Add VulnHawk - AI-powered code security scanner#199
Add VulnHawk - AI-powered code security scanner#199momenbasel wants to merge 1 commit intoHack-with-Github:masterfrom
Conversation
VulnHawk is an open-source (MIT), AI-powered static code security scanner that detects business logic vulnerabilities traditional SAST tools miss - missing auth checks, IDOR, logic flaws. Supports Python, JavaScript, TypeScript, and Go with CLI, GitHub Action, and SARIF output. Source: https://github.com/momenbasel/vulnhawk
There was a problem hiding this comment.
Pull request overview
Adds a new security tool repository link (VulnHawk) to the “Other Useful Repositories” section of the README to expand the curated resource list.
Changes:
- Add VulnHawk repository entry with a description of its SAST/LLM-focused capabilities.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| [ThreatHunter-Playbook](https://github.com/Cyb3rWard0g/ThreatHunter-Playbook) | A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns | ||
| [Web Security](https://github.com/qazbnm456/awesome-web-security) | Curated list of Web Security materials and resources | ||
| [Vulhub](https://github.com/vulhub/vulhub) | Pre-Built Vulnerable Environments Based on Docker-Compose | ||
| [VulnHawk](https://github.com/momenbasel/vulnhawk) | AI-powered static code security scanner that detects business logic flaws, missing auth checks, and IDOR vulnerabilities that traditional SAST tools miss. Supports Python, JavaScript, TypeScript, and Go with CLI, GitHub Action, and SARIF output. |
There was a problem hiding this comment.
The list in this section is intended to be alphabetical (per contributing.md), but with this addition the ordering around these entries is not alphabetical: Web Security (W) currently appears before Vulhub/VulnHawk (V). Consider moving Web Security after the V entries to keep the list sorted.
| [ThreatHunter-Playbook](https://github.com/Cyb3rWard0g/ThreatHunter-Playbook) | A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns | ||
| [Web Security](https://github.com/qazbnm456/awesome-web-security) | Curated list of Web Security materials and resources | ||
| [Vulhub](https://github.com/vulhub/vulhub) | Pre-Built Vulnerable Environments Based on Docker-Compose | ||
| [VulnHawk](https://github.com/momenbasel/vulnhawk) | AI-powered static code security scanner that detects business logic flaws, missing auth checks, and IDOR vulnerabilities that traditional SAST tools miss. Supports Python, JavaScript, TypeScript, and Go with CLI, GitHub Action, and SARIF output. |
There was a problem hiding this comment.
The phrase "missing auth checks" is ambiguous (could read as authentication rather than authorization). Since the rest of the sentence mentions authorization/IDOR-style issues, consider changing this to "missing authorization checks" for clarity.
Summary
Placed alphabetically after Vulhub per contribution guidelines.