alt text

VDiscover makes large-scale vulnerability discovery possible
using state-of-the-art Machine Learning techniques.


With sustained growth of software complexity, finding security vulnerabilities in operating systems has become an important necessity. Very well known vulnerability detection techniques like static analysis, symbolic execution or fuzzing are very costly to be used in a large amount of test cases.

That is why we present a predictive approach to vulnerability discovery that:

  • Uses lightweight feature extraction to be scalable.
  • Is fully automatic and adaptive to be trained using different vulnerability detection techniques.
  • Works directly on test cases without source code.
  • It is open-source.

Given a vulnerability discovery procedure and a large amount of test cases to analyze,

alt text

VDiscover is trained to predict the result of a costly analysis extracting different sets of features. This procedure was designed to be fully automatic and very lightweight. Features are directly extracted from executable files without the source code using lightweight dynamic or static analysis.

alt text

Later, our tool can predict the outcome of the vulnerability discover procedure previously used.

alt text

For further details, a technical report is available as well as an open-source prototype.


VDiscover is open-source, you can test it here:

git clone
cd VDiscover
python install --user

A practical example of VDiscover:

(Sort of) documentation is available:


VDiscover was researched and developed by:

For general enquiries and feedback, contact us here.