension for early users.
Optimized for (Rust, C++, Go, Java) and IaC (Terraform, Docker, K8s). Also supports Python, TS/JS, C#, PHP, and (20+ other languages).
P.S. We are happy to run this ourselves on repos. If you maintain a complex project and want to see if our engine can find logic or security holes, drop a link or reach out via the comments/site and we’ll do it and send the results.