#Hermes Security — Autonomous Vulnerability Scanner

🎬 https://youtu.be/SeVbVc8kos4
🌐 https://hermes-intel.duckdns.org
📎 https://github.com/cemsid/hermes-security
🐦 https://x.com/EsedovCemsid/status/2033075343490433422

A quick note: the voiceover in the demo video was generated using AI text-to-speech. I added it without any cuts or edits. My English is not very good — I barely speak it. If the voice sounds unnatural or unclear at any point, I apologize for that. I did my best.

Hermes runs on a $10 server credit. Sometimes the API may be slow or return errors due to load. If you're testing with a higher-tier API (Claude, GPT-4, Gemini), scan speeds will be significantly better. Thank you for the credit that made this possible.

🛡️ HERMES SECURITY — Autonomous Vulnerability Scanner

Powered by Hermes-4-405B · Nous Research Hackathon 2025

My family was going through financial difficulties. When I saw this hackathon, I thought — maybe I can do something. Did I join for the money? Yes, I'll be honest. But I also genuinely saw a problem and wanted to solve it.

Site owners have no idea how exposed their websites are. Security audits are either too expensive or too technical. Why can't everyone learn about the security of their own site? That question is what built Hermes.

⚕️ What Hermes Does

Hermes-4-405B is active at every step — not just showing results, but reasoning, learning, and writing fixes.

🔍 Full Scan — Real nmap port scan + SSL check + HTTP header analysis + DNS change detection + defacement detection + Google blacklist — unified Security Score 0 to 100

🔬 38 Security Tests — SSL, HTTPS redirect, CSP, XSS, SQL injection, admin panel exposure, CORS, CSRF, CVE lookup — automated, no setup required

⚡ Multi-Scan — 3 domains scanned simultaneously in parallel threads, each with its own nmap + AI analysis

🤖 Autonomous Issue Hunter — Connects to GitHub repo, claims open issues, writes fixes, simulates CI, posts PR comments. Fully autonomous.

⏰ Nightly Cron — Fires every night at 02:00 UTC, sends Telegram report to your phone

📡 Domain Intel — Subdomain discovery via crt.sh, DNS via Google DoH, SSL cert details, AI risk assessment

📄 ArXiv Integration — Every vulnerability linked to real academic papers from arXiv cs.CR

🗺️ Excalidraw Diagram — Full attack surface diagram, exportable as .excalidraw or .svg

💎 Wallet Guard — On-chain Ethereum wallet risk analysis

✈️ Telegram Bot — /scan, /findings, /domainintel, /arxiv + natural language chat

🏗️ Stack: Python / Flask / nmap / Hermes-4-405B / Ubuntu 24 / nginx
Security should be accessible to everyone. Hermes makes that possible.

🌑 Dark Web Monitor — Checks HaveIBeenPwned database for domain breaches, exposed accounts analysis powered by Hermes AI (added)

📡 CVE Live Ticker — Real-time scrolling feed of critical CVEs at the bottom of the dashboard (added)

Love this idea, super cool 🙂